Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hartnäckiger Trojaner lässt sich nicht entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.11.2011, 20:19   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Hmpf ich hab was vergessen

Mach noch einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
ATTFilter
:Files
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.dll
C:\Users\Siegfried\*.dll
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.11.2011, 21:30   #17
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



OTL
Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll moved successfully.
C:\Users\Siegfried\nvload16.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Siegfried
->Temp folder emptied: 49641889 bytes
->Temporary Internet Files folder emptied: 47954739 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88386994 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1204 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 177.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11242011_211834

Files\Folders moved on Reboot...
C:\Users\Siegfried\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 21:21:27
-----------------------------
21:21:27.892    OS Version: Windows x64 6.1.7600 
21:21:27.892    Number of processors: 2 586 0x170A
21:21:27.892    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
21:21:33.150    Initialize success
21:23:43.063    AVAST engine defs: 11112400
21:23:59.864    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
21:23:59.864    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
21:24:01.892    Disk 0 MBR read successfully
21:24:01.892    Disk 0 MBR scan
21:24:01.923    Disk 0 unknown MBR code
21:24:01.923    Service scanning
21:24:09.255    Modules scanning
21:24:09.255    Disk 0 trace - called modules:
21:24:09.271    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
21:24:09.286    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfa640]
21:24:09.286    3 CLASSPNP.SYS[fffff8800194043f] -> nt!IofCallDriver -> [0xfffffa800476b520]
21:24:09.286    5 ACPI.sys[fffff88000d61781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80049f5680]
21:24:10.160    AVAST engine scan C:\Windows
21:24:14.388    AVAST engine scan C:\Windows\system32
21:25:56.880    AVAST engine scan C:\Windows\system32\drivers
21:26:14.648    AVAST engine scan C:\Users\Siegfried
21:27:01.199    File: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll  **INFECTED** Win32:MalOb-HD [Cryp]
21:27:35.628    File: C:\Users\Siegfried\nvload16.dll  **INFECTED** Win32:MalOb-HD [Cryp]
21:27:57.952    AVAST engine scan C:\ProgramData
21:29:06.186    Scan finished successfully
21:29:20.429    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
21:29:20.429    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"
         
Mh.. Scheint tatsächlich einer von der hartnäckigeren Sorte zu sein.
__________________


Alt 24.11.2011, 21:47   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Ja ist hartnäckig

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________
__________________

Alt 24.11.2011, 22:28   #19
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Ich vertraue auf deine Fähigkeiten!

MBR fixed.

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 22:19:52
-----------------------------
22:19:52.776    OS Version: Windows x64 6.1.7600 
22:19:52.776    Number of processors: 2 586 0x170A
22:19:52.776    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
22:19:56.271    Initialize success
22:20:00.670    AVAST engine defs: 11112400
22:20:06.879    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:20:06.879    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
22:20:08.907    Disk 0 MBR read successfully
22:20:08.907    Disk 0 MBR scan
22:20:08.938    Disk 0 Windows 7 default MBR code
22:20:08.938    Service scanning
22:20:14.429    Modules scanning
22:20:14.429    Disk 0 trace - called modules:
22:20:14.445    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
22:20:14.445    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfb060]
22:20:14.445    3 CLASSPNP.SYS[fffff880018aa43f] -> nt!IofCallDriver -> [0xfffffa8004766520]
22:20:14.445    5 ACPI.sys[fffff88000f7d781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004767680]
22:20:17.892    AVAST engine scan C:\Windows
22:20:22.151    AVAST engine scan C:\Windows\system32
22:22:01.835    AVAST engine scan C:\Windows\system32\drivers
22:22:13.005    AVAST engine scan C:\Users\Siegfried
22:23:01.849    File: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll  **INFECTED** Win32:MalOb-HD [Cryp]
22:23:36.808    File: C:\Users\Siegfried\nvload16.dll  **INFECTED** Win32:MalOb-HD [Cryp]
22:23:58.321    AVAST engine scan C:\ProgramData
22:25:03.794    Scan finished successfully
22:26:27.878    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
22:26:27.894    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"
         

Alt 24.11.2011, 22:31   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Der MBR ist schonmal wieder ok. Wiederhol den letzten OTL-Fix bitte nochmal.
Mach danach wieder ein neues aswMBR-Logfile.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.11.2011, 22:44   #21
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Code:
ATTFilter
All processes killed
========== FILES ==========
C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll moved successfully.
C:\Users\Siegfried\nvload16.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Siegfried
->Temp folder emptied: 47921569 bytes
->Temporary Internet Files folder emptied: 47954739 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39953404 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 614 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1149155661 bytes
 
Total Files Cleaned = 1,225.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11242011_223455

Files\Folders moved on Reboot...
C:\Users\Siegfried\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-24 22:37:13
-----------------------------
22:37:13.165    OS Version: Windows x64 6.1.7600 
22:37:13.165    Number of processors: 2 586 0x170A
22:37:13.165    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
22:37:16.488    Initialize success
22:37:48.532    AVAST engine defs: 11112400
22:38:06.550    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:38:06.565    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
22:38:08.578    Disk 0 MBR read successfully
22:38:08.578    Disk 0 MBR scan
22:38:08.593    Disk 0 Windows 7 default MBR code
22:38:08.609    Service scanning
22:38:15.099    Modules scanning
22:38:15.099    Disk 0 trace - called modules:
22:38:15.114    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
22:38:15.114    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfb060]
22:38:15.130    3 CLASSPNP.SYS[fffff880018b943f] -> nt!IofCallDriver -> [0xfffffa8004766520]
22:38:15.130    5 ACPI.sys[fffff88000f1f781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004767680]
22:38:18.749    AVAST engine scan C:\Windows
22:38:23.039    AVAST engine scan C:\Windows\system32
22:40:02.380    AVAST engine scan C:\Windows\system32\drivers
22:40:12.941    AVAST engine scan C:\Users\Siegfried
22:40:57.557    File: C:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanpdiskaf64.dll  **INFECTED** Win32:MalOb-HD [Cryp]
22:41:31.347    File: C:\Users\Siegfried\nvload16.dll  **INFECTED** Win32:MalOb-HD [Cryp]
22:41:54.341    AVAST engine scan C:\ProgramData
22:43:05.041    Scan finished successfully
22:43:16.273    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
22:43:16.288    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"
         
Schade schade Schokolade.

Alt 24.11.2011, 23:16   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.11.2011, 22:43   #23
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



OTL
Code:
ATTFilter
OTL logfile created on: 11/26/2011 10:40:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive E: | 900.41 Gb Total Space | 843.59 Gb Free Space | 93.69% Space Free | Partition Type: NTFS
Drive F: | 30.00 Gb Total Space | 11.20 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- E:\Windows\System32\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- E:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- E:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- E:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- E:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- E:\Windows\System32\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- E:\Windows\System32\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdkmdag) -- E:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- E:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- E:\Windows\System32\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192su) -- E:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (Ntfs) -- E:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- E:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- E:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- E:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- E:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (AVMUNET) -- E:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- E:\Windows\SysWOW64\drivers\snpstd3.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Siegfried_ON_E\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Siegfried_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKU\Siegfried_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Siegfried_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: E:\Windows\System32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: E:\Windows\SysWOW64\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 02:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/11/11 02:21:47 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/17 08:51:37 | 000,000,000 | ---D | M] (Skype extension) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/10 02:53:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/11/24 16:35:04 | 000,000,098 | ---- | M]) - E:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] E:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] E:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Siegfried_ON_E..\Run: [NvCplDaemonTool] E:\Users\Siegfried\nvload16.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Siegfried_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 80.69.100.174
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/26 09:33:32 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{30C8C30E-3A28-451E-B593-35E04EA9AE12}
[2011/11/26 09:33:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{AA11F18B-856F-4D33-AEE4-AE6D1AC20305}
[2011/11/26 05:08:27 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{91309B18-8E79-45F2-B957-D14B757888C7}
[2011/11/25 17:27:24 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{60045CAB-E56B-4B25-B6CE-27C3ACA72C4D}
[2011/11/25 17:27:02 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{B1F84001-824E-47F2-8CD4-9556FBBEB996}
[2011/11/25 13:03:21 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D20682D7-F26F-4810-BA2E-EC55B83B2A37}
[2011/11/25 13:02:59 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{135A8A26-E644-4CB8-BCF7-05B72538070B}
[2011/11/25 07:38:08 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5F54EBE1-73B4-44CB-B27A-3E95C096B9DE}
[2011/11/25 07:37:57 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{ACFBECA5-DA8A-4C94-B192-96EB6A307070}
[2011/11/24 12:23:34 | 000,000,000 | ---D | C] -- E:\_OTL
[2011/11/24 10:07:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F04E278E-87F3-44CA-A473-EE4CE7E3322A}
[2011/11/24 10:07:21 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EDF4737A-0E04-467F-9EF5-441B6E827F1E}
[2011/11/24 09:00:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{1B276D75-264D-4166-83CA-29EC84620289}
[2011/11/24 09:00:41 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{B14BC047-29C2-4015-8D4F-4EC85A8ADAF3}
[2011/11/23 16:21:07 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{0D764207-6682-42CD-B863-BC79DA88EC5D}
[2011/11/23 14:49:50 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E340F210-46A8-47CA-8D02-4AD6A5230DB3}
[2011/11/23 14:16:39 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{ADBABCB5-BE59-464F-8B41-7B5C655F064E}
[2011/11/23 14:16:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{85E7F2C8-2D53-4A55-8EF0-AD892491DF81}
[2011/11/23 13:48:09 | 000,000,000 | ---D | C] -- E:\Windows\temp
[2011/11/23 13:45:26 | 000,000,000 | ---D | C] -- E:\$RECYCLE.BIN
[2011/11/23 13:40:28 | 000,518,144 | ---- | C] (SteelWerX) -- E:\Windows\SWREG.exe
[2011/11/23 13:40:28 | 000,406,528 | ---- | C] (SteelWerX) -- E:\Windows\SWSC.exe
[2011/11/23 13:40:28 | 000,060,416 | ---- | C] (NirSoft) -- E:\Windows\NIRCMD.exe
[2011/11/23 13:40:25 | 000,000,000 | ---D | C] -- E:\Windows\ERDNT
[2011/11/23 13:40:24 | 000,000,000 | ---D | C] -- E:\ComboFix
[2011/11/23 13:40:04 | 000,000,000 | ---D | C] -- E:\Qoobox
[2011/11/23 10:01:40 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EA7C7FAC-8AC5-4FE4-A0A3-CE77F25E31CA}
[2011/11/23 10:01:28 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D483E708-FBC5-44B6-94E2-FC0572474AB9}
[2011/11/23 06:27:41 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{133EC149-0213-4226-9797-15F6ADC78891}
[2011/11/23 06:27:19 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2B87512C-231F-4A14-BA82-7EAD8EF8F9B5}
[2011/11/22 15:55:21 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{55FDEF78-A0EE-4660-9FAC-7CDCD04C1DA6}
[2011/11/22 15:55:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{53086F68-BD2F-4C27-B36F-0C98AFAC8431}
[2011/11/22 15:49:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9B639A12-95CB-43E9-AD94-4BB5A746EA89}
[2011/11/22 15:49:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F1DF56C8-23FB-4F19-9149-7C744D6702D4}
[2011/11/22 14:42:05 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2E1C0092-F936-47FA-8EEA-AA9DB8F018AB}
[2011/11/22 14:41:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{38E62EEB-1D08-482A-A551-5C1549A481AE}
[2011/11/22 14:24:40 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{43493799-7E4D-4D29-8727-05348787636F}
[2011/11/22 14:24:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A7276725-4EDF-492B-926A-1C288B19BECC}
[2011/11/22 14:08:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{0BF2F78A-5E84-4E1F-AA3A-A7B4AFB0F45D}
[2011/11/22 14:08:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D0EFF3B1-5488-49FD-B127-CCC53FE64BDA}
[2011/11/22 12:50:42 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{844B2F2F-1402-4337-82B8-755FE4033956}
[2011/11/22 12:50:20 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{CE66E21B-640D-4396-9D34-C7256E24D339}
[2011/11/22 06:15:28 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{02C8018E-F92E-402D-A54B-08A5B793E6D5}
[2011/11/22 06:15:06 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A2A6433F-8F08-4A13-88FD-D6C5B6FFF5B8}
[2011/11/21 16:04:53 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\ESET
[2011/11/21 15:57:11 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3E612698-8D32-4B53-A2EA-3C934AE4EFA5}
[2011/11/21 12:16:49 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{C41709F1-52A5-4947-ACFF-8D725F5FE297}
[2011/11/21 12:16:26 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{75C614F5-F50A-4C9D-833B-6DFE8D322F60}
[2011/11/21 10:55:20 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F0DB0697-EB07-4F2E-91D7-7DF362A9DBDB}
[2011/11/21 10:54:57 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EF9AD7B9-2001-4733-872C-CB390AEE4DC5}
[2011/11/20 15:03:08 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{687C0700-15DD-4DE5-943C-3C4F4D3AE0A5}
[2011/11/20 15:02:46 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2FF6BC9A-AD41-4F5A-BB76-D3C0AE5F4E6B}
[2011/11/20 13:01:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F733502A-ED50-4423-9E12-7D5E70446238}
[2011/11/20 13:01:32 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F600673C-90B4-4806-9088-F2DFB567AD5C}
[2011/11/20 12:52:22 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BDE26E06-4FDF-46CE-BFA6-FAC2756C67F9}
[2011/11/20 12:13:55 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E313CD2C-AEF5-495C-AE1E-BDEBF66B159D}
[2011/11/20 12:13:32 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E6A319A7-1F90-4EAD-9219-F168934BD52A}
[2011/11/20 12:06:51 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{940E66A2-7F2F-42CA-BB16-3AA892F295B8}
[2011/11/20 12:06:29 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D7CD0831-FC4A-4FDB-B72A-B1E0CE8490F1}
[2011/11/20 05:39:44 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4D1D960A-F4CA-46E5-AD11-A55B25B18364}
[2011/11/20 05:39:21 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{808BAEE4-3E14-4D29-9F4F-E2FCAA8C6AC6}
[2011/11/20 03:11:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{99F98317-784B-4B27-9BBB-44E5E8DF5AC3}
[2011/11/20 03:11:03 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A2A5B2FC-D955-4BE9-850F-7D5E3540DD0D}
[2011/11/19 13:49:11 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{86BB241F-EAA6-45DE-9D9D-FC1F6A38FF55}
[2011/11/19 13:48:49 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{8FF928D8-FD88-4B06-A2A7-EB2A553B8568}
[2011/11/19 11:05:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A6FB9EF2-7AC4-4CDC-BFFC-2B11C44D8B69}
[2011/11/19 11:04:58 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{0D15AE7C-A262-443D-B447-394421DE37EE}
[2011/11/18 17:02:00 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5E5F311D-BF16-4A36-A85D-659314ABB0C3}
[2011/11/18 15:48:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{95F25DA4-A37E-42C7-94A7-08F0ECE13D70}
[2011/11/18 15:48:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{CE30370D-739A-4BAE-8898-28E2121A60FC}
[2011/11/18 07:49:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4D770CFC-A99F-42E7-9283-47C15DBEA335}
[2011/11/18 07:49:20 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5200AF6F-FDA0-4FF4-A4C2-5A31839B7DA3}
[2011/11/17 16:57:16 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{10D037E5-E2A2-4760-B5EB-A1F45A8341FB}
[2011/11/17 16:56:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{08D14966-88E4-4F7D-8B7D-630B032EEA11}
[2011/11/17 15:27:16 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4A4E65C5-E7BA-429A-84A0-A4557A340ED4}
[2011/11/17 15:26:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E7CFD3CC-2F82-460F-AA9D-4B011E44F4E7}
[2011/11/17 12:41:37 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{DBB3B843-F84F-4ACD-A0C5-669BA46C0697}
[2011/11/17 12:41:26 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E9D57FA0-E3E0-4F02-B9F0-8D6BD778CDED}
[2011/11/17 10:20:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7480649D-95F7-47EE-BC41-641249EC99CE}
[2011/11/17 10:19:59 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5351F56D-E35E-4F11-B1C7-D08D2BB777A6}
[2011/11/17 04:43:42 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{6567569B-83C5-48AD-A555-E10D4548A4D0}
[2011/11/17 04:43:20 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{52FF5EC3-BBCF-44F3-BC06-FBB317ACB74D}
[2011/11/17 03:48:58 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9C27ED20-0BE7-4CEB-A5C2-98D45C05147F}
[2011/11/17 03:48:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2ABA8744-B4BD-4BB7-B357-2874EE7AE988}
[2011/11/17 02:28:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D12AF1F0-A72E-4DE4-8221-5EBFB942375F}
[2011/11/16 12:33:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{8EBA85E3-3C36-4A6C-B8E7-88DA866190DD}
[2011/11/16 12:32:48 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{26048EBB-BE0A-4816-87EC-BEC2792EF71D}
[2011/11/16 11:19:07 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EF2D75BD-8E7B-4A05-8784-D92187E8F5C9}
[2011/11/16 11:18:45 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{176BDFFF-F5F7-41DA-AA14-4E005E4120D7}
[2011/11/16 10:14:34 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{0DFDD381-4278-4F4B-9270-47B9EB2F9D42}
[2011/11/16 10:14:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{08CF69FD-7CFD-494B-ABAF-6E4A0263D513}
[2011/11/16 10:09:42 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{862B4784-FC2E-45FA-BBCC-0105941C2DF9}
[2011/11/16 10:09:19 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{998C6BD3-FD11-49AE-AEA9-A9E4FADA0329}
[2011/11/16 09:40:09 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5E398D96-DB8D-4C9B-B735-E559DDECA91E}
[2011/11/16 08:55:25 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BFFB7DEB-FC13-48B5-A634-25416021ECAB}
[2011/11/16 08:55:02 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3919A162-9DC4-4D6F-9FF5-483E077E0FC1}
[2011/11/16 03:17:13 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4B6DFA41-9E70-4D9A-9E87-CCBCA3CD1C83}
[2011/11/16 03:16:51 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2AF3C049-7D2F-45FF-8BE2-E11A944F9CD7}
[2011/11/15 15:56:56 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2607F6FD-D6C5-4DC0-9CA7-C88EC4ADAEE1}
[2011/11/15 15:56:34 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BDC3FAF2-EDC8-416F-A4B7-0D384B463E08}
[2011/11/15 09:43:47 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4E116DD8-17EA-4622-AB86-9D7F2F1DE074}
[2011/11/15 09:43:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E5856D05-8969-4FFF-AF0F-3AE3F0D2A267}
[2011/11/15 02:44:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EA12BF2F-2CF1-4EE2-90E3-85BB66953455}
[2011/11/15 02:43:50 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{CB748102-096C-4724-8653-5C88F810A6B8}
[2011/11/14 17:45:29 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A8C5EB64-3B1F-4E45-85F2-49D265F593B3}
[2011/11/14 11:26:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{6F8C335E-8CA9-41FE-BF3F-BAD7158183EF}
[2011/11/14 11:26:25 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{ACFF8DB7-6153-44B9-8FA6-EB6BF96B1D03}
[2011/11/14 09:34:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{8DB1E104-1E63-4181-BE7A-EFE4079962FA}
[2011/11/14 09:34:20 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2685E788-6CEA-4D13-9F3E-81048D6CF611}
[2011/11/14 02:57:48 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D2114C35-B724-4477-8BE9-EEFCE288F071}
[2011/11/14 02:57:26 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4D2982D4-3B10-4257-8FCE-C4348CC123FD}
[2011/11/13 10:14:05 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{808DD755-F30B-4F65-9CA7-3BDE9E7402EB}
[2011/11/13 10:13:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4209D5DC-E750-4DBB-B58D-CD22C54D9DB4}
[2011/11/13 08:49:55 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{69CC0F26-BF1F-449A-A91E-E98E1251DC26}
[2011/11/13 05:01:26 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9616771E-E46E-43CD-937D-60F4EC125DEA}
[2011/11/13 05:01:15 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2A29C846-26EF-49D8-BE1F-260B51654BDD}
[2011/11/13 04:07:41 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{28B68FE8-9330-4B90-AE3B-D6867506A6BE}
[2011/11/13 04:07:30 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{11EF7E78-4E17-4B7B-968A-D496027F90B8}
[2011/11/12 18:08:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9F8F902C-FB3B-4999-8F05-797730259B22}
[2011/11/12 18:07:50 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A0356FE8-08A8-49EB-A401-6224BA9F2212}
[2011/11/12 16:03:22 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BF764B7C-FD2E-4EC0-87A4-F8D356D1C1D1}
[2011/11/12 16:03:11 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{999B49C0-8A36-4291-B868-F339F84AD020}
[2011/11/12 09:02:38 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{50ADD7E0-B5C9-48B1-BF2A-1D228F08B283}
[2011/11/12 09:02:26 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BDEFBC00-F282-458E-80B5-7666068F1251}
[2011/11/11 15:35:45 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5746636D-15C7-4503-9F32-3AAED2B61FCB}
[2011/11/11 15:35:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A1B73CB9-38CC-42DC-979F-5730A830301D}
[2011/11/11 12:04:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BA0016C5-94A6-49CD-8021-D4D9B58F53A1}
[2011/11/11 12:04:30 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{FC4B71E6-2CFD-4121-9B8A-B9908CBFE4E9}
[2011/11/11 08:39:46 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D2F12F07-22A8-427C-9BF8-F99578E0ADAC}
[2011/11/11 08:39:24 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{801C8422-99C2-49C5-957D-CD897E824A47}
[2011/11/10 09:07:15 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{AD0B5D46-5BB2-485E-8F5E-0D3E9CB51C59}
[2011/11/10 09:06:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7D63089E-5907-4A95-8063-02A51EC04CDB}
[2011/11/10 03:10:39 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{87CBCC6F-C228-4A75-9AFF-A965B91B55A8}
[2011/11/10 03:10:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7B15FDB8-BC0B-40D9-986E-64678E355F5C}
[2011/11/09 15:21:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{C487C374-116F-43B6-B0E2-9471A7402CCC}
[2011/11/09 15:20:39 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7BCBD1A6-4350-46A5-B831-A414A3C9E93A}
[2011/11/09 15:15:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EFF9A617-E6FA-4638-9039-AB9637CC64EF}
[2011/11/09 15:14:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9B66A48C-61F1-4283-9478-2A32816F35DC}
[2011/11/08 15:09:07 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{68324EE8-BE5B-43AE-A814-DD79A23C4C24}
[2011/11/08 15:08:45 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{611F9BC7-5C8C-4190-AAD5-828AE4F4DF01}
[2011/11/08 09:40:50 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{06F58FB3-0075-4B62-BAB9-3870E0C756D0}
[2011/11/08 09:40:28 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E2CD7075-7CBD-44AC-AB64-290CBFA9C375}
[2011/11/07 14:03:46 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{1AE83794-10DA-4BF0-A1A8-7B8F2DBDABCD}
[2011/11/07 14:03:24 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7AE8E28D-63B2-49C2-81E4-9E77343F0425}
[2011/11/07 09:19:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{B90E286A-CCA6-48A6-B452-3A093100FA2E}
[2011/11/07 09:19:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{894B880E-B1D4-47E3-973F-AD8B7D8401DA}
[2011/11/06 11:47:58 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{38695A67-AF0E-4D39-8EB9-C40720706619}
[2011/11/06 11:47:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{CB0236D9-7CC4-4F5B-A8B1-2FEF31FAA403}
[2011/11/06 04:31:33 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2075C637-FE52-4B0E-BE23-AB721EB4C8BE}
[2011/11/06 04:31:11 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A493D704-59B8-4AC3-A20B-A27943C341D9}
[2011/11/05 16:02:36 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A4C54959-84C3-470F-81D3-58A7244EE4FE}
[2011/11/05 16:02:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2EB7803B-706D-4918-A790-A893AE61D4F0}
[2011/11/04 11:50:35 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9EED1E63-8AB0-4DAC-924F-7814A0F7F098}
[2011/11/04 11:50:13 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EB8FBF0E-E7AF-4AA1-ADCB-D4CFD6F0452F}
[2011/11/04 10:24:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{AA53EF68-63AE-4214-99F1-AA7CCE952769}
[2011/11/04 10:23:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{B51849A3-CD23-4100-8C5B-24C021BE4A6C}
[2011/11/04 07:47:06 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{851C1E34-F96B-4A2E-86D2-CF242F857621}
[2011/11/04 07:46:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{4BC8D3C2-919A-49CD-BFEC-D4C7CCB51C52}
[2011/11/03 16:37:37 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{144FA324-AD87-408A-B2B9-D1B139CC6BC5}
[2011/11/03 16:37:15 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{885DFCBF-183C-44A8-ABC3-C5E46625AF51}
[2011/11/03 12:18:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{31E13EFE-CF70-4694-ADD3-C270A03F3709}
[2011/11/03 08:54:25 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{EBCB9CF4-E217-4026-917C-E3117A9C318D}
[2011/11/03 08:54:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{9F878CED-3456-4475-A632-CD23D93C3016}
[2011/11/03 03:35:23 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{CC722234-1782-49F4-802C-19488F1D6EF5}
[2011/11/03 03:35:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7261A9B8-4C7A-4C4F-B9FE-C7392D24AE07}
[2011/11/02 14:12:54 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{A4070AA6-7501-4A32-BE49-B49FE6783CB3}
[2011/11/02 14:12:32 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{DB7B6B2B-C423-4EAB-8F84-1453105A610E}
[2011/11/02 06:20:28 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{E2FE01F1-335F-46CA-B688-183C3F8510F5}
[2011/11/02 01:38:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3698724C-719D-4C0F-8491-03B6F023947B}
[2011/11/02 01:37:55 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{FD3C7D17-2CB1-4D9D-847B-E47B3F462FC6}
[2011/11/01 13:54:15 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{BCF9DDED-2688-482B-ADD6-93255426D9BD}
[2011/11/01 13:53:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{27A245E2-9A7F-4DBE-8DF9-E24DC9BD4155}
[2011/11/01 08:19:33 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{AA8D829A-086D-4E68-B25A-6061040C3CF2}
[2011/11/01 08:19:10 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{ED21DD28-B61D-47B2-8C33-25DCD115A8C5}
[2011/11/01 07:17:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{C091FB02-69DF-4661-83BD-F61AE8B5A64B}
[2011/11/01 03:54:41 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2306D39F-CBA9-4240-B79A-B3B24A6F534F}
[2011/11/01 03:54:18 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{F3775F8D-DA6C-4A6E-92E0-DBD42370BEC9}
[2011/10/31 14:52:24 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3F047581-CEB3-4B3A-9262-6AF8AE414B95}
[2011/10/31 14:52:01 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{58889D42-C94F-4FF4-B248-25CC16A5D6E9}
[2011/10/30 14:27:09 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{967149A9-E420-4CB1-8348-78BEEB2FDE3A}
[2011/10/30 14:26:46 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7A7DBF74-9C1A-4135-A3D6-F13701704DBC}
[2011/10/29 17:08:39 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3B6F3D8A-4D5F-4E45-9490-236FF6E7926D}
[2011/10/29 17:08:17 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5914F787-12F1-4520-B092-8EFC8E493A99}
[2011/10/29 16:27:05 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{45293810-5F71-47D6-A9A8-4D9CF57D8720}
[2011/10/29 16:26:43 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{2D78B2FF-A17D-4F36-8DD0-E92926A5A02A}
[2011/10/29 11:57:12 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{3DFA92AC-03DD-4524-8C93-62AB75E7AC12}
[2011/10/29 11:56:50 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{64974150-07D6-4D89-8751-EF0B9FEBBE56}
[2011/10/29 05:35:14 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{37AF8313-A373-486C-B7D6-C5C08798D790}
[2011/10/29 05:34:52 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{5077E0E8-79E8-4725-88F9-91B08C9D50DC}
[2011/10/28 11:44:48 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{43F62ABD-85B6-49D9-8B86-6AE961E683DC}
[2011/10/28 11:44:37 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{D94E3FB8-AAAF-4A17-9CCE-457872CBE25F}
[2011/10/28 09:50:30 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{ABCE0EC5-B54C-46D3-B5D3-CCF2FAF5A675}
[2011/10/28 09:50:08 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{C10B8B31-1876-4DE0-8122-DF863A2ABB79}
[2011/10/28 08:12:13 | 000,000,000 | ---D | C] -- E:\Users\Siegfried\AppData\Local\{7EAEBAE4-45C0-4545-A860-5A125F771099}
[2011/07/17 11:34:32 | 000,172,032 | ---- | C] ( ) -- E:\Windows\SysWow64\rsnpstd3.dll
[2011/07/17 11:34:32 | 000,061,440 | ---- | C] ( ) -- E:\Windows\SysWow64\vsnpstd3.dll
[2011/07/17 11:34:32 | 000,053,248 | ---- | C] ( ) -- E:\Windows\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/26 16:27:17 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2011/11/26 16:26:48 | 000,001,068 | ---- | M] () -- E:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011/11/26 16:09:00 | 000,001,110 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 16:09:00 | 000,001,106 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 09:36:54 | 000,009,920 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 09:36:54 | 000,009,920 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 09:34:55 | 000,653,928 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2011/11/26 09:34:55 | 000,615,810 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2011/11/26 09:34:55 | 000,129,800 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2011/11/26 09:34:55 | 000,106,190 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2011/11/26 09:29:35 | 3220,627,456 | -HS- | M] () -- E:\hiberfil.sys
[2011/11/24 16:43:16 | 000,000,512 | ---- | M] () -- E:\Users\Siegfried\Desktop\MBR.dat
[2011/11/24 16:35:04 | 000,000,098 | ---- | M] () -- E:\Windows\System32\drivers\etc\Hosts
[2011/11/20 15:09:38 | 000,002,715 | ---- | M] () -- E:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/15 02:43:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2011/11/23 15:13:28 | 000,000,512 | ---- | C] () -- E:\Users\Siegfried\Desktop\MBR.dat
[2011/11/23 13:46:18 | 000,001,068 | ---- | C] () -- E:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011/11/23 13:40:28 | 000,256,000 | ---- | C] () -- E:\Windows\PEV.exe
[2011/11/23 13:40:28 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe
[2011/11/23 13:40:28 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe
[2011/11/23 13:40:28 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe
[2011/11/23 13:40:28 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe
[2011/07/17 11:34:32 | 000,835,584 | ---- | C] () -- E:\Windows\vsnpstd3.exe
[2011/07/17 11:34:32 | 000,270,336 | ---- | C] () -- E:\Windows\tsnpstd3.exe
[2011/07/17 11:34:32 | 000,015,498 | ---- | C] () -- E:\Windows\snpstd3.ini
[2011/02/15 17:43:53 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2010/09/17 14:17:00 | 000,002,888 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/06/21 14:26:06 | 000,000,000 | ---D | M] -- E:\ProgramData\Canneverbe Limited
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/06/22 03:59:35 | 000,000,000 | ---D | M] -- E:\ProgramData\Partner
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2011/02/15 18:28:11 | 000,000,000 | ---D | M] -- E:\ProgramData\Temp
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2011/06/21 14:24:10 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/11/11 10:35:41 | 000,032,640 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---


Extras
Code:
ATTFilter
OTL Extras logfile created on: 11/26/2011 10:40:44 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.40 Mb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive E: | 900.41 Gb Total Space | 843.59 Gb Free Space | 93.69% Space Free | Partition Type: NTFS
Drive F: | 30.00 Gb Total Space | 11.20 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- E:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503BDFE9-FDB7-D053-0169-F0F328249177}" = ccc-utility64
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6D03AFB5-FED5-B9C4-0795-A6910BF41AF3}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503BDFE9-FDB7-D053-0169-F0F328249177}" = ccc-utility64
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6D03AFB5-FED5-B9C4-0795-A6910BF41AF3}" = ATI Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
< End of report >
         
--- --- ---

Alt 30.11.2011, 22:13   #24
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Weißte nicht mehr weiter, oder keine Zeit?

Alt 30.11.2011, 22:18   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Sry hab den Strang übersehen


Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:
ATTFilter
:Files
E:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
C:\Users\Siegfried\*.dll
:Commands
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.11.2011, 22:36   #26
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Code:
ATTFilter
========== FILES ==========
E:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini moved successfully.
E:\Users\Siegfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk moved successfully.
File\Folder C:\Users\Siegfried\*.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
-> No Temporary Internet Files cache folder defined!
 
User: Default
-> No Temporary Internet Files cache folder defined!
 
User: Default User
-> No Temporary Internet Files cache folder defined!
 
User: Public
-> No Temporary Internet Files cache folder defined!
 
User: Siegfried
-> No Temporary Internet Files cache folder defined!
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81315 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 11302011_223211
         

Geändert von cosinus (01.12.2011 um 10:28 Uhr) Grund: Die movedfiles sollten in den UpChannel!!!

Alt 01.12.2011, 10:26   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Mach bitte ein neues Log mit aswMBR
Und beim nächsten Mal bitte genauer lesen wo die movedfiles hochgeladen werden sollen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.12.2011, 17:49   #28
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Oh.. Entschuldige. :X Es war schon spät

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-01 17:24:00
-----------------------------
17:24:00.458    OS Version: Windows x64 6.1.7600 
17:24:00.458    Number of processors: 2 586 0x170A
17:24:00.459    ComputerName: SIEGFRIEDS-PC  UserName: Siegfried
17:24:04.714    Initialize success
17:24:07.100    AVAST engine defs: 11120100
17:24:09.187    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
17:24:09.190    Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
17:24:11.228    Disk 0 MBR read successfully
17:24:11.232    Disk 0 MBR scan
17:24:11.238    Disk 0 Windows 7 default MBR code
17:24:11.243    Service scanning
17:24:12.259    Modules scanning
17:24:12.264    Disk 0 trace - called modules:
17:24:12.272    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:24:12.277    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdd400]
17:24:12.283    3 CLASSPNP.SYS[fffff8800194043f] -> nt!IofCallDriver -> [0xfffffa8004746580]
17:24:12.289    5 ACPI.sys[fffff88000f8a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004748060]
17:24:15.300    AVAST engine scan C:\Windows
17:24:18.905    AVAST engine scan C:\Windows\system32
17:25:32.425    AVAST engine scan C:\Windows\system32\drivers
17:25:41.724    AVAST engine scan C:\Users\Siegfried
17:34:10.967    AVAST engine scan C:\ProgramData
17:34:59.415    Scan finished successfully
17:47:14.796    Disk 0 MBR has been saved successfully to "C:\Users\Siegfried\Desktop\MBR.dat"
17:47:14.800    The log file has been saved successfully to "C:\Users\Siegfried\Desktop\aswMBR.txt"
         
Sieht clean aus.. Beim Windows Start erscheint trotzdem noch eine Fehlermeldung, die sagt, dass ein Modul nicht gefunden werden konnte. (Es wird auf die nicht mehr vorhandene .dll Datei verwiesen)

Edit: Habe gerade einen Neustart durchgeführt um den genauen Wortlaut der Fehlermeldung zu posten. Diese blieb aber aus.. (?)
-> Dafür gerade eine andere ohne Text in der Titelleiste.. "Das Profil konnte nicht gefunden werden."

Alt 02.12.2011, 11:52   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Ja das sieht besser aus. Mal bitte auf einem gegebenen Anlass mal hier machen:


Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2011, 15:51   #30
hujhuj
 
Hartnäckiger Trojaner lässt sich nicht entfernen - Standard

Hartnäckiger Trojaner lässt sich nicht entfernen



Wozu das Ganze..? (Nur aus Neugier.)


Antwort

Themen zu Hartnäckiger Trojaner lässt sich nicht entfernen
.dll, .dll datei, anti-malware, appdata, code, dateien, entfernen, explorer, google, guten, hochfahren, leute, lässt sich nicht entfernen, malwarebytes, mbam, microsoft, neustart, roaming, scan, schädlinge, software, start, startup, tool, trojan.fakems, trojaner, version, warnt



Ähnliche Themen: Hartnäckiger Trojaner lässt sich nicht entfernen


  1. Neuer GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (3)
  2. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (9)
  3. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (3)
  4. GVU Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 01.08.2013 (7)
  5. GVU Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.06.2013 (2)
  6. Zbot.gen!AJ Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (7)
  7. Trojaner lässt sich nicht entfernen! =(
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (15)
  8. BKA Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 22.03.2012 (27)
  9. trojaner lässt sich nicht entfernen!
    Mülltonne - 15.10.2010 (1)
  10. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (25)
  11. Trojaner: Generic16.KGJ lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (3)
  12. Trojaner TR/Dowloader.Gen lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.10.2009 (6)
  13. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 08.01.2008 (5)
  14. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.12.2006 (8)
  15. Mssearchnet Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 20.02.2006 (2)
  16. Trojaner lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2006 (30)
  17. Trojaner lässt sich nicht entfernen
    Log-Analyse und Auswertung - 02.03.2005 (1)

Zum Thema Hartnäckiger Trojaner lässt sich nicht entfernen - Hmpf ich hab was vergessen Mach noch einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten - Hartnäckiger Trojaner lässt sich nicht entfernen...
Archiv
Du betrachtest: Hartnäckiger Trojaner lässt sich nicht entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.