Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Repair

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 21.07.2011, 21:45   #1
Demian Saez
 
System Repair - Standard

System Repair



Hi,
hab mir soeben das "System Repair" eingefangen.
Wie bekomme ich den nun wieder runter? Ich habe leider keinen Zugriff auf einen Brenner oder sowas, da der PC mit Brenner dummerweise infiziert ist.
Hat jemand einen Rat? Am Besten eine Anleitung.
Grüße,
Demian

Alt 21.07.2011, 22:03   #2
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair





Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte füge alle Logfiles in sog. Codeboxen ein. Das Symbol dafür findest du über dem Textfeld, es sieht in etwa so aus: #.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.



Bitte lies dir folgende Themen sorgfältig durch:
Erstelle anschließend die gewünschten Logfiles von Defogger, OTL und GMER. Ohne die entsprechenden Logfiles kann und wird dir hier niemand helfen.

Vielen Dank für dein Verständnis.
__________________

__________________

Alt 21.07.2011, 22:20   #3
Demian Saez
 
System Repair - Standard

System Repair



*habe eine Systemwiederherstellung zum Punkt vor 6 Tagen gemacht.

Ich habe das defogger ausgeführt, aber keine txt auf dem Desktop.

*Führe gerade die OTL aus.
__________________

Geändert von Demian Saez (21.07.2011 um 22:33 Uhr)

Alt 21.07.2011, 22:45   #4
Demian Saez
 
System Repair - Standard

System Repair



Der OTL- und der Extras log:


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.07.2011 23:22:46 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Demian\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,65 Gb Available Physical Memory | 83,18% Memory free
16,00 Gb Paging File | 14,50 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 46,66 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 14,82 Gb Free Space | 6,36% Space Free | Partition Type: NTFS
Drive E: | 186,30 Gb Total Space | 57,83 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
 
Computer Name: DEMIAN-PC | User Name: Demian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.21 23:12:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Demian\Downloads\OTL.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.21 23:12:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Demian\Downloads\OTL.exe
MOD - [2011.07.09 10:47:46 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\SetPoint\x86\lgscroll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.19 22:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.05.25 15:58:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.30 22:17:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.09.10 16:47:07 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.29 13:25:30 | 000,920,064 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 13:24:52 | 000,193,024 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.06 17:41:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2011.04.01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.07.27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 15:17:00 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.19 17:26:25 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.08.24 23:40:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.24 23:40:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.23 18:37:04 | 001,483,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.23 14:41:18 | 000,294,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2009.06.23 14:41:08 | 000,259,608 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2009.06.23 14:40:58 | 001,360,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2009.06.23 14:40:46 | 000,147,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009.06.23 14:40:22 | 000,290,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009.06.23 14:40:10 | 000,016,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009.06.23 14:40:00 | 000,221,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009.06.23 14:39:26 | 000,866,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009.06.23 14:39:10 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009.06.23 14:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2009.06.23 14:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2009.06.23 14:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2009.06.23 14:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2009.06.23 14:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2009.06.23 14:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2009.06.23 14:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2009.06.23 14:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008.09.26 10:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.13 17:45:20 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.02.13 17:45:06 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.02.13 17:44:56 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.02.13 17:44:42 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.02.13 17:44:28 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.02.13 17:43:54 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.02.13 17:43:44 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 0C 26 89 E3 9E CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.01 23:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.01 23:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.21 22:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.18 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.12.16 01:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2011.06.18 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Thunderbird\plugins [2011.06.19 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.06 21:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.19 14:14:59 | 000,000,000 | ---D | M]
 
[2010.01.12 14:39:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Extensions
[2010.01.12 14:39:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.22 00:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\moveplayer@movenetworks.com
[2011.07.22 00:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Sunbird\Profiles\1di5069d.default\extensions
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\Demian\AppData\Roaming\Mozilla\Sunbird\Profiles\1di5069d.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2011.05.17 00:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.05 19:54:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.06.21 22:08:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.01.05 19:54:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll
[2011.03.30 19:57:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.30 19:57:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.30 19:57:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.30 19:57:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.30 19:57:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.30 19:57:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Demian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TB.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Users\Demian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.99
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.06 12:50:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{34b3f444-d520-11de-a293-001fc68dc567}\Shell - "" = AutoRun
O33 - MountPoints2\{34b3f444-d520-11de-a293-001fc68dc567}\Shell\AutoRun\command - "" = G:\Autoplay.exe -auto
O33 - MountPoints2\{d5ea175e-904b-11e0-acb5-001fc68dc567}\Shell - "" = AutoRun
O33 - MountPoints2\{d5ea175e-904b-11e0-acb5-001fc68dc567}\Shell\AutoRun\command - "" = G:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DDAFD8DF-8522-4C96-F473-61B5DD9FAFB7} - Java (Sun)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Demian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Demian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Demian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sk.lnk - C:\PROGRA~2\Skype\Phone\Skype.exe - (Skype Technologies S.A.)
MsConfig:64bit - StartUpFolder: C:^Users^Demian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^sunbird.exe - Verknüpfung.lnk - C:\PROGRA~2\MOZILL~2\sunbird.exe - (Mozilla)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ATICustomerCare - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: Bluetooth Connection Assistant - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: boincmgr - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: boinctray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DeeEnEs - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DevconDefaultDB - hkey= - key= - C:\Windows\SysNative\readreg.exe (Creative Technology Limited)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EVEMon - hkey= - key= - C:\Program Files (x86)\EVEMon\EVEMon.exe (EVEMon Development Team)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LogitechSoftwareUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechVideoRepair - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogitechVideoTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSSE - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Personal ID - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SPIRunE - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.10 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.06.30 09:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.06.30 09:54:21 | 000,000,000 | ---D | C] -- C:\ATI
[2009.06.23 12:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.06.23 12:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.21 23:24:18 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.21 23:24:18 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.21 23:17:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.21 23:16:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.21 23:16:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.07.21 23:16:38 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.21 23:15:10 | 000,000,020 | ---- | M] () -- C:\Users\Demian\defogger_reenable
[2011.07.21 22:07:14 | 000,000,232 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.07.21 22:07:14 | 000,000,184 | ---- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.07.21 22:07:08 | 000,000,336 | ---- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.19 19:32:46 | 006,744,072 | -H-- | M] () -- C:\Users\Demian\Desktop\LaserÜbung.zip
[2011.07.15 11:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.14 10:39:05 | 082,274,152 | -H-- | M] () -- C:\Users\Demian\Desktop\ISK_3.0_Lite_Incursion.pdf
[2011.07.14 10:18:33 | 000,308,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.11 00:11:55 | 000,016,620 | -H-- | M] () -- C:\Users\Demian\Desktop\Noten.ods
[2011.07.09 11:10:00 | 001,821,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.09 11:10:00 | 000,763,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.09 11:10:00 | 000,718,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.09 11:10:00 | 000,173,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.09 11:10:00 | 000,146,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.02 21:39:23 | 025,402,635 | ---- | M] () -- C:\Users\Demian\ownloads
[2011.07.02 21:23:43 | 000,013,149 | ---- | M] () -- C:\Demian
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.21 23:15:09 | 000,000,020 | ---- | C] () -- C:\Users\Demian\defogger_reenable
[2011.07.21 22:07:14 | 000,000,232 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.07.21 22:07:14 | 000,000,184 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.07.21 22:07:08 | 000,000,336 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.07.19 19:32:42 | 006,744,072 | -H-- | C] () -- C:\Users\Demian\Desktop\LaserÜbung.zip
[2011.07.14 10:36:30 | 082,274,152 | -H-- | C] () -- C:\Users\Demian\Desktop\ISK_3.0_Lite_Incursion.pdf
[2011.07.11 00:11:53 | 000,016,620 | -H-- | C] () -- C:\Users\Demian\Desktop\Noten.ods
[2011.07.02 21:34:11 | 025,402,635 | ---- | C] () -- C:\Users\Demian\ownloads
[2011.07.02 21:23:43 | 000,013,149 | ---- | C] () -- C:\Demian
[2011.05.16 20:58:35 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.05.05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.20 03:47:42 | 001,575,984 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.06 16:47:46 | 000,113,020 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.20 18:51:06 | 000,000,272 | ---- | C] () -- C:\Windows\_delis32.ini
[2010.01.14 18:35:19 | 000,007,608 | -H-- | C] () -- C:\Users\Demian\AppData\Local\Resmon.ResmonCfg
[2009.12.17 18:54:06 | 000,002,528 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\$_hpcst$.hpc
[2009.11.17 13:13:22 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.17 13:13:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.17 02:27:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.28 09:51:14 | 000,000,760 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\setup_ldm.iss
[2009.09.16 19:49:26 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.08.26 06:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.23 13:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.23 13:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.23 12:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009.06.23 12:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2009.06.23 12:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.06.23 12:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.06.23 12:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.06.23 11:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2009.06.23 11:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.22 16:02:57 | 000,000,612 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\AutoGK.ini
[2009.03.06 20:34:55 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.06 17:11:31 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.01.25 23:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.14 03:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009.01.14 03:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009.01.14 03:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009.01.09 01:01:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.17 21:40:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.13 01:21:13 | 000,000,031 | ---- | C] () -- C:\Windows\CTWave32.ini
[2008.12.13 01:01:28 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2008.12.02 20:29:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2008.12.02 19:10:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.12.02 18:44:05 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2008.12.02 18:28:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.10.29 03:41:09 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2007.08.13 21:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2006.10.02 18:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\KILL.INI
 
========== LOP Check ==========
 
[2011.07.22 00:05:45 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\.purple
[2011.07.22 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\Azureus
[2010.07.13 12:41:54 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\BPFTP
[2011.07.22 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\DAEMON Tools
[2009.11.19 17:30:42 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\DAEMON Tools Lite
[2011.01.05 16:27:04 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Desktopicon
[2010.01.28 10:03:11 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Dropbox
[2011.07.22 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\DWA-547A1E
[2011.07.10 22:49:09 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\EVEMon
[2011.07.22 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\gtk-2.0
[2011.07.22 00:05:46 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\Kalypso Media
[2010.06.14 22:27:15 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Leadertech
[2010.02.02 12:20:53 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\LockHunter
[2009.11.17 02:50:07 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Locktime
[2010.09.01 10:55:35 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\ManyCam
[2009.11.17 02:50:27 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\My Games
[2011.07.22 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\OpenOffice.org
[2009.12.14 14:45:21 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\PC Suite
[2010.10.09 12:22:26 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Petroglyph
[2010.01.04 13:57:39 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Samsung
[2009.11.17 02:50:29 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Sierra Entertainment
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\Soldat
[2009.11.17 02:50:34 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\The Creative Assembly
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\Thunderbird
[2011.07.22 00:02:56 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\Trillian
[2011.07.22 00:05:50 | 000,000,000 | ---D | M] -- C:\Users\Demian\AppData\Roaming\TS3Client
[2009.11.17 02:50:40 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Unigraphics Solutions
[2010.11.18 13:02:31 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\Utherverse
[2010.09.28 21:24:27 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\W
[2011.01.12 12:32:13 | 000,000,000 | -H-D | M] -- C:\Users\Demian\AppData\Roaming\wargaming.net
[2011.06.16 13:49:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.07.14 07:09:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.11.17 03:03:47 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q
[2008.07.19 14:27:28 | 000,000,000 | -H-D | M] -- C:\ASUS.000
[2008.07.19 14:27:24 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2011.06.30 09:54:21 | 000,000,000 | ---D | M] -- C:\ATI
[2011.02.23 11:23:05 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.07.11 08:34:44 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.08.22 11:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.05.16 23:59:23 | 000,000,000 | ---D | M] -- C:\Games
[2011.07.22 00:05:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.22 00:01:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.07.22 00:02:15 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.12.01 23:36:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.08.20 21:22:03 | 000,000,000 | R--D | M] -- C:\Programme.old
[2009.11.17 07:57:45 | 000,000,000 | -HSD | M] -- C:\Recovery
[2008.12.01 21:32:34 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.07.22 00:02:15 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.07.21 23:24:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.04 22:32:02 | 000,000,000 | ---D | M] -- C:\temp
[2010.04.12 18:07:08 | 000,000,000 | ---D | M] -- C:\Users
[2011.07.22 00:05:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
--- --- ---


[/QUOTE]





OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.07.2011 23:22:46 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Demian\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,65 Gb Available Physical Memory | 83,18% Memory free
16,00 Gb Paging File | 14,50 Gb Available in Paging File | 90,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 46,66 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 14,82 Gb Free Space | 6,36% Space Free | Partition Type: NTFS
Drive E: | 186,30 Gb Total Space | 57,83 Gb Free Space | 31,04% Space Free | Partition Type: NTFS
 
Computer Name: DEMIAN-PC | User Name: Demian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ABF311C-6AA8-B234-196A-6DEE5A43E34A}" = ccc-utility64
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9F54AEBA-5A74-470E-B6F8-C9E828FF0488}" = Microsoft SQL Server 2008 Native Client
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A5957447-7367-4BC5-BE6E-D8CA8F386B48}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AD569236-7D43-BB31-BC99-E51E2DD85328}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F757A09E-71FB-B75D-20B1-B3E27CD8DEA1}" = WMV9/VC-1 Video Playback
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3CA5E31B-3294-4352-A7D7-A156763779E9}" = NavyFIELD Europa
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6201BACA-81B5-8AB0-3B93-0F76BB6F4389}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{720E93BE-744E-225B-786F-227C2677352F}" = Catalyst Control Center Graphics Previews Common
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}" = DWA-547
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E975F19C-C852-5DF8-BC76-E88359CB82DF}" = AMD VISION Engine Control Center
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtomSync" = AtomSync
"AudioCS" = Creative Audio-Systemsteuerung
"Blitzkrieg" = Blitzkrieg Mod
"Company of Heroes" = Company of Heroes
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Hamachi" = Hamachi 1.0.1.5
"Host OpenAL" = Host OpenAL
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Maple 12" = Maple 12
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"OpenAL" = OpenAL
"QtiPlot_is1" = QtiPlot 0.8.9
"Steam App 21970" = R.U.S.E
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


[/QUOTE]

Alt 22.07.2011, 08:13   #5
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair



Hallo Demian Saez,



Zitat:
Zitat von Demian Saez Beitrag anzeigen
*habe eine Systemwiederherstellung zum Punkt vor 6 Tagen gemacht.
Aus welchem Grund?


Zitat:
Zitat von Demian Saez Beitrag anzeigen
Ich habe das defogger ausgeführt, aber keine txt auf dem Desktop.
Der entsprechende Treiber ist allerdings deaktiviert worden. Eventuell befindet sich das Logfile auf dem Desktop eines anderen Benutzers (Administrator).

Ich sehe kein Anti-Virus Programm auf deinem Rechner. Daher gehts für dich so weiter:




Schritt # 1: Fehlende Anti-Viren Software
Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund.
Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.



Schritt # 2: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • eine Rückmeldung für welches AV-Programm du dich entschieden hast und
  • das Logfile von aswMBR.


Alt 22.07.2011, 09:29   #6
Demian Saez
 
System Repair - Standard

System Repair



Guten Morgen,

danke für deine Antwort!

Warum ich kein AV-Programm habe, wird jeden von euch zur Decke gehen
lassen. Darum erwähne ich meine Gründe besser nicht

Die Systemwiederherstellung habe ich gemacht, da ich nichts mehr Zugriff
hatte. Keinen Desktop, kein Internet, keine Systemprogramme, nichts. Bis
auf Eve-Online konnte ich auf nichts zugreifen o.0

Nach der Sys-Wiederherstellung ging alles wieder. Allerdings ist der Virus ja
nicht weg dadurch. Darum lud ich mir gleich die Programme runter, die hier
erwähnt wurden.

MS Security Essentials habe ich nun runtergeladen und installiert. Es hat auch
gleich den Trojaner "DOS/Alureon.C" gefunden.
aswMBR scannt im Moment noch.

Zitat:
aswMBR version 0.9.8.945 Copyright(c) 2011 AVAST Software
Run date: 2011-07-22 10:19:17
-----------------------------
10:19:17.579 OS Version: Windows x64 6.1.7601 Service Pack 1
10:19:17.580 Number of processors: 4 586 0x203
10:19:17.581 ComputerName: DEMIAN-PC UserName: Demian
10:19:20.317 Initialize success
10:19:25.056 AVAST engine defs: 11072200
10:19:34.035 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
10:19:34.037 Disk 0 Vendor: WDC_WD3200KS-00PFB0 21.00M21 Size: 305245MB BusType: 3
10:19:34.040 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
10:19:34.042 Disk 1 Vendor: WDC_WD2500JS-55NCB1 10.02E01 Size: 238475MB BusType: 3
10:19:34.045 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-6
10:19:34.047 Disk 2 Vendor: WDC_WD2000JS-00MHB0 02.01C03 Size: 190782MB BusType: 3
10:19:34.052 Disk 0 MBR read successfully
10:19:34.055 Disk 0 MBR scan
10:19:34.060 Disk 0 TDL4@MBR code has been found
10:19:34.064 Disk 0 Windows 7 default MBR code found via API
10:19:34.067 Disk 0 MBR hidden
10:19:34.071 Disk 0 MBR [TDL4] **ROOTKIT**
10:19:34.076 Disk 0 trace - called modules:
10:19:34.082 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007576254]<<
10:19:34.086 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007554060]
10:19:34.091 3 CLASSPNP.SYS[fffff8800195f43f] -> nt!IofCallDriver -> [0xfffffa80070ed580]
10:19:34.096 5 ACPI.sys[fffff88000e267a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80070ee680]
10:19:34.101 \Driver\atapi[0xfffffa80070b43f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007576254
10:19:35.913 AVAST engine scan C:\Windows
10:19:40.735 AVAST engine scan C:\Windows\system32
10:23:35.149 AVAST engine scan C:\Windows\system32\drivers
10:23:54.146 AVAST engine scan C:\Users\Demian
10:27:36.665 Disk 0 MBR has been saved successfully to "C:\Users\Demian\Desktop\MBR.dat"
10:27:36.670 The log file has been saved successfully to "C:\Users\Demian\Desktop\aswMBR.txt"


Alt 22.07.2011, 09:41   #7
Demian Saez
 
System Repair - Standard

System Repair



Jetzt hab ich grad gemerkt, dass das MSSE die zwei Trojanerwarnungen bearbeitet und entfernt hat. Von alleine, ich hab das nicht bejat. Ich hoffe das
ist nicht sonderlich schlimm, weil es ja heißt, man soll nicht irgnedwas machen
ohne von euch aufgefordert zu werden.

Alt 22.07.2011, 09:44   #8
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair



Hallo Demian Saez,



Zitat:
Zitat von Demian Saez Beitrag anzeigen
Warum ich kein AV-Programm habe, wird jeden von euch zur Decke gehen
lassen. Darum erwähne ich meine Gründe besser nicht
Nein, ich rege mich deswegen nicht auf und gehe auch nicht auf die Decke.
Mich interessieren vielmehr die Gründe, warum kein AV-Programm installiert ist. Bitte berichte, warum kein solches Programm installiert war?


Zitat:
Zitat von Demian Saez Beitrag anzeigen
MS Security Essentials habe ich nun runtergeladen und installiert. Es hat auch
gleich den Trojaner "DOS/Alureon.C" gefunden.
aswMBR scannt im Moment noch.
Du hast ein Rootkit im Master Boot Sektor. Auf ins Gefecht:





Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.




Schritt # 2: ComboFix ausführen
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des TDSS Killers und
  • das Logfile von ComboFix.

Alt 22.07.2011, 09:59   #9
Demian Saez
 
System Repair - Standard

System Repair



Hi

Anbei das TDSS-KILLER-Log:

Zitat:
2011/07/22 10:53:45.0458 1632 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 10:53:45.0458 1632 ================================================================================
2011/07/22 10:53:45.0458 1632 SystemInfo:
2011/07/22 10:53:45.0458 1632
2011/07/22 10:53:45.0458 1632 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/22 10:53:45.0458 1632 Product type: Workstation
2011/07/22 10:53:45.0458 1632 ComputerName: DEMIAN-PC
2011/07/22 10:53:45.0458 1632 UserName: Demian
2011/07/22 10:53:45.0458 1632 Windows directory: C:\Windows
2011/07/22 10:53:45.0458 1632 System windows directory: C:\Windows
2011/07/22 10:53:45.0458 1632 Running under WOW64
2011/07/22 10:53:45.0458 1632 Processor architecture: Intel x64
2011/07/22 10:53:45.0458 1632 Number of processors: 4
2011/07/22 10:53:45.0458 1632 Page size: 0x1000
2011/07/22 10:53:45.0458 1632 Boot type: Normal boot
2011/07/22 10:53:45.0458 1632 ================================================================================
2011/07/22 10:53:57.0922 1632 Initialize success
2011/07/22 10:54:05.0270 1672 ================================================================================
2011/07/22 10:54:05.0270 1672 Scan started
2011/07/22 10:54:05.0270 1672 Mode: Manual;
2011/07/22 10:54:05.0270 1672 ================================================================================
2011/07/22 10:54:06.0066 1672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/07/22 10:54:06.0144 1672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/07/22 10:54:06.0206 1672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/07/22 10:54:06.0268 1672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/22 10:54:06.0315 1672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/22 10:54:06.0362 1672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/22 10:54:06.0440 1672 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/07/22 10:54:06.0487 1672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/07/22 10:54:06.0518 1672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/07/22 10:54:06.0580 1672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/07/22 10:54:06.0612 1672 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/07/22 10:54:06.0643 1672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/22 10:54:06.0892 1672 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/22 10:54:07.0126 1672 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/07/22 10:54:07.0173 1672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/22 10:54:07.0204 1672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/07/22 10:54:07.0267 1672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/22 10:54:07.0282 1672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/07/22 10:54:07.0345 1672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/07/22 10:54:07.0423 1672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/22 10:54:07.0454 1672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/22 10:54:07.0532 1672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/22 10:54:07.0563 1672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/07/22 10:54:07.0626 1672 athr (a1d6190f53a00405d1fecad3995011fd) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/22 10:54:07.0735 1672 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/07/22 10:54:07.0782 1672 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
2011/07/22 10:54:08.0016 1672 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/22 10:54:08.0109 1672 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/22 10:54:08.0187 1672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/22 10:54:08.0265 1672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/22 10:54:08.0328 1672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/22 10:54:08.0374 1672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/22 10:54:08.0452 1672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/22 10:54:08.0484 1672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/22 10:54:08.0499 1672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/22 10:54:08.0530 1672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/22 10:54:08.0562 1672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/22 10:54:08.0593 1672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/22 10:54:08.0608 1672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/22 10:54:08.0671 1672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/07/22 10:54:08.0733 1672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/22 10:54:08.0764 1672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/22 10:54:08.0827 1672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/07/22 10:54:08.0874 1672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/07/22 10:54:08.0905 1672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/22 10:54:08.0952 1672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/22 10:54:08.0998 1672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/22 10:54:09.0061 1672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/22 10:54:09.0123 1672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/22 10:54:09.0154 1672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/07/22 10:54:09.0248 1672 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/07/22 10:54:09.0326 1672 COMMONFX (463be8e74657c88232d8294e35b57a14) C:\Windows\system32\drivers\COMMONFX.SYS
2011/07/22 10:54:09.0420 1672 COMMONFX.SYS (463be8e74657c88232d8294e35b57a14) C:\Windows\System32\drivers\COMMONFX.SYS
2011/07/22 10:54:09.0451 1672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/22 10:54:09.0498 1672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/22 10:54:09.0529 1672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/22 10:54:09.0622 1672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/07/22 10:54:09.0685 1672 CT20XUT.DLL (44417cdf82b9ce83c947b922a23bd44b) C:\Windows\system32\CT20XUT.DLL
2011/07/22 10:54:09.0732 1672 ctac32k (4a5026d454ed8a356f08fc3949884fff) C:\Windows\system32\drivers\ctac32k.sys
2011/07/22 10:54:09.0794 1672 ctaud2k (b5a2cd7a52d25f3fb7cd43ecbe8eda2b) C:\Windows\system32\drivers\ctaud2k.sys
2011/07/22 10:54:09.0872 1672 CTAUDFX (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\system32\drivers\CTAUDFX.SYS
2011/07/22 10:54:09.0950 1672 CTAUDFX.SYS (75e6d64b37a20b08fd9edf8fcac779b6) C:\Windows\System32\drivers\CTAUDFX.SYS
2011/07/22 10:54:10.0012 1672 CTEAPSFX.DLL (1df7c82bb24ec7e69c2b82852c802cd7) C:\Windows\system32\CTEAPSFX.DLL
2011/07/22 10:54:10.0044 1672 CTEDSPFX.DLL (f6c2ca02c5c608c56f0d67acc73c875c) C:\Windows\system32\CTEDSPFX.DLL
2011/07/22 10:54:10.0106 1672 CTEDSPIO.DLL (009a4ef4cd1fbdb2c785dff1f9fb4294) C:\Windows\system32\CTEDSPIO.DLL
2011/07/22 10:54:10.0122 1672 CTEDSPSY.DLL (7c0a65d1cd442ab7eb909037b1fa5b37) C:\Windows\system32\CTEDSPSY.DLL
2011/07/22 10:54:10.0168 1672 CTERFXFX (434b481f93149716e2149ba3ba2c7a13) C:\Windows\system32\drivers\CTERFXFX.SYS
2011/07/22 10:54:10.0231 1672 CTERFXFX.SYS (434b481f93149716e2149ba3ba2c7a13) C:\Windows\System32\drivers\CTERFXFX.SYS
2011/07/22 10:54:10.0278 1672 CTEXFIFX.DLL (2268598627ad53313f544151a86d6e21) C:\Windows\system32\CTEXFIFX.DLL
2011/07/22 10:54:10.0340 1672 CTHWIUT.DLL (d7080be7fb0351f8a5d589197da084f9) C:\Windows\system32\CTHWIUT.DLL
2011/07/22 10:54:10.0371 1672 ctprxy2k (8ad1bcc81ef6ada2972d9305eaf35730) C:\Windows\system32\drivers\ctprxy2k.sys
2011/07/22 10:54:10.0418 1672 CTSBLFX (94f78bd6660447b404227f11cd4ab443) C:\Windows\system32\drivers\CTSBLFX.SYS
2011/07/22 10:54:10.0496 1672 CTSBLFX.SYS (94f78bd6660447b404227f11cd4ab443) C:\Windows\System32\drivers\CTSBLFX.SYS
2011/07/22 10:54:10.0527 1672 ctsfm2k (e09eafb16c02cecaaac8bc806f9cec51) C:\Windows\system32\drivers\ctsfm2k.sys
2011/07/22 10:54:10.0605 1672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/07/22 10:54:10.0652 1672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/22 10:54:10.0699 1672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/22 10:54:10.0761 1672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/22 10:54:10.0808 1672 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/07/22 10:54:10.0870 1672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/22 10:54:10.0995 1672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/22 10:54:11.0120 1672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/22 10:54:11.0167 1672 emupia (84f11bf126dba1131c1f8fd87fab8330) C:\Windows\system32\drivers\emupia2k.sys
2011/07/22 10:54:11.0198 1672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/07/22 10:54:11.0245 1672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/22 10:54:11.0292 1672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/22 10:54:11.0323 1672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/22 10:54:11.0385 1672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/22 10:54:11.0401 1672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/22 10:54:11.0448 1672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/22 10:54:11.0494 1672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/07/22 10:54:11.0557 1672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/22 10:54:11.0572 1672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/22 10:54:11.0650 1672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/22 10:54:11.0682 1672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/22 10:54:11.0728 1672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/07/22 10:54:11.0806 1672 ha10kx2k (19c51da5d42de5b01a1d5a0ef926f6b4) C:\Windows\system32\drivers\ha10kx2k.sys
2011/07/22 10:54:11.0884 1672 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/22 10:54:11.0916 1672 hap16v2k (5a256ddd5bac643d98c638e41b16c0f0) C:\Windows\system32\drivers\hap16v2k.sys
2011/07/22 10:54:11.0947 1672 hap17v2k (7ab7f3d844af3b911ec655cd1931f4ac) C:\Windows\system32\drivers\hap17v2k.sys
2011/07/22 10:54:11.0994 1672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/22 10:54:12.0025 1672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/22 10:54:12.0056 1672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/22 10:54:12.0103 1672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/22 10:54:12.0134 1672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/22 10:54:12.0181 1672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/07/22 10:54:12.0228 1672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/22 10:54:12.0290 1672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/07/22 10:54:12.0368 1672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/22 10:54:12.0415 1672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/07/22 10:54:12.0477 1672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/07/22 10:54:12.0524 1672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/22 10:54:12.0555 1672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/07/22 10:54:12.0602 1672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/22 10:54:12.0664 1672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/22 10:54:12.0711 1672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/22 10:54:12.0727 1672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/22 10:54:12.0805 1672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/22 10:54:12.0820 1672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/07/22 10:54:12.0852 1672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/07/22 10:54:12.0914 1672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/07/22 10:54:12.0945 1672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/07/22 10:54:12.0992 1672 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/22 10:54:13.0039 1672 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/22 10:54:13.0086 1672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/22 10:54:13.0132 1672 L8042Kbd (3fb80db5ec01b6153572d27438fbea20) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/07/22 10:54:13.0195 1672 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/07/22 10:54:13.0242 1672 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/22 10:54:13.0257 1672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/22 10:54:13.0288 1672 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/07/22 10:54:13.0351 1672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/22 10:54:13.0382 1672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/22 10:54:13.0413 1672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/22 10:54:13.0444 1672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/22 10:54:13.0491 1672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/22 10:54:13.0538 1672 lvpopf64 (c586cc39820b6e7fe3657fed8329d300) C:\Windows\system32\DRIVERS\lvpopf64.sys
2011/07/22 10:54:13.0600 1672 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/07/22 10:54:13.0616 1672 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/07/22 10:54:13.0663 1672 LVRS64 (ef586b959f747e74c76603ff16ae417b) C:\Windows\system32\DRIVERS\lvrs64.sys
2011/07/22 10:54:13.0788 1672 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\Windows\system32\DRIVERS\lvuvc64.sys
2011/07/22 10:54:13.0897 1672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/22 10:54:13.0944 1672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/22 10:54:13.0959 1672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/22 10:54:14.0006 1672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/22 10:54:14.0053 1672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/07/22 10:54:14.0115 1672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/22 10:54:14.0162 1672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/07/22 10:54:14.0240 1672 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/07/22 10:54:14.0287 1672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/07/22 10:54:14.0318 1672 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/07/22 10:54:14.0349 1672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/22 10:54:14.0412 1672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/07/22 10:54:14.0474 1672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/22 10:54:14.0505 1672 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/22 10:54:14.0536 1672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/22 10:54:14.0552 1672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/07/22 10:54:14.0583 1672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/07/22 10:54:14.0630 1672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/22 10:54:14.0646 1672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/22 10:54:14.0677 1672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/07/22 10:54:14.0724 1672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/22 10:54:14.0755 1672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/22 10:54:14.0770 1672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/22 10:54:14.0817 1672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/07/22 10:54:14.0864 1672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/07/22 10:54:14.0895 1672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/22 10:54:14.0926 1672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/22 10:54:14.0989 1672 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/22 10:54:15.0004 1672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/22 10:54:15.0051 1672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/22 10:54:15.0145 1672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/07/22 10:54:15.0207 1672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/22 10:54:15.0254 1672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/22 10:54:15.0332 1672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/22 10:54:15.0379 1672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/22 10:54:15.0441 1672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/07/22 10:54:15.0472 1672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/22 10:54:15.0519 1672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/22 10:54:15.0613 1672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/22 10:54:15.0675 1672 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/22 10:54:15.0722 1672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/22 10:54:15.0753 1672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/22 10:54:15.0847 1672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/07/22 10:54:15.0894 1672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/22 10:54:15.0940 1672 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/07/22 10:54:16.0268 1672 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/22 10:54:16.0564 1672 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/07/22 10:54:16.0627 1672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/07/22 10:54:16.0674 1672 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/07/22 10:54:16.0720 1672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/07/22 10:54:16.0783 1672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/07/22 10:54:16.0830 1672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/07/22 10:54:16.0861 1672 ossrv (979736e1b96c02ac4bc6bea3f7db7f89) C:\Windows\system32\drivers\ctoss2k.sys
2011/07/22 10:54:16.0923 1672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/22 10:54:16.0970 1672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/07/22 10:54:17.0032 1672 pccsmcfd (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/07/22 10:54:17.0064 1672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/07/22 10:54:17.0095 1672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/07/22 10:54:17.0126 1672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/22 10:54:17.0157 1672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/22 10:54:17.0188 1672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/22 10:54:17.0344 1672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/22 10:54:17.0360 1672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/22 10:54:17.0438 1672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/22 10:54:17.0500 1672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/22 10:54:17.0532 1672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/22 10:54:17.0547 1672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/22 10:54:17.0610 1672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/22 10:54:17.0656 1672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/22 10:54:17.0688 1672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/22 10:54:17.0719 1672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/22 10:54:17.0766 1672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/22 10:54:17.0781 1672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/22 10:54:17.0812 1672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/22 10:54:17.0859 1672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/07/22 10:54:17.0906 1672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/22 10:54:17.0953 1672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/22 10:54:18.0000 1672 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/07/22 10:54:18.0062 1672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/07/22 10:54:18.0124 1672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/22 10:54:18.0187 1672 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/07/22 10:54:18.0249 1672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/07/22 10:54:18.0296 1672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/22 10:54:18.0343 1672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/22 10:54:18.0405 1672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/22 10:54:18.0468 1672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/22 10:54:18.0499 1672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/22 10:54:18.0530 1672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/22 10:54:18.0592 1672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/07/22 10:54:18.0624 1672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/22 10:54:18.0655 1672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/22 10:54:18.0670 1672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/22 10:54:18.0702 1672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/22 10:54:18.0733 1672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/22 10:54:18.0780 1672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/22 10:54:18.0811 1672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/22 10:54:18.0889 1672 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/07/22 10:54:18.0982 1672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/07/22 10:54:19.0060 1672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/22 10:54:19.0107 1672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/22 10:54:19.0170 1672 sscdbus (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/07/22 10:54:19.0216 1672 sscdmdfl (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/07/22 10:54:19.0248 1672 sscdmdm (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/07/22 10:54:19.0310 1672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/22 10:54:19.0357 1672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/22 10:54:19.0419 1672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/07/22 10:54:19.0435 1672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/07/22 10:54:19.0513 1672 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys
2011/07/22 10:54:19.0638 1672 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/07/22 10:54:19.0731 1672 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/22 10:54:19.0794 1672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/22 10:54:19.0840 1672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/22 10:54:19.0872 1672 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/22 10:54:19.0918 1672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/22 10:54:19.0950 1672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/07/22 10:54:19.0996 1672 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/07/22 10:54:20.0074 1672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/22 10:54:20.0152 1672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/22 10:54:20.0199 1672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/22 10:54:20.0230 1672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/22 10:54:20.0277 1672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/22 10:54:20.0340 1672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/22 10:54:20.0371 1672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/07/22 10:54:20.0402 1672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/22 10:54:20.0480 1672 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/22 10:54:20.0527 1672 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/07/22 10:54:20.0558 1672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/22 10:54:20.0605 1672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/07/22 10:54:20.0636 1672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/22 10:54:20.0698 1672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/22 10:54:20.0745 1672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/22 10:54:20.0776 1672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/22 10:54:20.0839 1672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/22 10:54:20.0854 1672 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/22 10:54:20.0901 1672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/22 10:54:20.0932 1672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/22 10:54:20.0964 1672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/22 10:54:21.0010 1672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/07/22 10:54:21.0026 1672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/07/22 10:54:21.0057 1672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/07/22 10:54:21.0135 1672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/22 10:54:21.0151 1672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/07/22 10:54:21.0213 1672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/07/22 10:54:21.0260 1672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/07/22 10:54:21.0307 1672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/22 10:54:21.0432 1672 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
2011/07/22 10:54:21.0478 1672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/22 10:54:21.0510 1672 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/22 10:54:21.0556 1672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/22 10:54:21.0588 1672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 10:54:21.0603 1672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/22 10:54:21.0681 1672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/22 10:54:21.0712 1672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/22 10:54:21.0790 1672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/22 10:54:21.0806 1672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/22 10:54:21.0900 1672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/22 10:54:21.0962 1672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/22 10:54:21.0993 1672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/22 10:54:22.0040 1672 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/07/22 10:54:22.0087 1672 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/07/22 10:54:22.0149 1672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/07/22 10:54:22.0212 1672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/22 10:54:22.0274 1672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/22 10:54:22.0290 1672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/07/22 10:54:22.0290 1672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
2011/07/22 10:54:22.0305 1672 Boot (0x1200) (e02da9f50db467905137f30456110783) \Device\Harddisk0\DR0\Partition0
2011/07/22 10:54:22.0321 1672 Boot (0x1200) (56c62e132e741706bb88056b5f426f95) \Device\Harddisk1\DR1\Partition0
2011/07/22 10:54:22.0336 1672 Boot (0x1200) (4fd135b7f4803deebcc7509dff6a21cb) \Device\Harddisk2\DR2\Partition0
2011/07/22 10:54:22.0352 1672 ================================================================================
2011/07/22 10:54:22.0352 1672 Scan finished
2011/07/22 10:54:22.0352 1672 ================================================================================
2011/07/22 10:54:22.0352 3616 Detected object count: 0
2011/07/22 10:54:22.0352 3616 Actual detected object count: 0
Der Grund, warum ich kein AV-Programm drauf hatte ist, dass ich seit 12
Jahren kein Problem mit Viren hatte und ich der Meinung war, wenn man
weiß, auf was für Seiten man gehen darf, von wo man sich seine Daten
holt, dann kann man das Risiko sehr stark minimieren.
Das ging 12 Jahre lang gut. Ich hatte 12 Jahre lang wirklich keinen Virus
auf dem PC. Das weiß ich daher, weil ich ab und zu die Platte an einen an-
deren PC anschloss und sie sicherheitshalber scannen lies.
Irgendwann wurde mir das zu blöd und spanisch und ich habe mir mal ab-
sichtlich von... öhm... glaub serials.ws oder sowas... einen Virus runterge-
laden, der sich auch prompt bemerkbar machte. Den hab ich dann mit eurer
Hilfe wieder entfernt. Seit dem hatte ich weiterhin keinen Virus auf dem PC,
bis ich gestern aus Dummheit einen aktivierte, als ich bei einem Spiel, dass
seltsamerweise nicht durch die Autostart gestartet wurde, eine "a.exe"
startete, in der Vermutung, dies sei die Autorun :\

Alt 22.07.2011, 10:02   #10
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair



Hallo Demian Saez,


vielen Dank für die Informationen und das Logfile.

Bitte füge die Logfiles nicht mit Zitaten, sondern mithilfe von Codeboxen ein: # (Symbol über dem Textfeld)

Bitte nun ComboFix ausführen.

Alt 22.07.2011, 10:04   #11
Demian Saez
 
System Repair - Standard

System Repair



Ich hab das mit den Codeboxes gestern ausprobiert, da gibt es bei mir dann
Zeitüberschreitungen bei jedem zweiten Versuch. Werd's aber in Zukunft weiter
so versuchen. Ich führe jetzt die Combo aus.

Alt 22.07.2011, 10:04   #12
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair



Zitat:
Zitat von Demian Saez Beitrag anzeigen
Ich hab das mit den Codeboxes gestern ausprobiert, da gibt es bei mir dann
Zeitüberschreitungen bei jedem zweiten Versuch.
Vielen Dank für die Rückmeldung.

Ich warte auf das Logfile.

Alt 22.07.2011, 11:29   #13
Demian Saez
 
System Repair - Standard

System Repair



Hi, also Combo hab ich jetzt laufen lassen, das hat gewerkelt, 50 Punkte ausgeführt, einiges gelöscht, neu gestartet, wieder die Dos-Box aufgemacht.
NUn steht da "Bereite Logdatei vor" und "Starte keine anderen Programme, bevor ComboFix fertig ist". DUmmerweise hatte ich Trillian, Thunderbird und Logitech Setpoint im Autostart. Ich hab die gleich wieder geschlossen. Macht das Probleme?
KA wie lange der noch braucht, der rödelt und rödelt.

Ich seh auch ständig in den Prozessen eine "ATTRIB.cfxxe" rumspringen, ist das ein Prozess des Virus oder von dem ComboFIx?

Also... kann das sein, dass die Logdatei einige 100MB groß ist? Der erstellt seit 11min scheinbar die Logdatei.
Junge junge hör mir auf. Das muss ja ein Roman sein o.0

Geändert von Demian Saez (22.07.2011 um 11:47 Uhr)

Alt 22.07.2011, 12:05   #14
Demian Saez
 
System Repair - Standard

System Repair



Code:
ATTFilter
ComboFix 11-07-21.04 - Demian 22.07.2011  11:40:18.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8190.6640 [GMT 2:00]
ausgeführt von:: c:\users\Demian\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
c:\users\Demian\13628771d45b4014cf70800c
c:\users\Demian\AppData\Local\Microsoft\Windows\Temporary Internet Files\udRemove.exe
c:\users\Demian\AppData\Roaming\Desktopicon
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-22 bis 2011-07-22  ))))))))))))))))))))))))))))))
.
.
2011-07-22 10:11 . 2011-07-22 10:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-22 08:09 . 2011-07-20 07:44	8578896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CFB79BC-FF27-4A3F-A42A-C18D09E23076}\mpengine.dll
2011-07-21 21:59 . 2011-07-21 21:59	--------	d-----w-	c:\program files\Ubisoft
2011-07-10 17:33 . 2011-07-10 17:33	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-07-09 08:45 . 2011-04-25 05:33	1923968	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-07-09 08:44 . 2011-05-03 05:29	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-07-09 08:44 . 2011-05-03 04:30	741376	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-06-30 07:56 . 2011-06-30 07:56	--------	d-----w-	c:\program files\ATI Technologies
2011-06-30 07:54 . 2011-06-30 07:54	--------	d-----w-	C:\ATI
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 09:36 . 2011-03-27 21:50	2490752	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2011-07-06 05:21 . 2011-05-17 07:14	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-06 15:41 . 2011-06-04 23:56	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-03 05:57 . 2011-07-13 21:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-06-02 13:05 . 2011-06-02 13:05	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-06-02 13:05 . 2011-06-02 13:05	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-02 13:05 . 2011-06-02 13:05	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-02 13:05 . 2011-06-02 13:05	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-06-02 13:05 . 2011-06-02 13:05	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-06-02 13:05 . 2011-06-02 13:05	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-06-02 13:05 . 2011-06-02 13:05	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-06-02 13:05 . 2011-06-02 13:05	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-06-02 13:05 . 2011-06-02 13:05	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-06-02 13:05 . 2011-06-02 13:05	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-06-02 13:05 . 2011-06-02 13:05	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-06-02 13:05 . 2011-06-02 13:05	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-06-02 13:05 . 2011-06-02 13:05	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-06-02 13:05 . 2011-06-02 13:05	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-06-02 13:05 . 2011-06-02 13:05	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-06-02 13:05 . 2011-06-02 13:05	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-06-02 13:05 . 2011-06-02 13:05	448512	----a-w-	c:\windows\system32\html.iec
2011-06-02 13:05 . 2011-06-02 13:05	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-06-02 13:05 . 2011-06-02 13:05	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-06-02 13:05 . 2011-06-02 13:05	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-06-02 13:05 . 2011-06-02 13:05	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-06-02 13:05 . 2011-06-02 13:05	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-06-02 13:05 . 2011-06-02 13:05	222208	----a-w-	c:\windows\system32\msls31.dll
2011-06-02 13:05 . 2011-06-02 13:05	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-06-02 13:05 . 2011-06-02 13:05	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-06-02 13:05 . 2011-06-02 13:05	160256	----a-w-	c:\windows\system32\wextract.exe
2011-06-02 13:05 . 2011-06-02 13:05	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-06-02 13:05 . 2011-06-02 13:05	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-06-02 13:05 . 2011-06-02 13:05	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-06-02 13:05 . 2011-06-02 13:05	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-06-02 13:05 . 2011-06-02 13:05	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-06-02 13:05 . 2011-06-02 13:05	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-06-02 13:05 . 2011-06-02 13:05	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-06-02 13:05 . 2011-06-02 13:05	12288	----a-w-	c:\windows\system32\mshta.exe
2011-06-02 13:05 . 2011-06-02 13:05	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-06-02 13:05 . 2011-06-02 13:05	114176	----a-w-	c:\windows\system32\admparse.dll
2011-06-02 13:05 . 2011-06-02 13:05	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-06-02 13:05 . 2011-06-02 13:05	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-05-25 04:26 . 2011-05-25 04:26	9359872	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53	23336960	----a-w-	c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31	17940992	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2010-08-04 01:54	688128	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2010-02-03 04:22	811008	----a-w-	c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-04-20 02:05	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04	485376	----a-w-	c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-04-20 02:02	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01	16384	----a-w-	c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-04-20 01:40	3810816	----a-w-	c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-01-26 22:49	4219904	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2010-08-04 01:21	4017152	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-08-14 02:03	5008384	----a-w-	c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47	8489472	----a-w-	c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43	6847488	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2010-08-04 01:28	4330496	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38	53760	----a-w-	c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38	53760	----a-w-	c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38	52736	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38	52736	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-04-20 01:31	5486592	----a-w-	c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-04-20 01:23	366592	----a-w-	c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	262144	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26	14848	----a-w-	c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	12800	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	12800	----a-w-	c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25	309760	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2010-02-03 03:23	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-01-26 22:12	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-04-20 01:21	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2010-08-04 01:14	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2010-02-03 03:23	58880	----a-w-	c:\windows\system32\coinst.dll
2011-05-24 17:14 . 2011-01-05 12:38	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-05-10 06:06 . 2011-05-10 06:06	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06	4517664	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-05-04 23:28 . 2011-05-04 23:28	59904	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-05-04 23:27 . 2011-05-04 23:27	51712	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-05-04 23:27 . 2011-05-04 23:27	12385280	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19968]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-23 47104]
"AsioReg"="CTASIO.DLL" [2009-06-23 47104]
"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-30 79360]
R4 gupdate1c99b391020cf56;Google Update Service (gupdate1c99b391020cf56);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 13:16]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 13:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.wikipedia.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~2\SC\\SECRET~1.EXE
TCP: DhcpNameServer = 192.168.2.99
FF - ProfilePath - c:\users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Mozilla Thunderbird (3.0) - c:\program files (x86)\Thunderbird\uninstall\helper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1883959509-1100553777-3490487425-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,c9,89,2a,23,46,c5,32,89,bb,95,3a,57,3b,95,35,1b,6b,87,bc,31,74,06,
   3a,9f,53,26,eb,60,0c,e0,a2,6b,a6,7a,7b,a7,ea,1d,f1,4c,0e,6a,30,ee,3e,04,57,\
"??"=hex:b5,20,8e,e2,f8,b2,03,45,cb,82,f6,83,11,f6,05,52
.
[HKEY_USERS\S-1-5-21-1883959509-1100553777-3490487425-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,d2,68,ac,c0,5c,81,95,c0,28,10,e9,64,f4,5e,fc,5a,51,ab,8e,bd,
   ad,19,6c,0c,85,9c,28,7a,6a,dc,14,32,bc,b4,46,d1,32,76,c0,09,00,6f,d3,3f,e4,\
"rkeysecu"=hex:ec,0c,61,b4,76,ee,7f,4e,07,5a,1d,14,1d,2a,b9,57
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-22  13:02:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-22 11:02
ComboFix2.txt  2008-07-29 14:17
.
Vor Suchlauf: 12 Verzeichnis(se), 49.493.827.584 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 50.735.366.144 Bytes frei
.
- - End Of File - - F93269CD4AC00119DB4E6F8A5BCCA322
         

Alt 22.07.2011, 15:46   #15
M-K-D-B
/// TB-Ausbilder
 
System Repair - Standard

System Repair



Hallo Demian Saez,






Schritt # 1: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
http://www.trojaner-board.de/101579-system-repair-2.html#post685692

DDS::
uInternet Settings,ProxyOverride = *.local

FireFox::
FF - ProfilePath - c:\users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}

Collect::
C:\ProgramData\~P1kAlMiG2Kb7Fz
C:\ProgramData\~P1kAlMiG2Kb7Fzr
C:\ProgramData\P1kAlMiG2Kb7Fz
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das neue Logfile von ComboFix und
  • das Logfile von MBAM.

Thema geschlossen

Themen zu System Repair
beste, besten, brenner, infiziert, runter, system, system repair, zugriff



Ähnliche Themen: System Repair


  1. Trojaner System Repair auf Windows XP SP3 nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  2. System Repair Virus
    Log-Analyse und Auswertung - 20.03.2013 (2)
  3. System repair wizard trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (13)
  4. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (35)
  5. Trojaner eingefangen? - System Repair brauche euren Rat
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (16)
  6. Virus system repair
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (27)
  7. System repair Virus Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (23)
  8. Windows System Repair Virus
    Log-Analyse und Auswertung - 26.02.2013 (17)
  9. System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte!
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (19)
  10. Erst System Repair, dann BKA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (8)
  11. System Repair Virus - gebannt?
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (4)
  12. Trojaner System Repair
    Log-Analyse und Auswertung - 02.08.2011 (22)
  13. Win 7 Repair Viren Programm Sata ports, nun Festplatte leer ohne system
    Alles rund um Windows - 31.07.2011 (13)
  14. System Repair entfernen
    Anleitungen, FAQs & Links - 21.07.2011 (2)
  15. System repair Virus
    Log-Analyse und Auswertung - 18.07.2011 (2)
  16. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 16.07.2011 (18)

Zum Thema System Repair - Hi, hab mir soeben das "System Repair" eingefangen. Wie bekomme ich den nun wieder runter? Ich habe leider keinen Zugriff auf einen Brenner oder sowas, da der PC mit Brenner - System Repair...
Archiv
Du betrachtest: System Repair auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.