Trojaner-Board - TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten!

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - TR/Phopiex.86016 Trojaner von facebook? habe probleme beim booten! (https://www.trojaner-board.de/104697-tr-phopiex-86016-trojaner-facebook-habe-probleme-beim-booten.html)

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 02.11.2011 21:23:04 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michi\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 76,89% Memory free

15,96 Gb Paging File | 13,87 Gb Available in Paging File | 86,88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 120,18 Gb Total Space | 22,94 Gb Free Space | 19,09% Space Free | Partition Type: NTFS

Drive D: | 257,59 Gb Total Space | 257,45 Gb Free Space | 99,95% Space Free | Partition Type: NTFS

Drive F: | 87,89 Gb Total Space | 87,80 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

Drive G: | 7,89 Gb Total Space | 6,75 Gb Free Space | 85,53% Space Free | Partition Type: NTFS

Drive H: | 246,50 Mb Total Space | 84,99 Mb Free Space | 34,48% Space Free | Partition Type: FAT32

Drive J: | 3,94 Gb Total Space | 2,98 Gb Free Space | 75,58% Space Free | Partition Type: FAT32

Drive K: | 931,51 Gb Total Space | 194,55 Gb Free Space | 20,89% Space Free | Partition Type: NTFS

 

Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Michi\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

PRC - C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()

PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTMUI.dll ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTHAL.dll ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTCore.dll ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTUI.dll ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTFC.dll ()

MOD - C:\Program Files (x86)\MSI Afterburner\RTTSH.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (XTSvcMgr) -- C:\Programme\Novell\Client\XTier\Services\xtsvcmgr.exe (Novell, Inc.)

SRV - (cusrvc) -- C:\Programme\Novell\Client\cusrvc.exe ()

SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (NCRecognizer) -- C:\Windows\SysNative\drivers\ncrecognizer.sys ()

DRV:64bit: - (NCFilter) -- C:\Windows\SysNative\drivers\ncfilter.sys ()

DRV:64bit: - (NCUncFilter) -- C:\Windows\SysNative\drivers\ncuncfilter.sys ()

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)

DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)

DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)

DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (LUMDriver) -- C:\Windows\SysNative\drivers\LUMDriver.sys (IBM)

DRV - (NCIOCTL) -- C:\Programme\Novell\Client\XTier\Drivers\ncioctl.sys ()

DRV - (NICM) -- C:\Programme\Novell\Client\XTier\Drivers\nicm.sys (Novell, Inc.)

DRV - (NCFSD) -- C:\Programme\Novell\Client\XTier\Drivers\ncfsd.sys ()

DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 16 30 7B 05 95 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="

FF - prefs.js..network.proxy.http: "149.169.227.129"

FF - prefs.js..network.proxy.http_port: 3127

FF - prefs.js..network.proxy.type: 0

 

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Michi\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michi\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.07 18:07:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.07 18:07:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 17:10:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.19 10:53:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 10:53:59 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.07 17:10:57 | 000,000,000 | ---D | M]

 

[2011.04.08 21:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions

[2011.09.28 08:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\hzfg47j7.default\extensions

[2011.11.01 16:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.04.08 22:36:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.04.08 22:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.29 20:53:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.24 12:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011.11.02 12:07:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM

[2011.11.01 16:09:03 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF

() (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZFG47J7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HZFG47J7.DEFAULT\EXTENSIONS\GMAIL@BORSOSFISOFT.COM.XPI

[2011.10.04 11:14:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.04 11:14:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.04 11:14:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.04 11:14:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.04 11:14:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.04 11:14:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.04 11:14:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.14 11:20:29 | 000,000,877 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts:         127.0.0.1       localhost , hxxp://kino.to/ ,

O1 - Hosts:         ::1             localhost

O1 - Hosts: 127.0.0.1 localhost hxxp://kino.to/

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4:64bit: - HKLM..\Run: [NWTRAY] C:\Windows\SysNative\nwtray.exe ()

O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found

O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKCU..\Run: [ASRockXTU]  File not found

O4 - HKCU..\Run: [zASRockInstantBoot]  File not found

O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26956E41-C775-4A02-BC58-578CEBCED280}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30:64bit: - LSA: Authentication Packages - (ncv1_0) - C:\Windows\SysNative\ncv1_0.dll ()

O30 - LSA: Authentication Packages - (ncv1_0) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk K:\

O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell - "" = AutoRun

O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell\AutoRun\command - "" = I:\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.02 18:30:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.11.02 15:45:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Michi\Desktop\esetsmartinstaller_enu.exe

[2011.11.02 15:35:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\fsae_desk

[2011.11.01 22:21:39 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\otl

[2011.11.01 21:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.01 21:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.11.01 21:06:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe

[2011.11.01 16:26:22 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2011.11.01 13:44:36 | 000,823,296 | ---- | C] (Novell, Inc.) -- C:\Windows\SysWow64\ccsw32.dll

[2011.11.01 13:44:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\novell

[2011.11.01 13:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Novell

[2011.11.01 13:44:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\nls

[2011.11.01 13:44:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nls

[2011.11.01 13:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Novell

[2011.11.01 13:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novell

[2011.10.28 02:01:16 | 000,000,000 | R--D | C] -- C:\Users\Michi\Dropbox

[2011.10.28 01:57:53 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2011.10.28 01:57:37 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Dropbox

[2011.10.28 01:28:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Freemake

[2011.10.28 01:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake

[2011.10.28 01:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake

[2011.10.28 01:19:00 | 000,000,000 | ---D | C] -- C:\Users\Michi\Application Data

[2011.10.28 01:08:20 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\3Dconnexion_Inc

[2011.10.28 00:16:15 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\3Dconnexion

[2011.10.28 00:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion

[2011.10.28 00:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion

[2011.10.28 00:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion

[2011.10.25 19:15:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2011.10.24 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.10.19 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\12 VEGAS Video

[2011.10.19 10:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.10.19 10:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2011.10.19 10:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2011.10.19 10:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011.10.19 10:52:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Apple

[2011.10.19 10:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011.10.19 10:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2011.10.19 08:53:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Malwarebytes

[2011.10.19 08:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.19 08:53:13 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.10.19 08:47:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Diagnostics

[2011.10.17 21:24:47 | 000,000,000 | RHSD | C] -- C:\Users\Michi\M-1-52-5782-8752-5245

[2011.10.17 08:23:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Avira

[2011.10.17 08:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.10.17 08:23:01 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.10.17 08:23:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011.10.17 08:23:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2011.10.17 08:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.17 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.02 21:13:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000UA.job

[2011.11.02 18:43:01 | 000,346,576 | ---- | M] () -- C:\Users\Michi\Desktop\Seite 2 - Trojaner-Board.pdf

[2011.11.02 18:31:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.02 18:31:41 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.02 18:28:27 | 001,498,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.02 18:28:27 | 000,654,108 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.02 18:28:27 | 000,615,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.02 18:28:27 | 000,129,980 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.02 18:28:27 | 000,106,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.02 18:24:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.02 18:23:39 | 2133,872,639 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.02 16:04:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.11.02 16:04:06 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.02 15:44:33 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Michi\Desktop\esetsmartinstaller_enu.exe

[2011.11.02 04:13:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000Core.job

[2011.11.01 21:33:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.01 21:05:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe

[2011.11.01 18:59:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011.11.01 18:59:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011.11.01 16:26:22 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.10.28 02:01:16 | 000,001,001 | ---- | M] () -- C:\Users\Michi\Desktop\Dropbox.lnk

[2011.10.28 01:58:00 | 000,000,981 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.27 13:32:37 | 000,016,384 | ---- | M] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.19 10:53:54 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.10.17 08:23:09 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011.10.12 23:57:22 | 000,318,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.11.02 18:43:00 | 000,346,576 | ---- | C] () -- C:\Users\Michi\Desktop\Seite 2 - Trojaner-Board.pdf

[2011.11.01 21:33:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.01 18:59:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011.11.01 18:59:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011.10.28 02:01:16 | 000,001,001 | ---- | C] () -- C:\Users\Michi\Desktop\Dropbox.lnk

[2011.10.28 01:58:00 | 000,000,981 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.10.19 10:53:54 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.10.19 10:52:47 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011.10.17 08:23:09 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011.09.30 04:18:56 | 000,916,056 | ---- | C] () -- C:\Windows\SysWow64\ncnetprovider.dll

[2011.09.30 04:18:56 | 000,662,104 | ---- | C] () -- C:\Windows\SysWow64\ncloginui.dll

[2011.09.30 04:18:56 | 000,404,056 | ---- | C] () -- C:\Windows\SysWow64\noveap.dll

[2011.09.30 04:18:56 | 000,240,216 | ---- | C] () -- C:\Windows\SysWow64\nwshlxnt.dll

[2011.09.30 04:18:56 | 000,191,064 | ---- | C] () -- C:\Windows\SysWow64\lgnwnt32.dll

[2011.09.30 04:18:56 | 000,166,488 | ---- | C] () -- C:\Windows\SysWow64\mapbase.dll

[2011.09.30 04:18:56 | 000,113,240 | ---- | C] () -- C:\Windows\SysWow64\nclangid.dll

[2011.09.30 04:18:56 | 000,026,200 | ---- | C] () -- C:\Windows\SysWow64\loginw32.exe

[2011.07.23 03:46:38 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll

[2011.07.07 17:08:52 | 000,181,021 | ---- | C] () -- C:\Windows\hpoins13.dat

[2011.07.07 17:08:52 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat

[2011.06.23 15:50:38 | 000,016,384 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.06.19 18:32:11 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.06.19 18:32:09 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2011.06.19 18:32:09 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.07 21:45:25 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011.06.07 21:45:25 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.06.07 21:45:24 | 000,631,808 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.06.07 21:45:24 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011.06.07 21:45:23 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.05.04 10:42:17 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2011.04.25 11:37:42 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Authentication

[2011.04.25 11:37:42 | 000,000,268 | RH-- | C] () -- C:\Users\Michi\AppData\Roaming\Applications

[2011.04.25 11:37:42 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2011.04.14 09:15:58 | 000,000,173 | ---- | C] () -- C:\Users\Michi\AppData\Local\msmathematics.qat.Michi

[2011.04.13 01:02:47 | 000,000,190 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\PropCalc Preferences

[2011.04.13 00:37:19 | 000,000,733 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\DriveCalculator Preferences

[2011.04.08 22:37:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.04.08 21:54:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.03.21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.10.28 00:16:15 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\3Dconnexion

[2011.04.11 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited

[2011.11.02 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox

[2011.06.16 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView

[2011.04.09 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LibreOffice

[2011.04.25 11:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Nikon

[2011.04.14 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Notepad++

[2011.09.28 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Publish Providers

[2011.09.28 09:51:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Sony

[2011.08.08 12:43:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.28 00:16:15 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\3Dconnexion

[2011.04.25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Adobe

[2011.04.08 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ATI

[2011.10.17 08:23:19 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Avira

[2011.04.11 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited

[2011.06.22 12:57:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DivX

[2011.11.02 18:24:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox

[2011.07.07 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\HP

[2011.04.08 21:43:52 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Identities

[2011.04.08 22:21:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\InstallShield

[2011.06.16 15:52:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView

[2011.04.09 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LibreOffice

[2011.04.08 22:40:20 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Macromedia

[2011.10.19 08:53:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Media Center Programs

[2011.06.22 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Media Player Classic

[2011.10.17 21:26:08 | 000,000,000 | --SD | M] -- C:\Users\Michi\AppData\Roaming\Microsoft

[2011.04.08 21:58:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Mozilla

[2011.04.25 11:40:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Nikon

[2011.04.14 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Notepad++

[2011.09.28 09:58:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Publish Providers

[2011.05.04 10:38:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Real

[2011.06.19 20:39:40 | 000,000,000 | RH-D | M] -- C:\Users\Michi\AppData\Roaming\SecuROM

[2011.11.02 18:38:28 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Skype

[2011.11.02 18:24:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\skypePM

[2011.09.28 09:51:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Sony

[2011.07.21 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Michi\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.04.25 11:39:14 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

[2011.11.01 13:44:48 | 000,010,134 | R--- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{559D2B32-5066-4762-A2F2-52831AC6F67B}\ARPPRODUCTICON.exe

[2011.08.22 23:30:45 | 000,010,134 | R--- | M] () -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe

[2011.04.25 11:39:25 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Michi\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

 
 <           >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 16 30 7B 05 95 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "http://www.google.de/"

FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="

FF - prefs.js..network.proxy.http: "149.169.227.129"

FF - prefs.js..network.proxy.http_port: 3127

FF - prefs.js..network.proxy.type: 0

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)

O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found

O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKCU..\Run: [zASRockInstantBoot]  File not found

O4 - HKCU..\Run: [ASRockXTU]  File not found

O30 - LSA: Authentication Packages - (ncv1_0) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - Unable to obtain root file information for disk K:\

O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell - "" = AutoRun

O33 - MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\Shell\AutoRun\command - "" = I:\Setup.exe

[2011.11.01 16:26:22 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar

[2011.11.01 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2011.10.17 21:24:47 | 000,000,000 | RHSD | C] -- C:\Users\Michi\M-1-52-5782-8752-5245

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "chr-greentree_ff&type=827316" removed from browser.search.param.yahoo-fr

Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage

Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" removed from keyword.URL

Prefs.js: "149.169.227.129" removed from network.proxy.http

Prefs.js: 3127 removed from network.proxy.http_port

Prefs.js: 0 removed from network.proxy.type

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ncv1_0 deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File  not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5ef6693-63d7-11e0-aea8-002522a1d43b}\ not found.

File I:\Setup.exe not found.

C:\Windows\SysNative\drivers\stflt.sys moved successfully.

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.

C:\Program Files (x86)\Common Files\Spigot folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\IE\4.7 folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\skin folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\content folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.

C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.

C:\Program Files (x86)\Application Updater folder moved successfully.

C:\Users\Michi\M-1-52-5782-8752-5245 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Michi

->Temp folder emptied: 4686777774 bytes

->Temporary Internet Files folder emptied: 251417988 bytes

->Java cache emptied: 9135029 bytes

->FireFox cache emptied: 49196600 bytes

->Flash cache emptied: 933 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 116064409 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 4.876,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_220457
 

Files\Folders moved on Reboot...

C:\Users\Michi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

yeah, mein dvd-laufwerk ist wieder da :applaus:

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

nichts gefunden

Code:

22:45:54.0479 3540        TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

22:45:54.0705 3540        ============================================================

22:45:54.0705 3540        Current date / time: 2011/11/02 22:45:54.0705

22:45:54.0705 3540        SystemInfo:

22:45:54.0705 3540        

22:45:54.0705 3540        OS Version: 6.1.7601 ServicePack: 1.0

22:45:54.0705 3540        Product type: Workstation

22:45:54.0705 3540        ComputerName: MICHI-PC

22:45:54.0705 3540        UserName: Michi

22:45:54.0705 3540        Windows directory: C:\Windows

22:45:54.0705 3540        System windows directory: C:\Windows

22:45:54.0705 3540        Running under WOW64

22:45:54.0705 3540        Processor architecture: Intel x64

22:45:54.0705 3540        Number of processors: 4

22:45:54.0705 3540        Page size: 0x1000

22:45:54.0705 3540        Boot type: Normal boot

22:45:54.0705 3540        ============================================================

22:46:01.0675 3540        Initialize success

22:49:46.0517 3580        ============================================================

22:49:46.0517 3580        Scan started

22:49:46.0517 3580        Mode: Manual; SigCheck; TDLFS; 

22:49:46.0517 3580        ============================================================

22:49:47.0157 3580        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:49:47.0257 3580        1394ohci - ok

22:49:47.0297 3580        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:49:47.0307 3580        ACPI - ok

22:49:47.0327 3580        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:49:47.0357 3580        AcpiPmi - ok

22:49:47.0437 3580        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:49:47.0457 3580        adp94xx - ok

22:49:47.0477 3580        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:49:47.0497 3580        adpahci - ok

22:49:47.0507 3580        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:49:47.0527 3580        adpu320 - ok

22:49:47.0577 3580        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

22:49:47.0647 3580        AFD - ok

22:49:47.0677 3580        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:49:47.0687 3580        agp440 - ok

22:49:47.0707 3580        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:49:47.0717 3580        aliide - ok

22:49:47.0727 3580        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:49:47.0737 3580        amdide - ok

22:49:47.0767 3580        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:49:47.0817 3580        AmdK8 - ok

22:49:47.0987 3580        amdkmdag        (bfa9657adf7ddc29242a6e0e88de36fa) C:\Windows\system32\DRIVERS\atikmdag.sys

22:49:48.0187 3580        amdkmdag - ok

22:49:48.0307 3580        amdkmdap        (8c493027d9b2399283e724e9862ebb42) C:\Windows\system32\DRIVERS\atikmpag.sys

22:49:48.0337 3580        amdkmdap - ok

22:49:48.0377 3580        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:49:48.0407 3580        AmdPPM - ok

22:49:48.0447 3580        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:49:48.0457 3580        amdsata - ok

22:49:48.0487 3580        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:49:48.0497 3580        amdsbs - ok

22:49:48.0507 3580        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:49:48.0517 3580        amdxata - ok

22:49:48.0647 3580        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:49:48.0697 3580        AppID - ok

22:49:48.0737 3580        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:49:48.0747 3580        arc - ok

22:49:48.0767 3580        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:49:48.0777 3580        arcsas - ok

22:49:48.0837 3580        AsrCDDrv - ok

22:49:48.0847 3580        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:49:48.0897 3580        AsyncMac - ok

22:49:48.0937 3580        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:49:48.0947 3580        atapi - ok

22:49:49.0027 3580        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

22:49:49.0057 3580        AtiHDAudioService - ok

22:49:49.0097 3580        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

22:49:49.0107 3580        avgntflt - ok

22:49:49.0147 3580        avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys

22:49:49.0157 3580        avipbb - ok

22:49:49.0187 3580        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

22:49:49.0187 3580        avkmgr - ok

22:49:49.0237 3580        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:49:49.0277 3580        b06bdrv - ok

22:49:49.0307 3580        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:49:49.0347 3580        b57nd60a - ok

22:49:49.0387 3580        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:49:49.0457 3580        Beep - ok

22:49:49.0497 3580        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:49:49.0527 3580        blbdrive - ok

22:49:49.0587 3580        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:49:49.0607 3580        bowser - ok

22:49:49.0627 3580        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:49:49.0657 3580        BrFiltLo - ok

22:49:49.0667 3580        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:49:49.0687 3580        BrFiltUp - ok

22:49:49.0707 3580        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:49:49.0737 3580        Brserid - ok

22:49:49.0747 3580        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:49:49.0767 3580        BrSerWdm - ok

22:49:49.0777 3580        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:49:49.0797 3580        BrUsbMdm - ok

22:49:49.0817 3580        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:49:49.0837 3580        BrUsbSer - ok

22:49:49.0847 3580        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:49:49.0877 3580        BTHMODEM - ok

22:49:49.0887 3580        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:49:49.0937 3580        cdfs - ok

22:49:49.0977 3580        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

22:49:50.0017 3580        cdrom - ok

22:49:50.0047 3580        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:49:50.0077 3580        circlass - ok

22:49:50.0107 3580        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:49:50.0127 3580        CLFS - ok

22:49:50.0167 3580        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:49:50.0197 3580        CmBatt - ok

22:49:50.0227 3580        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:49:50.0237 3580        cmdide - ok

22:49:50.0287 3580        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

22:49:50.0317 3580        CNG - ok

22:49:50.0327 3580        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:49:50.0337 3580        Compbatt - ok

22:49:50.0377 3580        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:49:50.0407 3580        CompositeBus - ok

22:49:50.0427 3580        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:49:50.0437 3580        crcdisk - ok

22:49:50.0477 3580        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

22:49:50.0517 3580        CSC - ok

22:49:50.0597 3580        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:49:50.0647 3580        DfsC - ok

22:49:50.0657 3580        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:49:50.0707 3580        discache - ok

22:49:50.0757 3580        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:49:50.0767 3580        Disk - ok

22:49:50.0837 3580        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

22:49:50.0857 3580        Dot4 - ok

22:49:50.0887 3580        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:49:50.0907 3580        Dot4Print - ok

22:49:50.0927 3580        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

22:49:50.0957 3580        dot4usb - ok

22:49:50.0977 3580        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:49:50.0997 3580        drmkaud - ok

22:49:51.0057 3580        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:49:51.0077 3580        DXGKrnl - ok

22:49:51.0157 3580        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:49:51.0227 3580        ebdrv - ok

22:49:51.0327 3580        ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys

22:49:51.0337 3580        ElbyCDIO - ok

22:49:51.0367 3580        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:49:51.0397 3580        elxstor - ok

22:49:51.0427 3580        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:49:51.0457 3580        ErrDev - ok

22:49:51.0477 3580        EtronHub3       (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys

22:49:51.0497 3580        EtronHub3 - ok

22:49:51.0527 3580        EtronXHCI       (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys

22:49:51.0547 3580        EtronXHCI - ok

22:49:51.0577 3580        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:49:51.0627 3580        exfat - ok

22:49:51.0647 3580        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:49:51.0697 3580        fastfat - ok

22:49:51.0737 3580        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:49:51.0757 3580        fdc - ok

22:49:51.0777 3580        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:49:51.0787 3580        FileInfo - ok

22:49:51.0797 3580        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:49:51.0847 3580        Filetrace - ok

22:49:51.0847 3580        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:49:51.0867 3580        flpydisk - ok

22:49:51.0897 3580        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:49:51.0907 3580        FltMgr - ok

22:49:51.0957 3580        FNETTBOH_305    (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS

22:49:51.0967 3580        FNETTBOH_305 - ok

22:49:51.0987 3580        FNETURPX        (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS

22:49:51.0997 3580        FNETURPX - ok

22:49:52.0027 3580        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:49:52.0037 3580        FsDepends - ok

22:49:52.0087 3580        fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

22:49:52.0097 3580        fssfltr - ok

22:49:52.0117 3580        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:49:52.0127 3580        Fs_Rec - ok

22:49:52.0167 3580        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:49:52.0187 3580        fvevol - ok

22:49:52.0207 3580        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:49:52.0217 3580        gagp30kx - ok

22:49:52.0227 3580        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:49:52.0247 3580        hcw85cir - ok

22:49:52.0327 3580        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:49:52.0357 3580        HdAudAddService - ok

22:49:52.0387 3580        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:49:52.0417 3580        HDAudBus - ok

22:49:52.0437 3580        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:49:52.0467 3580        HidBatt - ok

22:49:52.0477 3580        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:49:52.0507 3580        HidBth - ok

22:49:52.0527 3580        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:49:52.0557 3580        HidIr - ok

22:49:52.0597 3580        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

22:49:52.0627 3580        HidUsb - ok

22:49:52.0667 3580        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:49:52.0677 3580        HpSAMD - ok

22:49:52.0717 3580        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:49:52.0787 3580        HTTP - ok

22:49:52.0817 3580        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:49:52.0827 3580        hwpolicy - ok

22:49:52.0867 3580        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:49:52.0877 3580        i8042prt - ok

22:49:52.0917 3580        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:49:52.0937 3580        iaStorV - ok

22:49:52.0967 3580        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:49:52.0977 3580        iirsp - ok

22:49:53.0017 3580        IntcAzAudAddService - ok

22:49:53.0027 3580        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:49:53.0037 3580        intelide - ok

22:49:53.0077 3580        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:49:53.0097 3580        intelppm - ok

22:49:53.0137 3580        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:49:53.0197 3580        IpFilterDriver - ok

22:49:53.0247 3580        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:49:53.0257 3580        IPMIDRV - ok

22:49:53.0287 3580        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:49:53.0337 3580        IPNAT - ok

22:49:53.0357 3580        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:49:53.0387 3580        IRENUM - ok

22:49:53.0437 3580        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:49:53.0447 3580        isapnp - ok

22:49:53.0467 3580        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:49:53.0477 3580        iScsiPrt - ok

22:49:53.0497 3580        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

22:49:53.0507 3580        kbdclass - ok

22:49:53.0547 3580        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

22:49:53.0557 3580        kbdhid - ok

22:49:53.0577 3580        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

22:49:53.0597 3580        KSecDD - ok

22:49:53.0627 3580        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

22:49:53.0637 3580        KSecPkg - ok

22:49:53.0647 3580        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:49:53.0697 3580        ksthunk - ok

22:49:53.0737 3580        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:49:53.0777 3580        lltdio - ok

22:49:53.0837 3580        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:49:53.0847 3580        LSI_FC - ok

22:49:53.0867 3580        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:49:53.0877 3580        LSI_SAS - ok

22:49:53.0897 3580        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:49:53.0907 3580        LSI_SAS2 - ok

22:49:53.0917 3580        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:49:53.0937 3580        LSI_SCSI - ok

22:49:53.0967 3580        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:49:54.0017 3580        luafv - ok

22:49:54.0077 3580        LUMDriver       (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys

22:49:54.0087 3580        LUMDriver - ok

22:49:54.0137 3580        MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

22:49:54.0147 3580        MBAMProtector - ok

22:49:54.0197 3580        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:49:54.0207 3580        megasas - ok

22:49:54.0237 3580        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:49:54.0257 3580        MegaSR - ok

22:49:54.0287 3580        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

22:49:54.0297 3580        MEIx64 - ok

22:49:54.0307 3580        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:49:54.0367 3580        Modem - ok

22:49:54.0417 3580        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:49:54.0447 3580        monitor - ok

22:49:54.0487 3580        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

22:49:54.0507 3580        mouclass - ok

22:49:54.0517 3580        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:49:54.0537 3580        mouhid - ok

22:49:54.0577 3580        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:49:54.0587 3580        mountmgr - ok

22:49:54.0617 3580        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:49:54.0627 3580        mpio - ok

22:49:54.0667 3580        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:49:54.0717 3580        mpsdrv - ok

22:49:54.0747 3580        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:49:54.0767 3580        MRxDAV - ok

22:49:54.0797 3580        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:49:54.0837 3580        mrxsmb - ok

22:49:54.0867 3580        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:49:54.0897 3580        mrxsmb10 - ok

22:49:54.0917 3580        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:49:54.0927 3580        mrxsmb20 - ok

22:49:54.0947 3580        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:49:54.0957 3580        msahci - ok

22:49:55.0007 3580        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:49:55.0027 3580        msdsm - ok

22:49:55.0047 3580        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:49:55.0087 3580        Msfs - ok

22:49:55.0097 3580        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:49:55.0157 3580        mshidkmdf - ok

22:49:55.0197 3580        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:49:55.0207 3580        msisadrv - ok

22:49:55.0237 3580        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:49:55.0297 3580        MSKSSRV - ok

22:49:55.0317 3580        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:49:55.0357 3580        MSPCLOCK - ok

22:49:55.0377 3580        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:49:55.0427 3580        MSPQM - ok

22:49:55.0457 3580        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:49:55.0477 3580        MsRPC - ok

22:49:55.0497 3580        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:49:55.0507 3580        mssmbios - ok

22:49:55.0527 3580        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:49:55.0567 3580        MSTEE - ok

22:49:55.0587 3580        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:49:55.0647 3580        MTConfig - ok

22:49:55.0657 3580        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:49:55.0667 3580        Mup - ok

22:49:55.0707 3580        mv91xx          (4fad606c7aeb336e5aa4a005de09ca80) C:\Windows\system32\DRIVERS\mv91xx.sys

22:49:55.0727 3580        mv91xx - ok

22:49:55.0757 3580        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:49:55.0787 3580        NativeWifiP - ok

22:49:55.0837 3580        NCFilter        (a953d89c056882dd6cc556af51e2741e) C:\Windows\system32\DRIVERS\NCFilter.sys

22:49:55.0847 3580        NCFilter - ok

22:49:55.0917 3580        NCFSD           (19b1ad1363131a56f5e52c08c57dd1ef) C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys

22:49:55.0927 3580        NCFSD - ok

22:49:55.0967 3580        NCIOCTL         (d5f8e9e2e2ac9cef579975a15825d520) C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys

22:49:55.0967 3580        NCIOCTL - ok

22:49:55.0997 3580        NCRecognizer    (12ee3f0e9fcde8ec4853108ce131ede5) C:\Windows\system32\DRIVERS\NCRecognizer.sys

22:49:56.0007 3580        NCRecognizer - ok

22:49:56.0017 3580        NCUncFilter     (cb892cc25981c7e8b96666eb1ed01317) C:\Windows\system32\DRIVERS\NCUncFilter.sys

22:49:56.0027 3580        NCUncFilter - ok

22:49:56.0087 3580        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:49:56.0117 3580        NDIS - ok

22:49:56.0127 3580        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:49:56.0167 3580        NdisCap - ok

22:49:56.0197 3580        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:49:56.0257 3580        NdisTapi - ok

22:49:56.0287 3580        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:49:56.0337 3580        Ndisuio - ok

22:49:56.0377 3580        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:49:56.0427 3580        NdisWan - ok

22:49:56.0467 3580        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:49:56.0517 3580        NDProxy - ok

22:49:56.0557 3580        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:49:56.0607 3580        NetBIOS - ok

22:49:56.0647 3580        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:49:56.0687 3580        NetBT - ok

22:49:56.0747 3580        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:49:56.0757 3580        nfrd960 - ok

22:49:56.0837 3580        NICM            (fc6dadb97bd3b7a61d06f20d0d2e1bac) C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys

22:49:56.0837 3580        NICM - ok

22:49:56.0857 3580        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:49:56.0907 3580        Npfs - ok

22:49:56.0927 3580        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:49:56.0977 3580        nsiproxy - ok

22:49:57.0027 3580        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:49:57.0077 3580        Ntfs - ok

22:49:57.0097 3580        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:49:57.0137 3580        Null - ok

22:49:57.0207 3580        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:49:57.0217 3580        nvraid - ok

22:49:57.0227 3580        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:49:57.0247 3580        nvstor - ok

22:49:57.0277 3580        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:49:57.0287 3580        nv_agp - ok

22:49:57.0297 3580        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:49:57.0317 3580        ohci1394 - ok

22:49:57.0337 3580        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:49:57.0347 3580        Parport - ok

22:49:57.0387 3580        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:49:57.0397 3580        partmgr - ok

22:49:57.0427 3580        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:49:57.0437 3580        pci - ok

22:49:57.0447 3580        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:49:57.0457 3580        pciide - ok

22:49:57.0487 3580        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:49:57.0497 3580        pcmcia - ok

22:49:57.0517 3580        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:49:57.0527 3580        pcw - ok

22:49:57.0547 3580        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:49:57.0617 3580        PEAUTH - ok

22:49:57.0737 3580        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:49:57.0787 3580        PptpMiniport - ok

22:49:57.0787 3580        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:49:57.0807 3580        Processor - ok

22:49:57.0867 3580        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:49:57.0917 3580        Psched - ok

22:49:57.0977 3580        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:49:58.0017 3580        ql2300 - ok

22:49:58.0037 3580        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:49:58.0047 3580        ql40xx - ok

22:49:58.0067 3580        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:49:58.0097 3580        QWAVEdrv - ok

22:49:58.0127 3580        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:49:58.0177 3580        RasAcd - ok

22:49:58.0207 3580        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:49:58.0247 3580        RasAgileVpn - ok

22:49:58.0287 3580        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:49:58.0327 3580        Rasl2tp - ok

22:49:58.0357 3580        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:49:58.0407 3580        RasPppoe - ok

22:49:58.0417 3580        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:49:58.0467 3580        RasSstp - ok

22:49:58.0497 3580        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:49:58.0557 3580        rdbss - ok

22:49:58.0567 3580        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:49:58.0597 3580        rdpbus - ok

22:49:58.0617 3580        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:49:58.0667 3580        RDPCDD - ok

22:49:58.0707 3580        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

22:49:58.0727 3580        RDPDR - ok

22:49:58.0747 3580        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:49:58.0797 3580        RDPENCDD - ok

22:49:58.0827 3580        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:49:58.0867 3580        RDPREFMP - ok

22:49:58.0897 3580        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

22:49:58.0947 3580        RDPWD - ok

22:49:58.0977 3580        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:49:58.0997 3580        rdyboost - ok

22:49:59.0037 3580        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:49:59.0097 3580        rspndr - ok

22:49:59.0177 3580        RTCore64        (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys

22:49:59.0187 3580        RTCore64 - ok

22:49:59.0297 3580        RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:49:59.0307 3580        RTL8167 - ok

22:49:59.0427 3580        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

22:49:59.0447 3580        s3cap - ok

22:49:59.0517 3580        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:49:59.0527 3580        sbp2port - ok

22:49:59.0557 3580        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:49:59.0607 3580        scfilter - ok

22:49:59.0677 3580        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:49:59.0717 3580        secdrv - ok

22:49:59.0757 3580        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:49:59.0767 3580        Serenum - ok

22:49:59.0797 3580        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:49:59.0827 3580        Serial - ok

22:49:59.0867 3580        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:49:59.0897 3580        sermouse - ok

22:49:59.0927 3580        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:49:59.0947 3580        sffdisk - ok

22:49:59.0967 3580        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:49:59.0987 3580        sffp_mmc - ok

22:50:00.0007 3580        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:50:00.0037 3580        sffp_sd - ok

22:50:00.0057 3580        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:50:00.0087 3580        sfloppy - ok

22:50:00.0117 3580        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:50:00.0127 3580        SiSRaid2 - ok

22:50:00.0137 3580        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:50:00.0157 3580        SiSRaid4 - ok

22:50:00.0177 3580        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:50:00.0217 3580        Smb - ok

22:50:00.0257 3580        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:50:00.0267 3580        spldr - ok

22:50:00.0307 3580        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:50:00.0327 3580        srv - ok

22:50:00.0367 3580        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:50:00.0387 3580        srv2 - ok

22:50:00.0407 3580        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:50:00.0427 3580        srvnet - ok

22:50:00.0457 3580        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:50:00.0467 3580        stexstor - ok

22:50:00.0517 3580        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

22:50:00.0527 3580        storflt - ok

22:50:00.0547 3580        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

22:50:00.0557 3580        storvsc - ok

22:50:00.0567 3580        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:50:00.0577 3580        swenum - ok

22:50:00.0647 3580        Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

22:50:00.0707 3580        Tcpip - ok

22:50:00.0737 3580        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

22:50:00.0777 3580        TCPIP6 - ok

22:50:00.0817 3580        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:50:00.0877 3580        tcpipreg - ok

22:50:00.0897 3580        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:50:00.0947 3580        TDPIPE - ok

22:50:00.0957 3580        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:50:01.0017 3580        TDTCP - ok

22:50:01.0047 3580        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:50:01.0107 3580        tdx - ok

22:50:01.0127 3580        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:50:01.0137 3580        TermDD - ok

22:50:01.0177 3580        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:50:01.0237 3580        tssecsrv - ok

22:50:01.0267 3580        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:50:01.0297 3580        TsUsbFlt - ok

22:50:01.0337 3580        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:50:01.0377 3580        tunnel - ok

22:50:01.0397 3580        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:50:01.0407 3580        uagp35 - ok

22:50:01.0447 3580        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:50:01.0497 3580        udfs - ok

22:50:01.0537 3580        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:50:01.0547 3580        uliagpkx - ok

22:50:01.0577 3580        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

22:50:01.0587 3580        umbus - ok

22:50:01.0617 3580        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:50:01.0637 3580        UmPass - ok

22:50:01.0677 3580        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

22:50:01.0707 3580        usbaudio - ok

22:50:01.0737 3580        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:50:01.0747 3580        usbccgp - ok

22:50:01.0777 3580        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:50:01.0807 3580        usbcir - ok

22:50:01.0817 3580        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

22:50:01.0847 3580        usbehci - ok

22:50:01.0877 3580        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:50:01.0897 3580        usbhub - ok

22:50:01.0917 3580        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

22:50:01.0937 3580        usbohci - ok

22:50:01.0967 3580        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:50:01.0987 3580        usbprint - ok

22:50:02.0007 3580        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:50:02.0037 3580        usbscan - ok

22:50:02.0057 3580        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:50:02.0077 3580        USBSTOR - ok

22:50:02.0097 3580        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:50:02.0117 3580        usbuhci - ok

22:50:02.0157 3580        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys

22:50:02.0167 3580        VClone - ok

22:50:02.0197 3580        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:50:02.0207 3580        vdrvroot - ok

22:50:02.0237 3580        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:50:02.0257 3580        vga - ok

22:50:02.0277 3580        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:50:02.0327 3580        VgaSave - ok

22:50:02.0367 3580        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:50:02.0377 3580        vhdmp - ok

22:50:02.0407 3580        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:50:02.0417 3580        viaide - ok

22:50:02.0427 3580        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

22:50:02.0447 3580        vmbus - ok

22:50:02.0467 3580        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

22:50:02.0487 3580        VMBusHID - ok

22:50:02.0507 3580        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:50:02.0517 3580        volmgr - ok

22:50:02.0557 3580        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:50:02.0577 3580        volmgrx - ok

22:50:02.0597 3580        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:50:02.0607 3580        volsnap - ok

22:50:02.0647 3580        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:50:02.0657 3580        vsmraid - ok

22:50:02.0667 3580        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:50:02.0687 3580        vwifibus - ok

22:50:02.0717 3580        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:50:02.0737 3580        WacomPen - ok

22:50:02.0767 3580        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:50:02.0827 3580        WANARP - ok

22:50:02.0837 3580        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:50:02.0877 3580        Wanarpv6 - ok

22:50:02.0907 3580        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:50:02.0917 3580        Wd - ok

22:50:02.0947 3580        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:50:02.0967 3580        Wdf01000 - ok

22:50:02.0997 3580        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:50:03.0047 3580        WfpLwf - ok

22:50:03.0067 3580        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:50:03.0077 3580        WIMMount - ok

22:50:03.0117 3580        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

22:50:03.0147 3580        WinUsb - ok

22:50:03.0177 3580        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:50:03.0187 3580        WmiAcpi - ok

22:50:03.0207 3580        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:50:03.0257 3580        ws2ifsl - ok

22:50:03.0297 3580        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:50:03.0357 3580        WudfPf - ok

22:50:03.0387 3580        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:50:03.0437 3580        WUDFRd - ok

22:50:03.0477 3580        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:50:03.0537 3580        \Device\Harddisk0\DR0 - ok

22:50:03.0537 3580        MBR (0x1B8)     (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1

22:50:06.0207 3580        \Device\Harddisk1\DR1 - ok

22:50:06.0217 3580        MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR2

22:50:06.0317 3580        \Device\Harddisk2\DR2 - ok

22:50:06.0317 3580        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3

22:50:06.0427 3580        \Device\Harddisk3\DR3 - ok

22:50:06.0437 3580        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4

22:50:06.0537 3580        \Device\Harddisk4\DR4 - ok

22:50:06.0537 3580        Boot (0x1200)   (f6d814b12ff0343a34eab7690358567c) \Device\Harddisk0\DR0\Partition0

22:50:06.0537 3580        \Device\Harddisk0\DR0\Partition0 - ok

22:50:06.0557 3580        Boot (0x1200)   (df694b1d3a6453a6b71ddb433e634f4a) \Device\Harddisk0\DR0\Partition1

22:50:06.0567 3580        \Device\Harddisk0\DR0\Partition1 - ok

22:50:06.0577 3580        Boot (0x1200)   (c942f1953721ca673d5bbcd1164cbf1f) \Device\Harddisk0\DR0\Partition2

22:50:06.0577 3580        \Device\Harddisk0\DR0\Partition2 - ok

22:50:06.0597 3580        Boot (0x1200)   (89f37f4db68f90317a78136c12f3a286) \Device\Harddisk0\DR0\Partition3

22:50:06.0597 3580        \Device\Harddisk0\DR0\Partition3 - ok

22:50:06.0597 3580        Boot (0x1200)   (f776419df7963e7deb54a549cf3faf8c) \Device\Harddisk1\DR1\Partition0

22:50:06.0597 3580        \Device\Harddisk1\DR1\Partition0 - ok

22:50:06.0597 3580        Boot (0x1200)   (8b2c84d369f12c90e1d9094cde629c85) \Device\Harddisk2\DR2\Partition0

22:50:06.0607 3580        \Device\Harddisk2\DR2\Partition0 - ok

22:50:06.0607 3580        Boot (0x1200)   (0a80ed696ec9b1ba679e3e46009c7650) \Device\Harddisk3\DR3\Partition0

22:50:06.0607 3580        \Device\Harddisk3\DR3\Partition0 - ok

22:50:06.0607 3580        Boot (0x1200)   (9d94978883fe8cee01f98e1d4f9682a6) \Device\Harddisk4\DR4\Partition0

22:50:06.0607 3580        \Device\Harddisk4\DR4\Partition0 - ok

22:50:06.0617 3580        ============================================================

22:50:06.0617 3580        Scan finished

22:50:06.0617 3580        ============================================================

22:50:06.0627 2264        Detected object count: 0

22:50:06.0627 2264        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 11-11-02.03 - Michi 02.11.2011  23:17:39.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8175.5949 [GMT 1:00]

ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.txt

K:\Autorun.inf

K:\Setup.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-02 bis 2011-11-02  ))))))))))))))))))))))))))))))

.

.

2011-11-02 22:24 . 2011-11-02 22:24        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-11-02 21:04 . 2011-11-02 21:04        --------        d-----w-        C:\_OTL

2011-11-02 17:30 . 2011-11-02 17:30        --------        d-----w-        c:\program files (x86)\ESET

2011-11-01 20:33 . 2011-11-02 16:58        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-01 18:21 . 2011-11-01 18:21        --------        d-----w-        c:\windows\SysWow64\wbem\en-US

2011-11-01 18:21 . 2011-11-01 18:21        --------        d-----w-        c:\windows\system32\wbem\en-US

2011-11-01 12:44 . 2011-11-01 12:44        --------        d-----w-        c:\windows\SysWow64\novell

2011-11-01 12:44 . 2009-03-30 10:45        823296        ------w-        c:\windows\SysWow64\ccsw32.dll

2011-11-01 12:44 . 2001-09-05 03:18        77824        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-11-01 12:44 . 2001-09-05 03:18        225280        ------w-        c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2011-11-01 12:44 . 2001-09-05 03:14        176128        ------w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-11-01 12:44 . 2001-09-05 03:13        32768        ------w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-11-01 12:44 . 2008-06-12 07:34        614532        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2011-11-01 12:44 . 2011-11-01 12:44        --------        d-----w-        c:\programdata\Novell

2011-11-01 12:44 . 2011-11-01 12:44        --------        d-----w-        c:\windows\SysWow64\nls

2011-11-01 12:44 . 2011-11-01 12:44        --------        d-----w-        c:\windows\system32\nls

2011-11-01 12:44 . 2011-11-01 12:44        --------        d-----w-        c:\program files\Novell

2011-11-01 12:41 . 2011-11-01 12:44        --------        d-----w-        c:\program files (x86)\Novell

2011-10-28 01:01 . 2011-11-02 21:07        --------        d-----r-        c:\users\Michi\Dropbox

2011-10-28 00:57 . 2011-11-02 21:07        --------        d-----w-        c:\users\Michi\AppData\Roaming\Dropbox

2011-10-28 00:28 . 2011-10-28 01:07        --------        d-----w-        c:\programdata\Freemake

2011-10-28 00:28 . 2011-10-28 01:07        --------        d-----w-        c:\program files (x86)\Freemake

2011-10-28 00:08 . 2011-10-28 00:08        --------        d-----w-        c:\users\Michi\AppData\Local\3Dconnexion_Inc

2011-10-27 23:16 . 2011-10-27 23:16        --------        d-----w-        c:\users\Michi\AppData\Roaming\3Dconnexion

2011-10-27 23:04 . 2011-10-27 23:04        --------        d-----w-        c:\program files (x86)\3Dconnexion

2011-10-27 23:04 . 2011-10-27 23:04        --------        d-----w-        c:\program files\3Dconnexion

2011-10-27 23:03 . 2003-11-10 16:13        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2011-10-27 23:03 . 2003-11-10 16:12        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2011-10-27 23:03 . 2003-11-10 16:12        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2011-10-27 23:03 . 2003-11-10 16:11        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2011-10-27 23:03 . 2003-11-10 16:14        729088        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2011-10-27 23:03 . 2011-10-27 23:03        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2011-10-27 23:03 . 2011-10-27 23:03        188548        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

2011-10-25 18:15 . 2011-10-25 18:15        --------        d-----w-        c:\windows\system32\appmgmt

2011-10-24 11:44 . 2011-10-24 11:44        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-10-19 09:52 . 2011-10-19 09:52        --------        d-----w-        c:\users\Michi\AppData\Local\Apple

2011-10-19 09:52 . 2011-10-19 09:52        --------        d-----w-        c:\program files (x86)\Apple Software Update

2011-10-19 09:52 . 2011-10-19 09:52        --------        d-----w-        c:\programdata\Apple

2011-10-19 07:53 . 2011-10-19 07:53        --------        d-----w-        c:\users\Michi\AppData\Roaming\Malwarebytes

2011-10-19 07:53 . 2011-10-19 07:53        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-19 07:53 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-19 07:47 . 2011-10-19 07:47        --------        d-----w-        c:\users\Michi\AppData\Local\Diagnostics

2011-10-17 07:23 . 2011-10-17 07:23        --------        d-----w-        c:\users\Michi\AppData\Roaming\Avira

2011-10-17 07:23 . 2011-10-11 13:00        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-17 07:23 . 2011-10-11 13:00        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-17 07:23 . 2011-10-11 13:00        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-17 07:22 . 2011-10-17 07:22        --------        d-----w-        c:\programdata\Avira

2011-10-17 07:22 . 2011-10-17 07:22        --------        d-----w-        c:\program files (x86)\Avira

2011-10-12 02:52 . 2011-09-06 03:03        3138048        ----a-w-        c:\windows\system32\win32k.sys

2011-10-12 02:52 . 2011-08-17 05:26        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-12 02:52 . 2011-08-17 05:25        108032        ----a-w-        c:\windows\system32\psisrndr.ax

2011-10-12 02:52 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-10-12 02:52 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax

2011-10-12 02:51 . 2011-08-27 05:37        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-12 02:51 . 2011-08-27 05:37        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-12 02:51 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-10-12 02:51 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-02 15:04 . 2011-06-19 19:39        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-11-02 15:04 . 2011-06-19 17:32        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-10-22 15:11 . 2011-05-16 06:58        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-04-08 21:35        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-09-30 03:18 . 2011-09-30 03:18        916056        ----a-w-        c:\windows\SysWow64\ncnetprovider.dll

2011-09-30 03:18 . 2011-09-30 03:18        80472        ----a-w-        c:\windows\SysWow64\audwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        68184        ----a-w-        c:\windows\SysWow64\clxwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        662104        ----a-w-        c:\windows\SysWow64\ncloginui.dll

2011-09-30 03:18 . 2011-09-30 03:18        404056        ----a-w-        c:\windows\SysWow64\noveap.dll

2011-09-30 03:18 . 2011-09-30 03:18        26200        ----a-w-        c:\windows\SysWow64\loginw32.exe

2011-09-30 03:18 . 2011-09-30 03:18        240216        ----a-w-        c:\windows\SysWow64\nwshlxnt.dll

2011-09-30 03:18 . 2011-09-30 03:18        223832        ----a-w-        c:\windows\SysWow64\netwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        219736        ----a-w-        c:\windows\SysWow64\ncpwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        215640        ----a-w-        c:\windows\SysWow64\calwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        191064        ----a-w-        c:\windows\SysWow64\lgnwnt32.dll

2011-09-30 03:18 . 2011-09-30 03:18        166488        ----a-w-        c:\windows\SysWow64\mapbase.dll

2011-09-30 03:18 . 2011-09-30 03:18        150104        ----a-w-        c:\windows\SysWow64\locwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        113240        ----a-w-        c:\windows\SysWow64\nclangid.dll

2011-09-30 03:18 . 2011-09-30 03:18        109144        ----a-w-        c:\windows\SysWow64\spmnwcc.dll

2011-09-30 03:18 . 2011-09-30 03:18        100952        ----a-w-        c:\windows\SysWow64\clnwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        79448        ----a-w-        c:\windows\system32\audwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        789592        ----a-w-        c:\windows\system32\ncloginui.dll

2011-09-30 03:18 . 2011-09-30 03:18        63064        ----a-w-        c:\windows\system32\clxwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        505432        ----a-w-        c:\windows\system32\noveap.dll

2011-09-30 03:18 . 2011-09-30 03:18        49240        ----a-w-        c:\windows\system32\ncv1_0.dll

2011-09-30 03:18 . 2011-09-30 03:18        45656        ----a-w-        c:\windows\system32\nwtray.exe

2011-09-30 03:18 . 2011-09-30 03:18        354392        ----a-w-        c:\windows\system32\nccredprovider.dll

2011-09-30 03:18 . 2011-09-30 03:18        280664        ----a-w-        c:\windows\system32\nwshlxnt.dll

2011-09-30 03:18 . 2011-09-30 03:18        27736        ----a-w-        c:\windows\system32\loginw32.exe

2011-09-30 03:18 . 2011-09-30 03:18        273496        ----a-w-        c:\windows\system32\netwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        271448        ----a-w-        c:\windows\system32\calwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        269912        ----a-w-        c:\windows\system32\ncpwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        26200        ----a-w-        c:\windows\system32\drivers\ncuncfilter.sys

2011-09-30 03:18 . 2011-09-30 03:18        250968        ----a-w-        c:\windows\system32\lgnwnt32.dll

2011-09-30 03:18 . 2011-09-30 03:18        185432        ----a-w-        c:\windows\system32\locwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        183384        ----a-w-        c:\windows\system32\mapbase.dll

2011-09-30 03:18 . 2011-09-30 03:18        15448        ----a-w-        c:\windows\system32\nccredlogonext.dll

2011-09-30 03:18 . 2011-09-30 03:18        149080        ----a-w-        c:\windows\system32\spmnwcc.dll

2011-09-30 03:18 . 2011-09-30 03:18        125016        ----a-w-        c:\windows\system32\nclangid.dll

2011-09-30 03:18 . 2011-09-30 03:18        119384        ----a-w-        c:\windows\system32\drivers\ncrecognizer.sys

2011-09-30 03:18 . 2011-09-30 03:18        113240        ----a-w-        c:\windows\system32\drivers\ncfilter.sys

2011-09-30 03:18 . 2011-09-30 03:18        113240        ----a-w-        c:\windows\system32\clnwin32.dll

2011-09-30 03:18 . 2011-09-30 03:18        1041496        ----a-w-        c:\windows\system32\ncnetprovider.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-03-08 17037704]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]

"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2011-04-08 4942336]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [x]

S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [x]

S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]

S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2011-09-30 106072]

S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2011-09-30 89688]

S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2011-09-30 19544]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*Deregistered* - nciom

*Deregistered* - ncp

*Deregistered* - ncpl

*Deregistered* - niam

*Deregistered* - nipctl

*Deregistered* - nscm

*Deregistered* - nsns

*Deregistered* - nsvccost

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000Core.job

- c:\users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 12:20]

.

2011-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1629516076-36297864-3730078469-1000UA.job

- c:\users\Michi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-21 12:20]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Michi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NWTRAY"="NWTRAY.EXE" [2011-09-30 45656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = 

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\hzfg47j7.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe

AddRemove-eLamX - c:\windows\system32\javaws.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-1629516076-36297864-3730078469-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,ab,e3,fc,20,2d,2f,8d,08,b2,96,55,26,58,d0,0f,0a,77,ee,a3,80,

   e8,9d,c7,d8,bc,2d,67,03,a3,76,b1,de,49,d1,00,29,c1,0e,d3,b0,02,43,d7,37,11,\

"rkeysecu"=hex:58,ec,36,3a,b2,2f,bc,fc,b4,94,91,b1,38,58,8e,1e

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-11-02  23:30:54 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-11-02 22:30

.

Vor Suchlauf: 10 Verzeichnis(se), 26.403.168.256 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 25.881.075.712 Bytes frei

.

- - End Of File - - 648D57191388857E3E9081108255C4AA

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-11-04 14:08:00

-----------------------------

14:08:00.772    OS Version: Windows x64 6.1.7601 Service Pack 1

14:08:00.772    Number of processors: 4 586 0x2A07

14:08:00.773    ComputerName: MICHI-PC  UserName: Michi

14:08:01.322    Initialize success

14:10:06.198    AVAST engine defs: 11110400

14:11:04.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:11:04.315    Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3

14:11:04.333    Disk 0 MBR read successfully

14:11:04.336    Disk 0 MBR scan

14:11:04.341    Disk 0 Windows 7 default MBR code

14:11:04.344    Service scanning

14:11:07.417    Modules scanning

14:11:07.421    Disk 0 trace - called modules:

14:11:07.437    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

14:11:07.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082c1060]

14:11:07.445    3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> [0xfffffa8007b29e40]

14:11:07.449    5 ACPI.sys[fffff88000f597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b12060]

14:11:07.745    AVAST engine scan C:\Windows

14:11:11.440    AVAST engine scan C:\Windows\system32

14:12:53.611    AVAST engine scan C:\Windows\system32\drivers

14:13:02.024    AVAST engine scan C:\Users\Michi

14:24:00.873    AVAST engine scan C:\ProgramData

14:24:53.524    Scan finished successfully

14:25:24.196    Disk 0 MBR has been saved successfully to "C:\Users\Michi\Desktop\MBR.dat"

14:25:24.202    The log file has been saved successfully to "C:\Users\Michi\Desktop\aswMBR.txt"
 
 

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-11-04 14:26:15

-----------------------------

14:26:15.803    OS Version: Windows x64 6.1.7601 Service Pack 1

14:26:15.803    Number of processors: 4 586 0x2A07

14:26:15.804    ComputerName: MICHI-PC  UserName: Michi

14:26:16.520    Initialize success

14:26:21.262    AVAST engine defs: 11110400

14:26:27.965    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:26:27.967    Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 3

14:26:28.054    Disk 0 MBR read successfully

14:26:28.057    Disk 0 MBR scan

14:26:28.062    Disk 0 Windows 7 default MBR code

14:26:28.079    Service scanning

14:26:29.330    Modules scanning

14:26:29.334    Disk 0 trace - called modules:

14:26:29.368    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

14:26:29.372    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082c1060]

14:26:29.376    3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> [0xfffffa8007b29e40]

14:26:29.380    5 ACPI.sys[fffff88000f597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b12060]

14:26:30.100    AVAST engine scan C:\Windows

14:26:41.144    AVAST engine scan C:\Windows\system32

14:28:19.952    AVAST engine scan C:\Windows\system32\drivers

14:28:28.831    AVAST engine scan C:\Users\Michi

14:36:28.511    AVAST engine scan C:\ProgramData

14:37:11.363    Scan finished successfully

14:45:24.429    Disk 0 MBR has been saved successfully to "C:\Users\Michi\Desktop\MBR.dat"

14:45:24.434    The log file has been saved successfully to "C:\Users\Michi\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 11/11/2011 at 10:26 PM
 

Application Version : 5.0.1134
 

Core Rules Database Version : 7934

Trace Rules Database Version: 5746
 

Scan type       : Complete Scan

Total Scan Time : 00:02:01
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 715

Memory threats detected   : 0

Registry items scanned    : 71647

Registry threats detected : 0

File items scanned        : 7435

File threats detected     : 2
 

Adware.Tracking Cookie

        C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Cookies\YMIBEMWI.txt [ /doubleclick.net ]

        C:\USERS\MICHI\Cookies\YMIBEMWI.txt [ Cookie:michi@doubleclick.net/ ]

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8137
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

11.11.2011 08:11:36

mbam-log-2011-11-11 (08-11-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|I:\|K:\|)

Durchsuchte Objekte: 336655

Laufzeit: 42 Minute(n), 18 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

ESET lieft folgendes:

Code:

C:\_OTL\MovedFiles\11022011_220457\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application

C:\_OTL\MovedFiles\11022011_220457\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application

hab jetzt von einem Bekannten erfahren, dass wohl auch mein Mainboard ne Macke haben könnte. Habe nämlich noch immer das Problem, dass der PC nur hin und wieder startet. Darauf hin wurde mir angeraten, ich sollte doch mal das Laufwerk abstecken und schaun ob der PC von CD bootet - was er nicht tut.
Hast du evtl. einen Tipp?
Und vielen Dank für die tolle Unterstützung/Hilfe, meine Festplatten von dem Trojaner zu befreien. Ich kann dieses Forum nur weiter empfehlen!!! echt klasse

Ok, da wurden nur Cookies und isolierte Schädlinge (in der Q von OTL) gefunden, ist harmlos.

Zitat:

Es wird nur noch das Startbild meines Mainboards angezeigt, weiter passiert nichts.

Das Startbild mal wegdrücken und notieren was da genau ausgegeben wird bzw. wo der Rechner hängenbleibt.