Trojaner-Board - Trojaner "System Check"

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner "System Check" - letzte Schritte? (https://www.trojaner-board.de/110688-trojaner-system-check-letzte-schritte.html)

Trojaner "System Check" - letzte Schritte?

Hallo,

ich habe/hatte den Trojaner "System Check" auf dem Rechner. Nun habe ich zunächst Malwarebytes Anti-Malwere laufen lassen und dann noch den ESET-Online Scanner.

Die Funde habe ich jeweils im Log (s.u.) und entfernt.

Leider ist mein Desktop immer noch schwarz, Starmenü leer usw. Was tun?

Vielen DANk für Eure Hilfe!

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Vielen Dank, Arne, für die schnelle Reaktion.
Ich habe alles gemäß deinen Vorgaben ausgeführt. Beigefügt habe ich OTL.txt:vOTL Logfile:

Code:

OTL logfile created on: 02.03.2012 10:59:20 - Run 1

OTL by OldTimer - Version 3.2.34.0     Folder = C:\Users\mn\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,15% Memory free

6,69 Gb Paging File | 5,42 Gb Available in Paging File | 81,02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 576,17 Gb Total Space | 405,66 Gb Free Space | 70,41% Space Free | Partition Type: NTFS

Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32

 

Computer Name: MN-PC | User Name: mn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.08 12:47:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.08 12:47:36 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.06.28 06:29:17 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011.03.29 11:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2011.03.29 11:54:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2011.01.19 11:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2009.04.09 11:38:00 | 000,053,248 | ---- | M] () -- C:\Windows\System32\SearchRequire.dll

MOD - [2009.03.22 19:47:06 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

MOD - [2009.02.06 19:37:44 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll

MOD - [2009.02.06 19:37:42 | 000,236,544 | ---- | M] () -- C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll

MOD - [2008.12.01 21:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2008.10.13 23:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.07.27 19:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2008.07.27 19:03:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010.03.09 08:08:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009.11.11 22:43:52 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.12.10 22:21:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)

DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)

DRV - [2008.05.02 09:58:28 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.02 09:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.02 09:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.02 09:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)

DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2007.07.16 16:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

 

 

IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found

IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de

IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2008.7.7

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 12:47:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.28 19:19:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.28 18:15:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions

[2010.10.21 21:13:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.05.08 12:32:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions

[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.01.08 12:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}

[2009.02.06 19:37:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}

[2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}

[2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2012.01.08 12:47:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.09 15:07:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.09 15:07:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.09 15:07:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.09 15:07:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.09 15:07:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.09 15:07:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)

O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)

O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000..\Run: [AdobeBridge]  File not found

O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17D723FB-EEA3-4269-8B3D-0C0D51F27767}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\mn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun

O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe

O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)

MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found

MsConfig - State: "services" - 2

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {14B6EB22-8A6C-6CF8-8D2D-C183D07264DD} - Microsoft VM

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.02 10:57:49 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe

[2012.03.01 12:15:40 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Malwarebytes

[2012.03.01 12:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.01 12:15:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes

[2012.03.01 12:14:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.01 12:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.01 11:52:15 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\Simply Super Software

[2012.03.01 11:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover

[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Trojan Remover

[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Simply Super Software

[2012.03.01 11:51:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Simply Super Software

[2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012.02.08 19:20:21 | 000,000,000 | -H-D | C] -- C:\Users\mn\Documents\FAU

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2012.03.02 10:57:51 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\mn\Desktop\OTL.exe

[2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.02 10:53:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.02 10:53:48 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.02 10:53:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.02 10:53:39 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys

[2012.03.01 21:33:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\MT66 Software Update.job

[2012.03.01 18:47:48 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.01 18:47:47 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.01 18:47:47 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.01 18:47:47 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.01 12:15:05 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1

[2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1

[2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r

[2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk

[2012.02.27 17:48:26 | 000,017,408 | -H-- | M] () -- C:\Users\mn\AppData\Local\WebpageIcons.db

[2012.02.23 21:09:01 | 000,016,896 | -H-- | M] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps

[2012.02.23 21:09:01 | 000,015,872 | -H-- | M] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.01 12:15:05 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.01 11:51:57 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2012.03.01 11:51:57 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2012.03.01 11:51:55 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2012.03.01 11:51:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll

[2012.03.01 11:43:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1r

[2012.03.01 11:43:10 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~XIvJR4QXlBU1q1

[2012.03.01 11:26:07 | 000,000,609 | -H-- | C] () -- C:\Users\mn\Desktop\System Check.lnk

[2012.03.01 11:26:05 | 000,000,464 | -H-- | C] () -- C:\ProgramData\XIvJR4QXlBU1q1

[2012.02.23 21:09:01 | 000,016,896 | -H-- | C] () -- C:\Users\mn\Desktop\Bewerbung Matthias Kirchner.wps

[2012.02.23 21:09:01 | 000,015,872 | -H-- | C] () -- C:\Users\mn\Desktop\Matthias Kirchner Lebenslauf.wps

[2011.05.11 18:41:00 | 000,000,680 | -H-- | C] () -- C:\Users\mn\AppData\Local\d3d9caps.dat

[2010.03.08 19:51:38 | 000,017,408 | -H-- | C] () -- C:\Users\mn\AppData\Local\WebpageIcons.db

 
 ========== LOP Check ==========

 

[2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich

[2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager

[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator

[2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0

[2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ

[2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org

[2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software

[2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird

[2012.03.01 21:15:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\MT66 Software Update.job

[2012.03.01 21:53:23 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.03.02 11:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2009.02.06 19:51:29 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Academic Software Zurich

[2010.04.13 12:17:02 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Adobe

[2009.03.04 00:40:15 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\AdobeAUM

[2009.07.23 17:10:08 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Arbeitsblatt-Manager

[2009.02.06 18:50:41 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ATI

[2009.02.22 20:19:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Corel

[2009.05.22 19:53:12 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\CyberLink

[2012.02.28 17:07:14 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\dvdcss

[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\DVDVideoSoftIEHelpers

[2009.03.25 12:12:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\FontCreator

[2009.02.06 20:44:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Google

[2010.11.16 08:24:05 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\gtk-2.0

[2009.05.12 15:46:48 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\HP

[2009.02.15 19:29:01 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\ICQ

[2009.02.06 18:50:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Identities

[2009.02.06 18:49:51 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Macromedia

[2012.03.01 12:15:40 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Media Center Programs

[2010.04.28 16:10:21 | 000,000,000 | --SD | M] -- C:\Users\mn\AppData\Roaming\Microsoft

[2009.02.09 19:33:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Mozilla

[2009.07.06 10:02:18 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Nero

[2009.02.17 15:09:57 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\OpenOffice.org

[2012.03.01 11:51:49 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Simply Super Software

[2009.06.24 21:03:56 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Skype

[2009.08.26 07:41:21 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\skypePM

[2009.02.09 19:33:28 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Talkback

[2010.10.21 21:13:16 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\Thunderbird

[2009.02.19 18:37:47 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\vlc

[2009.03.04 14:36:25 | 000,000,000 | -H-D | M] -- C:\Users\mn\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2009.03.25 12:12:01 | 006,625,744 | -H-- | M] (High-Logic                                                  ) -- C:\Users\mn\AppData\Roaming\FontCreator\FontCreatorSetup.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: AHCIX86S.SYS  >

[2008.10.03 17:08:52 | 000,183,312 | -H-- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys

[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys

[2007.11.01 20:31:44 | 000,122,880 | -H-- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.04.09 11:38:00 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\system32\Interop.SHDocVw.dll

[2009.04.09 11:38:00 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\SearchRequire.dll

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI

IE - HKU\S-1-5-21-3062977728-15237228-2241844802-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found

IE - HKU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de

IE - HKU\..\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

[2010.05.17 20:17:54 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.12.05 21:15:28 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}

[2009.02.18 15:18:57 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}

[2009.02.18 15:18:58 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com

[2009.09.02 18:44:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O2 - BHO: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)

O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O3 - HKLM\..\Toolbar: (Recorder Toolbar) - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll (MedienTeam66)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell - "" = AutoRun

O33 - MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\Shell\AutoRun\command - "" = I:\CD_Start.exe

O33 - MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\Shell\AutoRun\command - "" = I:\menu.exe

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\CD_Start.exe

[2012.03.01 11:26:07 | 000,000,000 | -H-D | C] -- C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012.03.01 12:14:39 | 000,000,464 | -H-- | M] () -- C:\ProgramData\XIvJR4QXlBU1q1

[2012.03.01 12:13:45 | 000,000,304 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1

[2012.03.01 12:13:45 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~XIvJR4QXlBU1q1r

[2012.03.01 11:26:07 | 000,000,609 | -H-- | M] () -- C:\Users\mn\Desktop\System Check.lnk

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Habe alles wie beschrieben durchgeführt. Hier das Log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3062977728-15237228-2241844802-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3062977728-15237228-2241844802-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Unable to set value : HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\Software\Microsoft\Internet Explorer\SearchScopes\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5ADD211-7221-4A9B-B314-E2BADA849BB3}\ not found.
C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mn\AppData\Roaming\mozilla\Firefox\Profiles\43puv1li.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\images folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content\images folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults\preferences folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\defaults folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\chrome folder moved successfully.
C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ deleted successfully.
C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a194578-81ea-4850-9911-13ba2d71efbd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a194578-81ea-4850-9911-13ba2d71efbd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{120A8821-2BEE-4C29-BCDA-62C577781992} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{120A8821-2BEE-4C29-BCDA-62C577781992}\ not found.
File C:\Programme\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e0b6a6-433d-11e0-baee-00242119886d}\ not found.
File I:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{739529f7-f475-11dd-a217-00242119886d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739529f7-f475-11dd-a217-00242119886d}\ not found.
File I:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\CD_Start.exe not found.
C:\Users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\XIvJR4QXlBU1q1 moved successfully.
C:\ProgramData\~XIvJR4QXlBU1q1 moved successfully.
C:\ProgramData\~XIvJR4QXlBU1q1r moved successfully.
C:\Users\mn\Desktop\System Check.lnk moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: mn
->Temp folder emptied: 1734214825 bytes
->Temporary Internet Files folder emptied: 34605194 bytes
->Java cache emptied: 36457175 bytes
->FireFox cache emptied: 89636239 bytes
->Flash cache emptied: 33760 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 771424 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163974680 bytes
RecycleBin emptied: 1823045089 bytes

Total Files Cleaned = 3.703,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_154559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zwischenstatus: System Check is back ... Popups, Fehlermeldungen usw... ich krieg die Krise.

1. Jetzt NICHT mehr "wild" rumsurfen bis wir durch sind!
2. Mach bitte neue Vollscans mit Malwarebytes und ESET!

Guten Morgen.
In Ordnung. Ich werde mich daran halten.

habe beide Scans durchgeführt. Unten die Logs von Malwarebytes, ESET hat nichts mehr gefunden (kam deswegen kein Log davon?).

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

 

14:16:56.0817 2464        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39

14:16:56.0963 2464        ============================================================

14:16:56.0963 2464        Current date / time: 2012/03/05 14:16:56.0963

14:16:56.0963 2464        SystemInfo:

14:16:56.0963 2464        

14:16:56.0963 2464        OS Version: 6.0.6001 ServicePack: 1.0

14:16:56.0963 2464        Product type: Workstation

14:16:56.0963 2464        ComputerName: MN-PC

14:16:56.0963 2464        UserName: mn

14:16:56.0963 2464        Windows directory: C:\Windows

14:16:56.0963 2464        System windows directory: C:\Windows

14:16:56.0963 2464        Processor architecture: Intel x86

14:16:56.0964 2464        Number of processors: 2

14:16:56.0964 2464        Page size: 0x1000

14:16:56.0964 2464        Boot type: Normal boot

14:16:56.0964 2464        ============================================================

14:16:58.0501 2464        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:16:58.0530 2464        \Device\Harddisk0\DR0:

14:16:58.0530 2464        MBR used

14:16:58.0530 2464        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48054800

14:16:58.0573 2464        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x4805503F, BlocksNum 0x2801E82

14:16:58.0674 2464        Initialize success

14:16:58.0674 2464        ============================================================

14:17:57.0586 3832        ============================================================

14:17:57.0586 3832        Scan started

14:17:57.0586 3832        Mode: Manual; SigCheck; TDLFS; 

14:17:57.0586 3832        ============================================================

14:17:58.0080 3832        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

14:17:58.0217 3832        ACPI - ok

14:17:58.0289 3832        adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys

14:17:58.0301 3832        adfs - ok

14:17:58.0345 3832        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:17:58.0384 3832        adp94xx - ok

14:17:58.0414 3832        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:17:58.0433 3832        adpahci - ok

14:17:58.0463 3832        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:17:58.0477 3832        adpu160m - ok

14:17:58.0516 3832        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:17:58.0550 3832        adpu320 - ok

14:17:58.0610 3832        AFD             (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

14:17:58.0677 3832        AFD - ok

14:17:58.0710 3832        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:17:58.0722 3832        agp440 - ok

14:17:58.0780 3832        ahcix86s        (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys

14:17:58.0850 3832        ahcix86s - ok

14:17:58.0864 3832        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:17:58.0878 3832        aic78xx - ok

14:17:58.0900 3832        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:17:58.0911 3832        aliide - ok

14:17:58.0926 3832        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:17:58.0938 3832        amdagp - ok

14:17:58.0987 3832        amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys

14:17:58.0995 3832        amdide - ok

14:17:59.0010 3832        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:17:59.0104 3832        AmdK7 - ok

14:17:59.0125 3832        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

14:17:59.0168 3832        AmdK8 - ok

14:17:59.0227 3832        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:17:59.0235 3832        arc - ok

14:17:59.0262 3832        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:17:59.0275 3832        arcsas - ok

14:17:59.0322 3832        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:17:59.0374 3832        AsyncMac - ok

14:17:59.0408 3832        atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

14:17:59.0419 3832        atapi - ok

14:17:59.0592 3832        atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys

14:17:59.0891 3832        atikmdag - ok

14:17:59.0916 3832        AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys

14:17:59.0925 3832        AtiPcie - ok

14:18:00.0015 3832        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

14:18:00.0024 3832        avgio - ok

14:18:00.0071 3832        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

14:18:00.0091 3832        avgntflt - ok

14:18:00.0132 3832        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys

14:18:00.0141 3832        avipbb - ok

14:18:00.0188 3832        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:18:00.0257 3832        Beep - ok

14:18:00.0313 3832        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:18:00.0358 3832        blbdrive - ok

14:18:00.0416 3832        bowser          (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

14:18:00.0474 3832        bowser - ok

14:18:00.0507 3832        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:18:00.0614 3832        BrFiltLo - ok

14:18:00.0630 3832        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:18:00.0690 3832        BrFiltUp - ok

14:18:00.0735 3832        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:18:00.0907 3832        Brserid - ok

14:18:00.0973 3832        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:18:01.0072 3832        BrSerWdm - ok

14:18:01.0140 3832        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:18:01.0231 3832        BrUsbMdm - ok

14:18:01.0272 3832        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:18:01.0355 3832        BrUsbSer - ok

14:18:01.0394 3832        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:18:01.0477 3832        BTHMODEM - ok

14:18:01.0529 3832        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:18:01.0577 3832        cdfs - ok

14:18:01.0598 3832        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

14:18:01.0633 3832        cdrom - ok

14:18:01.0659 3832        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

14:18:01.0708 3832        circlass - ok

14:18:01.0759 3832        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

14:18:01.0777 3832        CLFS - ok

14:18:01.0860 3832        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:18:01.0890 3832        cmdide - ok

14:18:01.0910 3832        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

14:18:01.0935 3832        Compbatt - ok

14:18:01.0957 3832        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:18:01.0970 3832        crcdisk - ok

14:18:01.0991 3832        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:18:02.0035 3832        Crusoe - ok

14:18:02.0136 3832        DfsC            (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

14:18:02.0171 3832        DfsC - ok

14:18:02.0218 3832        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

14:18:02.0224 3832        disk - ok

14:18:02.0271 3832        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:18:02.0298 3832        drmkaud - ok

14:18:02.0341 3832        DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

14:18:02.0426 3832        DXGKrnl - ok

14:18:02.0468 3832        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:18:02.0524 3832        E1G60 - ok

14:18:02.0547 3832        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

14:18:02.0561 3832        Ecache - ok

14:18:02.0678 3832        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:18:02.0700 3832        elxstor - ok

14:18:02.0776 3832        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:18:02.0835 3832        ErrDev - ok

14:18:02.0881 3832        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

14:18:02.0934 3832        exfat - ok

14:18:02.0945 3832        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

14:18:03.0015 3832        fastfat - ok

14:18:03.0044 3832        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:18:03.0089 3832        fdc - ok

14:18:03.0118 3832        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:18:03.0130 3832        FileInfo - ok

14:18:03.0151 3832        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:18:03.0196 3832        Filetrace - ok

14:18:03.0223 3832        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:18:03.0262 3832        flpydisk - ok

14:18:03.0292 3832        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

14:18:03.0307 3832        FltMgr - ok

14:18:03.0325 3832        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:18:03.0358 3832        Fs_Rec - ok

14:18:03.0376 3832        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:18:03.0383 3832        gagp30kx - ok

14:18:03.0450 3832        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:18:03.0503 3832        HdAudAddService - ok

14:18:03.0541 3832        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:18:03.0593 3832        HDAudBus - ok

14:18:03.0626 3832        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:18:03.0704 3832        HidBth - ok

14:18:03.0745 3832        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:18:03.0792 3832        HidIr - ok

14:18:03.0840 3832        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

14:18:03.0877 3832        HidUsb - ok

14:18:03.0902 3832        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:18:03.0911 3832        HpCISSs - ok

14:18:03.0952 3832        HPFXBULK        (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys

14:18:03.0961 3832        HPFXBULK - ok

14:18:04.0019 3832        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

14:18:04.0118 3832        HTTP - ok

14:18:04.0161 3832        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:18:04.0181 3832        i2omp - ok

14:18:04.0214 3832        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:18:04.0240 3832        i8042prt - ok

14:18:04.0269 3832        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:18:04.0286 3832        iaStorV - ok

14:18:04.0306 3832        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:18:04.0318 3832        iirsp - ok

14:18:04.0424 3832        IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys

14:18:04.0580 3832        IntcAzAudAddService - ok

14:18:04.0611 3832        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:18:04.0623 3832        intelide - ok

14:18:04.0635 3832        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:18:04.0677 3832        intelppm - ok

14:18:04.0713 3832        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:18:04.0756 3832        IpFilterDriver - ok

14:18:04.0769 3832        IpInIp - ok

14:18:04.0797 3832        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:18:04.0831 3832        IPMIDRV - ok

14:18:04.0862 3832        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:18:04.0900 3832        IPNAT - ok

14:18:04.0920 3832        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:18:04.0974 3832        IRENUM - ok

14:18:04.0998 3832        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:18:05.0021 3832        isapnp - ok

14:18:05.0075 3832        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

14:18:05.0089 3832        iScsiPrt - ok

14:18:05.0110 3832        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:18:05.0121 3832        iteatapi - ok

14:18:05.0167 3832        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:18:05.0179 3832        iteraid - ok

14:18:05.0226 3832        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:18:05.0242 3832        kbdclass - ok

14:18:05.0259 3832        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

14:18:05.0304 3832        kbdhid - ok

14:18:05.0341 3832        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

14:18:05.0371 3832        KSecDD - ok

14:18:05.0405 3832        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:18:05.0438 3832        lltdio - ok

14:18:05.0518 3832        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:18:05.0531 3832        LSI_FC - ok

14:18:05.0585 3832        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:18:05.0609 3832        LSI_SAS - ok

14:18:05.0627 3832        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:18:05.0641 3832        LSI_SCSI - ok

14:18:05.0667 3832        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:18:05.0717 3832        luafv - ok

14:18:05.0765 3832        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

14:18:05.0774 3832        MBAMProtector - ok

14:18:05.0824 3832        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:18:05.0835 3832        megasas - ok

14:18:05.0880 3832        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:18:05.0903 3832        MegaSR - ok

14:18:05.0933 3832        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:18:05.0985 3832        Modem - ok

14:18:06.0028 3832        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:18:06.0077 3832        monitor - ok

14:18:06.0104 3832        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:18:06.0115 3832        mouclass - ok

14:18:06.0124 3832        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:18:06.0185 3832        mouhid - ok

14:18:06.0207 3832        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:18:06.0219 3832        MountMgr - ok

14:18:06.0243 3832        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:18:06.0255 3832        mpio - ok

14:18:06.0274 3832        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:18:06.0309 3832        mpsdrv - ok

14:18:06.0363 3832        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:18:06.0374 3832        Mraid35x - ok

14:18:06.0384 3832        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

14:18:06.0456 3832        MRxDAV - ok

14:18:06.0508 3832        mrxsmb          (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:18:06.0554 3832        mrxsmb - ok

14:18:06.0603 3832        mrxsmb10        (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:18:06.0635 3832        mrxsmb10 - ok

14:18:06.0644 3832        mrxsmb20        (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:18:06.0682 3832        mrxsmb20 - ok

14:18:06.0709 3832        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

14:18:06.0727 3832        msahci - ok

14:18:06.0765 3832        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:18:06.0777 3832        msdsm - ok

14:18:06.0813 3832        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:18:06.0859 3832        Msfs - ok

14:18:06.0907 3832        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:18:06.0918 3832        msisadrv - ok

14:18:06.0950 3832        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:18:06.0998 3832        MSKSSRV - ok

14:18:07.0026 3832        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:18:07.0059 3832        MSPCLOCK - ok

14:18:07.0106 3832        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:18:07.0155 3832        MSPQM - ok

14:18:07.0211 3832        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

14:18:07.0226 3832        MsRPC - ok

14:18:07.0264 3832        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:18:07.0286 3832        mssmbios - ok

14:18:07.0308 3832        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:18:07.0360 3832        MSTEE - ok

14:18:07.0369 3832        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

14:18:07.0381 3832        Mup - ok

14:18:07.0424 3832        NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

14:18:07.0469 3832        NativeWifiP - ok

14:18:07.0516 3832        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

14:18:07.0557 3832        NDIS - ok

14:18:07.0566 3832        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:18:07.0603 3832        NdisTapi - ok

14:18:07.0621 3832        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:18:07.0646 3832        Ndisuio - ok

14:18:07.0678 3832        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

14:18:07.0714 3832        NdisWan - ok

14:18:07.0726 3832        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:18:07.0760 3832        NDProxy - ok

14:18:07.0830 3832        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:18:07.0872 3832        NetBIOS - ok

14:18:07.0922 3832        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

14:18:07.0968 3832        netbt - ok

14:18:08.0032 3832        netr28u         (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys

14:18:08.0116 3832        netr28u - ok

14:18:08.0162 3832        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:18:08.0180 3832        nfrd960 - ok

14:18:08.0233 3832        nmwcd           (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys

14:18:08.0299 3832        nmwcd - ok

14:18:08.0329 3832        nmwcdc          (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys

14:18:08.0367 3832        nmwcdc - ok

14:18:08.0391 3832        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

14:18:08.0457 3832        Npfs - ok

14:18:08.0482 3832        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:18:08.0532 3832        nsiproxy - ok

14:18:08.0595 3832        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

14:18:08.0689 3832        Ntfs - ok

14:18:08.0722 3832        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:18:08.0802 3832        ntrigdigi - ok

14:18:08.0830 3832        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:18:08.0878 3832        Null - ok

14:18:08.0906 3832        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:18:08.0942 3832        nvraid - ok

14:18:08.0966 3832        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:18:08.0978 3832        nvstor - ok

14:18:09.0000 3832        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:18:09.0014 3832        nv_agp - ok

14:18:09.0022 3832        NwlnkFlt - ok

14:18:09.0035 3832        NwlnkFwd - ok

14:18:09.0096 3832        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

14:18:09.0139 3832        ohci1394 - ok

14:18:09.0183 3832        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:18:09.0260 3832        Parport - ok

14:18:09.0294 3832        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

14:18:09.0306 3832        partmgr - ok

14:18:09.0346 3832        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:18:09.0422 3832        Parvdm - ok

14:18:09.0464 3832        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

14:18:09.0477 3832        pci - ok

14:18:09.0502 3832        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

14:18:09.0513 3832        pciide - ok

14:18:09.0550 3832        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:18:09.0564 3832        pcmcia - ok

14:18:09.0617 3832        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:18:09.0733 3832        PEAUTH - ok

14:18:09.0779 3832        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:18:09.0801 3832        PptpMiniport - ok

14:18:09.0834 3832        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

14:18:09.0872 3832        Processor - ok

14:18:09.0924 3832        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

14:18:09.0962 3832        PSched - ok

14:18:09.0995 3832        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

14:18:10.0005 3832        PxHelp20 - ok

14:18:10.0072 3832        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:18:10.0156 3832        ql2300 - ok

14:18:10.0186 3832        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:18:10.0198 3832        ql40xx - ok

14:18:10.0243 3832        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:18:10.0274 3832        QWAVEdrv - ok

14:18:10.0292 3832        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:18:10.0326 3832        RasAcd - ok

14:18:10.0363 3832        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:18:10.0399 3832        Rasl2tp - ok

14:18:10.0423 3832        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

14:18:10.0457 3832        RasPppoe - ok

14:18:10.0466 3832        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

14:18:10.0503 3832        RasSstp - ok

14:18:10.0529 3832        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

14:18:10.0584 3832        rdbss - ok

14:18:10.0594 3832        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:18:10.0649 3832        RDPCDD - ok

14:18:10.0675 3832        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:18:10.0714 3832        rdpdr - ok

14:18:10.0725 3832        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:18:10.0789 3832        RDPENCDD - ok

14:18:10.0866 3832        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

14:18:10.0904 3832        RDPWD - ok

14:18:10.0959 3832        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:18:10.0994 3832        rspndr - ok

14:18:11.0021 3832        RTHDMIAzAudService (d85da4371af61359edfca4ea06619dd4) C:\Windows\system32\drivers\RtHDMIV.sys

14:18:11.0034 3832        RTHDMIAzAudService - ok

14:18:11.0073 3832        RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys

14:18:11.0120 3832        RTL8169 - ok

14:18:11.0149 3832        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:18:11.0174 3832        sbp2port - ok

14:18:11.0202 3832        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:18:11.0295 3832        secdrv - ok

14:18:11.0327 3832        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

14:18:11.0361 3832        Serenum - ok

14:18:11.0390 3832        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

14:18:11.0434 3832        Serial - ok

14:18:11.0451 3832        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:18:11.0508 3832        sermouse - ok

14:18:11.0565 3832        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

14:18:11.0589 3832        sffdisk - ok

14:18:11.0616 3832        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

14:18:11.0656 3832        sffp_mmc - ok

14:18:11.0678 3832        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

14:18:11.0751 3832        sffp_sd - ok

14:18:11.0789 3832        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:18:11.0860 3832        sfloppy - ok

14:18:11.0918 3832        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:18:11.0930 3832        sisagp - ok

14:18:11.0971 3832        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:18:12.0000 3832        SiSRaid2 - ok

14:18:12.0021 3832        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:18:12.0034 3832        SiSRaid4 - ok

14:18:12.0061 3832        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

14:18:12.0111 3832        Smb - ok

14:18:12.0181 3832        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:18:12.0192 3832        spldr - ok

14:18:12.0249 3832        srv             (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

14:18:12.0303 3832        srv - ok

14:18:12.0355 3832        srv2            (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

14:18:12.0435 3832        srv2 - ok

14:18:12.0488 3832        srvnet          (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

14:18:12.0529 3832        srvnet - ok

14:18:12.0628 3832        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:18:12.0636 3832        ssmdrv - ok

14:18:12.0713 3832        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:18:12.0724 3832        swenum - ok

14:18:12.0744 3832        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:18:12.0756 3832        Symc8xx - ok

14:18:12.0777 3832        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:18:12.0788 3832        Sym_hi - ok

14:18:12.0816 3832        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:18:12.0827 3832        Sym_u3 - ok

14:18:12.0923 3832        Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

14:18:12.0975 3832        Tcpip - ok

14:18:13.0044 3832        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

14:18:13.0082 3832        Tcpip6 - ok

14:18:13.0129 3832        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

14:18:13.0177 3832        tcpipreg - ok

14:18:13.0200 3832        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:18:13.0234 3832        TDPIPE - ok

14:18:13.0272 3832        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:18:13.0306 3832        TDTCP - ok

14:18:13.0338 3832        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

14:18:13.0383 3832        tdx - ok

14:18:13.0409 3832        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

14:18:13.0427 3832        TermDD - ok

14:18:13.0487 3832        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:18:13.0528 3832        tssecsrv - ok

14:18:13.0568 3832        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:18:13.0596 3832        tunmp - ok

14:18:13.0636 3832        tunnel          (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

14:18:13.0662 3832        tunnel - ok

14:18:13.0688 3832        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:18:13.0700 3832        uagp35 - ok

14:18:13.0747 3832        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

14:18:13.0786 3832        udfs - ok

14:18:13.0841 3832        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:18:13.0853 3832        uliagpkx - ok

14:18:13.0911 3832        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:18:13.0930 3832        uliahci - ok

14:18:13.0976 3832        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:18:13.0990 3832        UlSata - ok

14:18:14.0034 3832        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:18:14.0071 3832        ulsata2 - ok

14:18:14.0086 3832        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:18:14.0120 3832        umbus - ok

14:18:14.0164 3832        upperdev        (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

14:18:14.0196 3832        upperdev - ok

14:18:14.0239 3832        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:18:14.0278 3832        usbccgp - ok

14:18:14.0306 3832        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:18:14.0388 3832        usbcir - ok

14:18:14.0413 3832        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

14:18:14.0461 3832        usbehci - ok

14:18:14.0497 3832        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

14:18:14.0560 3832        usbhub - ok

14:18:14.0591 3832        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

14:18:14.0643 3832        usbohci - ok

14:18:14.0680 3832        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:18:14.0714 3832        usbprint - ok

14:18:14.0753 3832        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

14:18:14.0787 3832        usbscan - ok

14:18:14.0834 3832        usbser          (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys

14:18:14.0876 3832        usbser - ok

14:18:14.0911 3832        UsbserFilt      (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

14:18:14.0936 3832        UsbserFilt - ok

14:18:14.0994 3832        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:18:15.0059 3832        USBSTOR - ok

14:18:15.0087 3832        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:18:15.0112 3832        usbuhci - ok

14:18:15.0126 3832        uxddrv - ok

14:18:15.0161 3832        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:18:15.0206 3832        vga - ok

14:18:15.0227 3832        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:18:15.0277 3832        VgaSave - ok

14:18:15.0332 3832        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:18:15.0345 3832        viaagp - ok

14:18:15.0383 3832        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:18:15.0433 3832        ViaC7 - ok

14:18:15.0457 3832        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:18:15.0468 3832        viaide - ok

14:18:15.0489 3832        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:18:15.0501 3832        volmgr - ok

14:18:15.0556 3832        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

14:18:15.0608 3832        volmgrx - ok

14:18:15.0633 3832        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

14:18:15.0650 3832        volsnap - ok

14:18:15.0700 3832        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:18:15.0714 3832        vsmraid - ok

14:18:15.0756 3832        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:18:15.0818 3832        WacomPen - ok

14:18:15.0836 3832        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:18:15.0881 3832        Wanarp - ok

14:18:15.0886 3832        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:18:15.0912 3832        Wanarpv6 - ok

14:18:15.0967 3832        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:18:15.0991 3832        Wd - ok

14:18:16.0079 3832        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:18:16.0106 3832        Wdf01000 - ok

14:18:16.0192 3832        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

14:18:16.0219 3832        WmiAcpi - ok

14:18:16.0276 3832        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

14:18:16.0310 3832        WpdUsb - ok

14:18:16.0331 3832        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:18:16.0369 3832        ws2ifsl - ok

14:18:16.0413 3832        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:18:16.0446 3832        WUDFRd - ok

14:18:16.0479 3832        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:18:16.0699 3832        \Device\Harddisk0\DR0 - ok

14:18:16.0713 3832        Boot (0x1200)   (10a932c9a19cd84bca32fbb98a93dec1) \Device\Harddisk0\DR0\Partition0

14:18:16.0714 3832        \Device\Harddisk0\DR0\Partition0 - ok

14:18:16.0740 3832        Boot (0x1200)   (13e2595abc27cbebe285eb718885414d) \Device\Harddisk0\DR0\Partition1

14:18:16.0740 3832        \Device\Harddisk0\DR0\Partition1 - ok

14:18:16.0741 3832        ============================================================

14:18:16.0741 3832        Scan finished

14:18:16.0741 3832        ============================================================

14:18:16.0758 3592        Detected object count: 0

14:18:16.0758 3592        Actual detected object count: 0

Warum postest du die Log smal so, mal so? :(
Bitte immer in CODE-Tags!!

hab ich mich auch gefragt - beim ersten Mal ging's automatisch ...
Hab's jetzt geändert. Bin ich dann jetzt entgültig "clean"?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-03-04.02 - mn 05.03.2012  15:24:47.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3325.2085 [GMT 1:00]

ausgeführt von:: c:\users\mn\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\mn\AppData\Local\assembly\tmp

c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\mn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-05 bis 2012-03-05  ))))))))))))))))))))))))))))))

.

.

2012-03-05 14:29 . 2012-03-05 14:29        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-05 13:51 . 2012-03-05 13:51        56200        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\offreg.dll        ERROR(0x00000005)

2012-03-02 21:00 . 2012-03-02 21:00        --------        d-----w-        c:\program files\ESET

2012-03-02 14:45 . 2012-03-02 14:45        --------        d-----w-        C:\_OTL

2012-03-02 10:01 . 2012-02-08 06:03        6552120        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9673AAAE-BBDC-41CF-A847-551806EAB089}\mpengine.dll        ERROR(0x00000005)

2012-03-01 11:15 . 2012-03-01 11:15        --------        d-----w-        c:\users\mn\AppData\Roaming\Malwarebytes

2012-03-01 11:14 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-01 11:14 . 2012-03-01 11:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-03-01 10:51 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll

2012-03-01 10:51 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll

2012-03-01 10:51 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll

2012-03-01 10:51 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll

2012-03-01 10:51 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll

2012-03-01 10:51 . 2012-03-05 13:41        --------        d-----w-        c:\program files\Trojan Remover

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 06:03 . 2008-11-24 09:42        6552120        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)

2012-01-29 04:10 . 2009-11-11 20:23        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-08 11:47 . 2011-05-08 15:02        121816        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]

2008-10-14 09:57        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2008-12-02 16:05        1833504        ----a-w-        c:\program files\Realtek\Audio\HDA\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-08-29 16:11        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]

.

2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 12:46]

.

2012-03-02 c:\windows\Tasks\MT66 Software Update.job

- c:\program files\Common Files\MT66 Software Update\UpdateClient.exe [2011-12-05 17:44]

.

2012-03-05 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mLocal Page = 

IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\mn\AppData\Roaming\Mozilla\Firefox\Profiles\43puv1li.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-AdobeBridge - (no file)

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-03-05 15:29

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2012-03-05  15:30:46

ComboFix-quarantined-files.txt  2012-03-05 14:30

.

Vor Suchlauf: 12 Verzeichnis(se), 437.604.986.880 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 437.525.524.480 Bytes frei

.

- - End Of File - - 4216B0FF2F7DF52F4DD5FB7A7E70E5F9

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).