Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan.FakeAlert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.12.2011, 20:05   #1
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Hallo Leute,

Ich hab seit letzter Woche ca. 1-4 mal Täglich seltsame "Warntöne".
Auf Youtube habe ich nichts gefunden, was so klingt, man kann sich das aber wie ein Normaler eintöniger Ton vorstellen.
Etwa so: pööp,pööp,pööp,pööp,pause,pause,pööp.
Dannach ist wieder Ruhe.

Ich kann meinen Computer normal benutzen, also scheinbar keine Scareware, oder nur Funscareware.

Ich hab mal Malwarebytes durchscannen lassen, das hat im Gegensatz zu Gdata auch etwas gefunden: trojan.fakealert (klingt irgendwie naheliegend )

Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/21/2011 8:03:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.52% Memory free
15.96 Gb Paging File | 13.07 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.26 Gb Total Space | 442.73 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ERIC-HARDCOREPC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4970B06C-7708-4AAB-9341-3FD1D9B1AA34}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{818B5BB8-26AB-4FD7-A793-220EE0C158C3}" = Windows Live Family Safety
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B0B2F7-1853-464D-B520-CA08F9CA8002}" = Smart Technology Programming Software 7.0.0.26
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C011E1C5-86F7-4EEB-B7E6-0C367CED97B2}" = Windows Live UX Platform Language Pack
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F686C148-CBAE-483D-92CE-B4D6913BDD77}" = LevelR
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Battlelog Web Plugins" = Battlelog Web Plugins
"Black Prophecy_is1" = Black Prophecy
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"GamersFirst LIVE!" = GamersFirst LIVE!
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HydraIRC" = HydraIRC
"Impulse" = Impulse
"JDownloader" = JDownloader
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"Star Assault" = Star Assault
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 105400" = Fable III
"Steam App 105600" = Terraria
"Steam App 10680" = Aliens vs. Predator
"Steam App 107200" = Space Pirates and Zombies
"Steam App 109700" = Achron
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 12800" = FUEL
"Steam App 15560" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome
"Steam App 201290" = Sins of a Solar Empire: Trinity
"Steam App 201310" = X3: Albion Prelude
"Steam App 21970" = R.U.S.E
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 38830" = Crimecraft: BLEEDOUT 
"Steam App 40100" = Supreme Commander 2
"Steam App 40400" = AI War: Fleet Command
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 46330" = Space Rangers 2: Reboot
"Steam App 47890" = The Sims(TM) 3
"Steam App 48240" = Anno 2070
"Steam App 49600" = Beat Hazard
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 58540" = Divinity II - The Dragon Knight Saga
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 70900" = Star Ruler
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8500" = EVE Online: Incursion
"Steam App 91100" = SkyDrift
"Steam App 9200" = RAGE
"Steam App 9350" = Supreme Commander
"Steam App 9420" = Supreme Commander: Forged Alliance
"Steam App 97000" = Solar 2
"Steam App 9930" = Test Drive Unlimited 2
"Steam App 99890" = Darkspore
"Steam App 99900" = Spiral Knights
"TeamViewer 6" = TeamViewer 6
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v3.1
"X-Universe Plugin Manager" = X-Universe Plugin Manager V1.30 by Cycrow
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
[/code]

OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/21/2011 8:03:51 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eric\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.98 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.52% Memory free
15.96 Gb Paging File | 13.07 Gb Available in Paging File | 81.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.26 Gb Total Space | 442.73 Gb Free Space | 48.06% Space Free | Partition Type: NTFS
Drive E: | 3.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ERIC-HARDCOREPC | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/21 08:01:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011/11/22 17:23:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/09 19:18:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/04 13:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/23 10:42:52 | 001,516,888 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2010/08/27 06:40:00 | 001,178,184 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2010/08/26 11:25:36 | 000,996,936 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2010/08/26 11:25:16 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2010/08/25 22:51:44 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2010/03/31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/01 18:47:23 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 19:18:48 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/08 12:03:53 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/22 17:23:20 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/04 13:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/06 17:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/08/27 06:40:00 | 001,178,184 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/08/25 23:29:36 | 001,865,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2010/08/25 22:51:44 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2010/03/31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1937/11/25 12:15:26 | 001,718,608 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/06/11 18:46:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/09 06:42:54 | 000,057,288 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011/06/08 21:08:22 | 000,049,096 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2011/06/08 21:08:21 | 000,085,960 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2011/06/08 21:08:21 | 000,040,392 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2011/06/08 13:59:27 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2011/03/18 16:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2011/03/18 13:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/09 02:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/09 02:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/22 08:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/23 08:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/22 08:22:52 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/04/22 08:22:52 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/04/22 08:22:48 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CCB.sys -- (SaiK0CCB)
DRV:64bit: - [2010/04/22 08:22:48 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/09/12 09:31:16 | 000,131,584 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0836.sys -- (SaiK0836)
DRV:64bit: - [2008/01/21 08:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV - [2011/12/20 15:59:10 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E B8 CF B2 DC 25 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://eve-radio.com/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 19:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/23 19:07:16 | 000,000,000 | ---D | M]
 
[2011/06/08 14:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions
[2011/11/09 19:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/10/23 19:07:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 19:18:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 16:53:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/01 16:53:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/01 16:53:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/01 16:53:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/01 16:53:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/01 16:53:24 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech(c))
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SAB7B.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ImpulseFastStart] C:\Program Files (x86)\Stardock\Impulse\Impulse.exe (Stardock Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B274ECC4-ECD1-49E8-A252-FDA9CE09D105}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/25 12:55:58 | 000,483,987 | R--- | M] () - E:\autorun.aru -- [ CDFS ]
O32 - AutoRun File - [2009/09/25 09:55:12 | 002,785,792 | R--- | M] (Kalypso Media GmbH                                                                                  ) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/10/17 15:42:58 | 000,009,662 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009/09/25 13:46:41 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{07be4184-fdaf-11e0-8159-f46d0403e363}\Shell - "" = AutoRun
O33 - MountPoints2\{07be4184-fdaf-11e0-8159-f46d0403e363}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{458e7f11-9439-11e0-b4ae-f46d0403e363}\Shell - "" = AutoRun
O33 - MountPoints2\{458e7f11-9439-11e0-b4ae-f46d0403e363}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009/09/25 09:55:12 | 002,785,792 | R--- | M] (Kalypso Media GmbH                                                                                  )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/21 08:01:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/12/20 23:52:51 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes
[2011/12/20 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/20 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/20 23:52:43 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/20 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/14 23:59:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\eve calc
[2011/12/08 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Sunken Island Adventure
[2011/11/29 19:10:26 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Divinity 2
[2011/11/29 19:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/21 08:01:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011/12/21 08:01:19 | 000,000,168 | ---- | M] () -- C:\Users\Eric\defogger_reenable
[2011/12/21 04:11:10 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 04:11:10 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/20 23:52:47 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:59:15 | 000,001,434 | ---- | M] () -- C:\Users\Eric\Desktop\.minecraft - Verknüpfung.lnk
[2011/12/20 15:59:10 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysWow64\drivers\GRD.sys
[2011/12/19 13:13:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/19 13:13:01 | 2132,860,927 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 15:55:40 | 000,140,120 | ---- | M] () -- C:\Users\Eric\Desktop\CheatCollectionPackageAP-V1.61-17.12.2011.spk
[2011/12/16 03:20:19 | 000,311,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/13 17:02:43 | 002,429,675 | ---- | M] () -- C:\Users\Eric\Desktop\tmp.jar
[2011/12/13 16:59:32 | 000,333,065 | ---- | M] () -- C:\Users\Eric\Desktop\minecraftforge-client-1.2.1.zip
[2011/12/13 16:58:56 | 000,024,636 | ---- | M] () -- C:\Users\Eric\Desktop\ModLoaderMp 1.0.0.zip
[2011/12/13 16:56:33 | 000,000,910 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-2.2.8.pack
[2011/12/13 16:56:16 | 000,010,491 | ---- | M] () -- C:\Users\Eric\Desktop\mod_pack_installer.jar
[2011/12/13 16:45:19 | 000,082,514 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-energy-2.2.8.zip
[2011/12/13 16:45:00 | 000,077,444 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-builders-2.2.8.zip
[2011/12/13 16:44:45 | 000,088,280 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-factory-2.2.8.zip
[2011/12/13 16:44:29 | 000,124,362 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-B-transport-2.2.8.zip
[2011/12/13 16:43:53 | 000,131,890 | ---- | M] () -- C:\Users\Eric\Desktop\buildcraft-client-A-core-2.2.8.zip
[2011/12/12 21:17:56 | 000,496,388 | ---- | M] () -- C:\Users\Eric\Desktop\forestry-client-A-1.2.2.2.jar
[2011/12/11 17:13:15 | 004,393,710 | ---- | M] () -- C:\Users\Eric\Desktop\Minecraft-Industrial_Craft_1.8.1(1).tar.gz
[2011/12/10 23:48:10 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/12/10 23:48:10 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/09 19:30:22 | 000,088,347 | ---- | M] () -- C:\Users\Eric\Desktop\ModLoader.zip
[2011/12/08 22:48:04 | 001,662,595 | ---- | M] () -- C:\Users\Eric\Desktop\minlol.png
[2011/12/08 19:52:36 | 003,113,853 | ---- | M] () -- C:\Users\Eric\Desktop\Sunken Island Adventure.zip
[2011/12/08 19:26:27 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/12/08 12:12:33 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/12/08 12:12:32 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/12/07 22:27:42 | 072,367,104 | ---- | M] () -- C:\Users\Eric\Desktop\pvpoverview.avi
[2011/12/05 17:21:34 | 005,919,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/05 17:21:34 | 000,735,258 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/12/05 17:21:34 | 000,735,102 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2011/12/05 17:21:34 | 000,729,794 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011/12/05 17:21:34 | 000,718,794 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2011/12/05 17:21:34 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/05 17:21:34 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/05 17:21:34 | 000,646,556 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2011/12/05 17:21:34 | 000,157,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2011/12/05 17:21:34 | 000,151,776 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2011/12/05 17:21:34 | 000,148,180 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/12/05 17:21:34 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/05 17:21:34 | 000,145,676 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011/12/05 17:21:34 | 000,138,766 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2011/12/05 17:21:34 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/04 09:29:54 | 010,385,021 | ---- | M] () -- C:\Users\Eric\Desktop\Pendulum - Propane Nightmares (Official Video + Lyrics).mp3
[2011/11/22 17:23:58 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 17:23:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/12/21 08:01:19 | 000,000,168 | ---- | C] () -- C:\Users\Eric\defogger_reenable
[2011/12/20 23:52:47 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/20 19:59:15 | 000,001,434 | ---- | C] () -- C:\Users\Eric\Desktop\.minecraft - Verknüpfung.lnk
[2011/12/18 15:55:39 | 000,140,120 | ---- | C] () -- C:\Users\Eric\Desktop\CheatCollectionPackageAP-V1.61-17.12.2011.spk
[2011/12/13 17:30:13 | 000,496,388 | ---- | C] () -- C:\Users\Eric\Desktop\forestry-client-A-1.2.2.2.jar
[2011/12/13 16:59:31 | 000,333,065 | ---- | C] () -- C:\Users\Eric\Desktop\minecraftforge-client-1.2.1.zip
[2011/12/13 16:58:55 | 000,024,636 | ---- | C] () -- C:\Users\Eric\Desktop\ModLoaderMp 1.0.0.zip
[2011/12/13 16:56:32 | 000,000,910 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-2.2.8.pack
[2011/12/13 16:56:16 | 000,010,491 | ---- | C] () -- C:\Users\Eric\Desktop\mod_pack_installer.jar
[2011/12/13 16:45:18 | 000,082,514 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-energy-2.2.8.zip
[2011/12/13 16:44:59 | 000,077,444 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-builders-2.2.8.zip
[2011/12/13 16:44:45 | 000,088,280 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-factory-2.2.8.zip
[2011/12/13 16:44:28 | 000,124,362 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-B-transport-2.2.8.zip
[2011/12/13 16:43:52 | 000,131,890 | ---- | C] () -- C:\Users\Eric\Desktop\buildcraft-client-A-core-2.2.8.zip
[2011/12/11 17:13:12 | 004,393,710 | ---- | C] () -- C:\Users\Eric\Desktop\Minecraft-Industrial_Craft_1.8.1(1).tar.gz
[2011/12/09 19:30:22 | 000,088,347 | ---- | C] () -- C:\Users\Eric\Desktop\ModLoader.zip
[2011/12/08 22:48:04 | 001,662,595 | ---- | C] () -- C:\Users\Eric\Desktop\minlol.png
[2011/12/08 19:52:29 | 003,113,853 | ---- | C] () -- C:\Users\Eric\Desktop\Sunken Island Adventure.zip
[2011/12/07 22:27:04 | 072,367,104 | ---- | C] () -- C:\Users\Eric\Desktop\pvpoverview.avi
[2011/12/04 09:29:50 | 010,385,021 | ---- | C] () -- C:\Users\Eric\Desktop\Pendulum - Propane Nightmares (Official Video + Lyrics).mp3
[2011/10/23 20:42:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/23 12:20:51 | 000,161,058 | ---- | C] () -- C:\Windows\Star Assault Uninstaller.exe
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/11 00:41:49 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/08/31 19:37:14 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 19:37:11 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/06/13 18:02:20 | 005,807,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/30 21:45:42 | 000,036,347 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/03/30 21:45:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/03/30 21:45:10 | 000,024,769 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/30 18:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\SysWow64\spk.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011/12/21 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft
[2011/11/07 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft - Kopie
[2011/11/18 22:53:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Beat Hazard
[2011/06/11 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DAEMON Tools Lite
[2011/08/20 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\DarksporeData
[2011/07/19 23:19:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\FUEL
[2011/10/30 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo
[2011/06/09 21:25:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech
[2011/10/09 12:37:02 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lionhead Studios
[2011/07/25 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LolClient
[2011/08/17 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MinMaxGames
[2011/08/22 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MoreTerra
[2011/12/08 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Mumble
[2011/08/22 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SPORE
[2011/10/17 18:12:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Stardock
[2011/07/08 18:53:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\System
[2011/07/20 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TeamViewer
[2011/11/20 23:02:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TS3Client
[2011/11/20 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ubisoft
[2011/07/09 19:43:47 | 000,000,000 | -HSD | M] -- C:\Users\Eric\AppData\Roaming\wyUpdate AU
[2011/09/01 18:12:11 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/06/08 13:15:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/06/21 18:39:52 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2011/03/30 22:34:54 | 000,000,000 | -HSD | M] -- C:\Boot
[2011/09/17 23:10:32 | 000,000,000 | ---D | M] -- C:\cache
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/08/02 22:23:19 | 000,000,000 | ---D | M] -- C:\Fraps
[2011/09/17 23:10:56 | 000,000,000 | ---D | M] -- C:\Images
[2011/03/30 21:45:47 | 000,000,000 | ---D | M] -- C:\Intel
[2011/09/13 19:29:33 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/03/30 21:58:53 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011/07/11 21:50:40 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/11/01 11:34:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/12/20 23:52:43 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011/12/20 23:52:47 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/06/08 13:13:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/07/25 14:24:51 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011/12/21 08:06:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/11/03 23:01:26 | 000,000,000 | R--D | M] -- C:\Users
[2011/12/19 13:12:59 | 000,000,000 | ---D | M] -- C:\Windows
[2011/09/17 23:11:09 | 000,000,000 | ---D | M] -- C:\Zoom5
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2010/11/21 04:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
--- --- ---
[/code]

Malwarebytes

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8406

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

21.12.2011 07:59:44
mbam-log-2011-12-21 (07-59-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 700224
Laufzeit: 2 Stunde(n), 44 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Geändert von Eric42 (21.12.2011 um 20:10 Uhr)

Alt 21.12.2011, 21:40   #2
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden
  • Sollte ich innerhalb der nächsten 3 Tage keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Bitte poste in deiner nächsten Antwort
TDSSKiller Log
aswMBR.txt
__________________

__________________

Alt 21.12.2011, 22:05   #3
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Code:
ATTFilter
21:58:50.0949 3860	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:58:51.0047 3860	============================================================
21:58:51.0047 3860	Current date / time: 2011/12/21 21:58:51.0047
21:58:51.0047 3860	SystemInfo:
21:58:51.0047 3860	
21:58:51.0047 3860	OS Version: 6.1.7601 ServicePack: 1.0
21:58:51.0047 3860	Product type: Workstation
21:58:51.0047 3860	ComputerName: ERIC-HARDCOREPC
21:58:51.0047 3860	UserName: Eric
21:58:51.0047 3860	Windows directory: C:\Windows
21:58:51.0047 3860	System windows directory: C:\Windows
21:58:51.0047 3860	Running under WOW64
21:58:51.0047 3860	Processor architecture: Intel x64
21:58:51.0047 3860	Number of processors: 8
21:58:51.0047 3860	Page size: 0x1000
21:58:51.0047 3860	Boot type: Normal boot
21:58:51.0047 3860	============================================================
21:58:51.0791 3860	Initialize success
21:58:53.0389 4776	============================================================
21:58:53.0389 4776	Scan started
21:58:53.0389 4776	Mode: Manual; 
21:58:53.0389 4776	============================================================
21:58:54.0392 4776	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:58:54.0396 4776	1394ohci - ok
21:58:54.0439 4776	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:58:54.0443 4776	ACPI - ok
21:58:54.0453 4776	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:58:54.0454 4776	AcpiPmi - ok
21:58:54.0490 4776	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:58:54.0494 4776	adp94xx - ok
21:58:54.0525 4776	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:58:54.0529 4776	adpahci - ok
21:58:54.0550 4776	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:58:54.0552 4776	adpu320 - ok
21:58:54.0608 4776	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:58:54.0614 4776	AFD - ok
21:58:54.0648 4776	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:58:54.0651 4776	agp440 - ok
21:58:54.0681 4776	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:58:54.0682 4776	aliide - ok
21:58:54.0693 4776	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:58:54.0695 4776	amdide - ok
21:58:54.0705 4776	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:58:54.0707 4776	AmdK8 - ok
21:58:54.0719 4776	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:58:54.0720 4776	AmdPPM - ok
21:58:54.0752 4776	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:58:54.0754 4776	amdsata - ok
21:58:54.0776 4776	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:58:54.0779 4776	amdsbs - ok
21:58:54.0789 4776	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:58:54.0790 4776	amdxata - ok
21:58:54.0813 4776	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:58:54.0815 4776	AppID - ok
21:58:54.0831 4776	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:58:54.0833 4776	arc - ok
21:58:54.0850 4776	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:58:54.0852 4776	arcsas - ok
21:58:54.0879 4776	asmthub3        (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\drivers\asmthub3.sys
21:58:54.0882 4776	asmthub3 - ok
21:58:54.0912 4776	asmtxhci        (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\drivers\asmtxhci.sys
21:58:54.0916 4776	asmtxhci - ok
21:58:54.0944 4776	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:54.0945 4776	AsyncMac - ok
21:58:54.0952 4776	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:58:54.0953 4776	atapi - ok
21:58:54.0999 4776	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:58:55.0003 4776	b06bdrv - ok
21:58:55.0022 4776	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:55.0025 4776	b57nd60a - ok
21:58:55.0046 4776	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:58:55.0047 4776	Beep - ok
21:58:55.0073 4776	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:58:55.0075 4776	blbdrive - ok
21:58:55.0100 4776	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:58:55.0101 4776	bowser - ok
21:58:55.0123 4776	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:58:55.0125 4776	BrFiltLo - ok
21:58:55.0149 4776	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:58:55.0151 4776	BrFiltUp - ok
21:58:55.0174 4776	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:58:55.0179 4776	Brserid - ok
21:58:55.0202 4776	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:55.0204 4776	BrSerWdm - ok
21:58:55.0222 4776	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:55.0224 4776	BrUsbMdm - ok
21:58:55.0235 4776	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:55.0237 4776	BrUsbSer - ok
21:58:55.0255 4776	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:58:55.0257 4776	BTHMODEM - ok
21:58:55.0279 4776	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:55.0281 4776	cdfs - ok
21:58:55.0294 4776	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:55.0298 4776	cdrom - ok
21:58:55.0317 4776	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:58:55.0320 4776	circlass - ok
21:58:55.0346 4776	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:58:55.0350 4776	CLFS - ok
21:58:55.0368 4776	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:58:55.0370 4776	CmBatt - ok
21:58:55.0382 4776	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:58:55.0385 4776	cmdide - ok
21:58:55.0412 4776	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:58:55.0417 4776	CNG - ok
21:58:55.0465 4776	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:58:55.0468 4776	Compbatt - ok
21:58:55.0475 4776	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:58:55.0477 4776	CompositeBus - ok
21:58:55.0492 4776	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:58:55.0493 4776	crcdisk - ok
21:58:55.0526 4776	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:58:55.0531 4776	CSC - ok
21:58:55.0563 4776	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:58:55.0565 4776	DfsC - ok
21:58:55.0584 4776	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:58:55.0585 4776	discache - ok
21:58:55.0596 4776	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:58:55.0597 4776	Disk - ok
21:58:55.0626 4776	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:58:55.0629 4776	dmvsc - ok
21:58:55.0667 4776	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:58:55.0669 4776	drmkaud - ok
21:58:55.0699 4776	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:58:55.0703 4776	dtsoftbus01 - ok
21:58:55.0878 4776	dump_wmimmc - ok
21:58:55.0908 4776	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:55.0920 4776	DXGKrnl - ok
21:58:55.0985 4776	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:58:56.0038 4776	ebdrv - ok
21:58:56.0087 4776	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:58:56.0089 4776	ElbyCDIO - ok
21:58:56.0115 4776	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:58:56.0122 4776	elxstor - ok
21:58:56.0134 4776	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:58:56.0136 4776	ErrDev - ok
21:58:56.0163 4776	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:58:56.0166 4776	exfat - ok
21:58:56.0184 4776	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:58:56.0187 4776	fastfat - ok
21:58:56.0207 4776	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:58:56.0209 4776	fdc - ok
21:58:56.0230 4776	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:58:56.0232 4776	FileInfo - ok
21:58:56.0246 4776	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:58:56.0248 4776	Filetrace - ok
21:58:56.0267 4776	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:58:56.0268 4776	flpydisk - ok
21:58:56.0277 4776	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:58:56.0280 4776	FltMgr - ok
21:58:56.0298 4776	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:58:56.0300 4776	FsDepends - ok
21:58:56.0323 4776	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:56.0326 4776	fssfltr - ok
         
Code:
ATTFilter
 aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 21:59:58
-----------------------------
21:59:58.508    OS Version: Windows x64 6.1.7601 Service Pack 1
21:59:58.508    Number of processors: 8 586 0x2A07
21:59:58.509    ComputerName: ERIC-HARDCOREPC  UserName: Eric
21:59:59.900    Initialize success
22:00:07.924    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:00:07.927    Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
22:00:09.943    Disk 0 MBR read successfully
22:00:09.946    Disk 0 MBR scan
22:00:09.947    Disk 0 Windows 7 default MBR code
22:00:09.949    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       943367 MB offset 2048
22:00:09.969    Disk 0 Partition 2 00     27 Hidden NTFS WinRE NTFS        10499 MB offset 1932019712
22:00:09.972    Service scanning
22:00:11.391    Modules scanning
22:00:11.395    Disk 0 trace - called modules:
22:00:11.400    
22:00:11.404    Scan finished successfully
22:00:23.627    Disk 0 MBR has been saved successfully to "C:\Users\Eric\Desktop\MBR.dat"
22:00:23.629    The log file has been saved successfully to "C:\Users\Eric\Desktop\aswMBR.txt"
         
__________________

Alt 21.12.2011, 22:13   #4
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Die Logfile von TDSSKiller ist nicht vollständig
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 21.12.2011, 22:23   #5
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Da hatte es wohl nicht alles mitgenommen...

mhh... hatte grad eben den ersten Bluescreen, als ich posten wollte...

Code:
ATTFilter
 21:58:50.0949 3860	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:58:51.0047 3860	============================================================
21:58:51.0047 3860	Current date / time: 2011/12/21 21:58:51.0047
21:58:51.0047 3860	SystemInfo:
21:58:51.0047 3860	
21:58:51.0047 3860	OS Version: 6.1.7601 ServicePack: 1.0
21:58:51.0047 3860	Product type: Workstation
21:58:51.0047 3860	ComputerName: ERIC-HARDCOREPC
21:58:51.0047 3860	UserName: Eric
21:58:51.0047 3860	Windows directory: C:\Windows
21:58:51.0047 3860	System windows directory: C:\Windows
21:58:51.0047 3860	Running under WOW64
21:58:51.0047 3860	Processor architecture: Intel x64
21:58:51.0047 3860	Number of processors: 8
21:58:51.0047 3860	Page size: 0x1000
21:58:51.0047 3860	Boot type: Normal boot
21:58:51.0047 3860	============================================================
21:58:51.0791 3860	Initialize success
21:58:53.0389 4776	============================================================
21:58:53.0389 4776	Scan started
21:58:53.0389 4776	Mode: Manual; 
21:58:53.0389 4776	============================================================
21:58:54.0392 4776	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:58:54.0396 4776	1394ohci - ok
21:58:54.0439 4776	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:58:54.0443 4776	ACPI - ok
21:58:54.0453 4776	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:58:54.0454 4776	AcpiPmi - ok
21:58:54.0490 4776	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:58:54.0494 4776	adp94xx - ok
21:58:54.0525 4776	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:58:54.0529 4776	adpahci - ok
21:58:54.0550 4776	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:58:54.0552 4776	adpu320 - ok
21:58:54.0608 4776	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:58:54.0614 4776	AFD - ok
21:58:54.0648 4776	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:58:54.0651 4776	agp440 - ok
21:58:54.0681 4776	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:58:54.0682 4776	aliide - ok
21:58:54.0693 4776	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:58:54.0695 4776	amdide - ok
21:58:54.0705 4776	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:58:54.0707 4776	AmdK8 - ok
21:58:54.0719 4776	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:58:54.0720 4776	AmdPPM - ok
21:58:54.0752 4776	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:58:54.0754 4776	amdsata - ok
21:58:54.0776 4776	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:58:54.0779 4776	amdsbs - ok
21:58:54.0789 4776	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:58:54.0790 4776	amdxata - ok
21:58:54.0813 4776	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:58:54.0815 4776	AppID - ok
21:58:54.0831 4776	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:58:54.0833 4776	arc - ok
21:58:54.0850 4776	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:58:54.0852 4776	arcsas - ok
21:58:54.0879 4776	asmthub3        (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\drivers\asmthub3.sys
21:58:54.0882 4776	asmthub3 - ok
21:58:54.0912 4776	asmtxhci        (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\drivers\asmtxhci.sys
21:58:54.0916 4776	asmtxhci - ok
21:58:54.0944 4776	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:54.0945 4776	AsyncMac - ok
21:58:54.0952 4776	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:58:54.0953 4776	atapi - ok
21:58:54.0999 4776	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:58:55.0003 4776	b06bdrv - ok
21:58:55.0022 4776	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:55.0025 4776	b57nd60a - ok
21:58:55.0046 4776	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:58:55.0047 4776	Beep - ok
21:58:55.0073 4776	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:58:55.0075 4776	blbdrive - ok
21:58:55.0100 4776	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:58:55.0101 4776	bowser - ok
21:58:55.0123 4776	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:58:55.0125 4776	BrFiltLo - ok
21:58:55.0149 4776	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:58:55.0151 4776	BrFiltUp - ok
21:58:55.0174 4776	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:58:55.0179 4776	Brserid - ok
21:58:55.0202 4776	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:55.0204 4776	BrSerWdm - ok
21:58:55.0222 4776	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:55.0224 4776	BrUsbMdm - ok
21:58:55.0235 4776	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:55.0237 4776	BrUsbSer - ok
21:58:55.0255 4776	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:58:55.0257 4776	BTHMODEM - ok
21:58:55.0279 4776	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:55.0281 4776	cdfs - ok
21:58:55.0294 4776	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:58:55.0298 4776	cdrom - ok
21:58:55.0317 4776	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:58:55.0320 4776	circlass - ok
21:58:55.0346 4776	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:58:55.0350 4776	CLFS - ok
21:58:55.0368 4776	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:58:55.0370 4776	CmBatt - ok
21:58:55.0382 4776	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:58:55.0385 4776	cmdide - ok
21:58:55.0412 4776	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:58:55.0417 4776	CNG - ok
21:58:55.0465 4776	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:58:55.0468 4776	Compbatt - ok
21:58:55.0475 4776	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:58:55.0477 4776	CompositeBus - ok
21:58:55.0492 4776	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:58:55.0493 4776	crcdisk - ok
21:58:55.0526 4776	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:58:55.0531 4776	CSC - ok
21:58:55.0563 4776	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:58:55.0565 4776	DfsC - ok
21:58:55.0584 4776	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:58:55.0585 4776	discache - ok
21:58:55.0596 4776	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:58:55.0597 4776	Disk - ok
21:58:55.0626 4776	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:58:55.0629 4776	dmvsc - ok
21:58:55.0667 4776	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:58:55.0669 4776	drmkaud - ok
21:58:55.0699 4776	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:58:55.0703 4776	dtsoftbus01 - ok
21:58:55.0878 4776	dump_wmimmc - ok
21:58:55.0908 4776	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:58:55.0920 4776	DXGKrnl - ok
21:58:55.0985 4776	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:58:56.0038 4776	ebdrv - ok
21:58:56.0087 4776	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:58:56.0089 4776	ElbyCDIO - ok
21:58:56.0115 4776	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:58:56.0122 4776	elxstor - ok
21:58:56.0134 4776	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:58:56.0136 4776	ErrDev - ok
21:58:56.0163 4776	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:58:56.0166 4776	exfat - ok
21:58:56.0184 4776	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:58:56.0187 4776	fastfat - ok
21:58:56.0207 4776	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:58:56.0209 4776	fdc - ok
21:58:56.0230 4776	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:58:56.0232 4776	FileInfo - ok
21:58:56.0246 4776	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:58:56.0248 4776	Filetrace - ok
21:58:56.0267 4776	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:58:56.0268 4776	flpydisk - ok
21:58:56.0277 4776	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:58:56.0280 4776	FltMgr - ok
21:58:56.0298 4776	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:58:56.0300 4776	FsDepends - ok
21:58:56.0323 4776	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:56.0326 4776	fssfltr - ok
21:58:56.0354 4776	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:58:56.0356 4776	Fs_Rec - ok
21:58:56.0376 4776	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:58:56.0380 4776	fvevol - ok
21:58:56.0408 4776	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:58:56.0410 4776	gagp30kx - ok
21:58:56.0438 4776	GDBehave        (6331adbeb3e0ad674ccbeff326a12a76) C:\Windows\system32\drivers\GDBehave.sys
21:58:56.0441 4776	GDBehave - ok
21:58:56.0474 4776	GDMnIcpt        (619aae1a5663f5d84ae3de68f69527f7) C:\Windows\system32\drivers\MiniIcpt.sys
21:58:56.0476 4776	GDMnIcpt - ok
21:58:56.0495 4776	GDPkIcpt        (4d40f25260ecd6dd3847ac2d77078eeb) C:\Windows\system32\drivers\PktIcpt.sys
21:58:56.0497 4776	GDPkIcpt - ok
21:58:56.0538 4776	gdwfpcd         (3d97afde6e8d1954237bfb35ca29ab32) C:\Windows\system32\drivers\gdwfpcd64.sys
21:58:56.0540 4776	gdwfpcd - ok
21:58:56.0549 4776	GRD - ok
21:58:56.0575 4776	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:58:56.0577 4776	hamachi - ok
21:58:56.0623 4776	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:58:56.0625 4776	hcw85cir - ok
21:58:56.0659 4776	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:58:56.0663 4776	HdAudAddService - ok
21:58:56.0670 4776	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:58:56.0673 4776	HDAudBus - ok
21:58:56.0696 4776	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:58:56.0697 4776	HidBatt - ok
21:58:56.0711 4776	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:58:56.0713 4776	HidBth - ok
21:58:56.0740 4776	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:58:56.0743 4776	HidIr - ok
21:58:56.0758 4776	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:58:56.0760 4776	HidUsb - ok
21:58:56.0779 4776	HookCentre      (68d09a088463a046c5a549c1e510b1d7) C:\Windows\system32\drivers\HookCentre.sys
21:58:56.0781 4776	HookCentre - ok
21:58:56.0797 4776	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:58:56.0799 4776	HpSAMD - ok
21:58:56.0820 4776	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:58:56.0826 4776	HTTP - ok
21:58:56.0838 4776	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:58:56.0839 4776	hwpolicy - ok
21:58:56.0865 4776	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:58:56.0867 4776	i8042prt - ok
21:58:56.0897 4776	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:58:56.0901 4776	iaStorV - ok
21:58:56.0946 4776	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:58:56.0948 4776	iirsp - ok
21:58:57.0000 4776	IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
21:58:57.0034 4776	IntcAzAudAddService - ok
21:58:57.0050 4776	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:58:57.0052 4776	intelide - ok
21:58:57.0071 4776	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:58:57.0073 4776	intelppm - ok
21:58:57.0122 4776	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:57.0151 4776	IpFilterDriver - ok
21:58:57.0333 4776	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:58:57.0336 4776	IPMIDRV - ok
21:58:57.0358 4776	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:58:57.0361 4776	IPNAT - ok
21:58:57.0382 4776	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:58:57.0385 4776	IRENUM - ok
21:58:57.0399 4776	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:58:57.0401 4776	isapnp - ok
21:58:57.0428 4776	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:58:57.0433 4776	iScsiPrt - ok
21:58:57.0441 4776	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:57.0443 4776	kbdclass - ok
21:58:57.0470 4776	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:57.0473 4776	kbdhid - ok
21:58:57.0487 4776	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:58:57.0488 4776	KSecDD - ok
21:58:57.0500 4776	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:58:57.0502 4776	KSecPkg - ok
21:58:57.0518 4776	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:58:57.0519 4776	ksthunk - ok
21:58:57.0554 4776	LADF_BakerCOnly (86f06574763a0e7cdcd57dd85632e44f) C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys
21:58:57.0558 4776	LADF_BakerCOnly - ok
21:58:57.0576 4776	LADF_BakerROnly (89b4981f949a14148365de8d98a310b5) C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys
21:58:57.0579 4776	LADF_BakerROnly - ok
21:58:57.0591 4776	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:58:57.0592 4776	lltdio - ok
21:58:57.0616 4776	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:58:57.0618 4776	LSI_FC - ok
21:58:57.0636 4776	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:58:57.0639 4776	LSI_SAS - ok
21:58:57.0656 4776	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:58:57.0659 4776	LSI_SAS2 - ok
21:58:57.0673 4776	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:58:57.0677 4776	LSI_SCSI - ok
21:58:57.0696 4776	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:58:57.0698 4776	luafv - ok
21:58:57.0733 4776	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:58:57.0735 4776	MBAMProtector - ok
21:58:57.0768 4776	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:58:57.0771 4776	megasas - ok
21:58:57.0800 4776	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:58:57.0804 4776	MegaSR - ok
21:58:57.0842 4776	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
21:58:57.0844 4776	MEIx64 - ok
21:58:57.0860 4776	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:58:57.0862 4776	Modem - ok
21:58:57.0869 4776	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:58:57.0871 4776	monitor - ok
21:58:57.0879 4776	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:58:57.0882 4776	mouclass - ok
21:58:57.0889 4776	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:58:57.0891 4776	mouhid - ok
21:58:57.0914 4776	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:58:57.0916 4776	mountmgr - ok
21:58:57.0938 4776	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:58:57.0942 4776	mpio - ok
21:58:57.0957 4776	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:58:57.0960 4776	mpsdrv - ok
21:58:57.0982 4776	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:58:57.0984 4776	MRxDAV - ok
21:58:58.0015 4776	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:58.0017 4776	mrxsmb - ok
21:58:58.0046 4776	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:58.0049 4776	mrxsmb10 - ok
21:58:58.0064 4776	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:58.0066 4776	mrxsmb20 - ok
21:58:58.0076 4776	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:58:58.0077 4776	msahci - ok
21:58:58.0100 4776	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:58:58.0102 4776	msdsm - ok
21:58:58.0121 4776	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:58:58.0122 4776	Msfs - ok
21:58:58.0135 4776	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:58:58.0136 4776	mshidkmdf - ok
21:58:58.0145 4776	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:58:58.0146 4776	msisadrv - ok
21:58:58.0167 4776	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:58:58.0169 4776	MSKSSRV - ok
21:58:58.0186 4776	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:58.0187 4776	MSPCLOCK - ok
21:58:58.0195 4776	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:58:58.0196 4776	MSPQM - ok
21:58:58.0215 4776	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:58:58.0219 4776	MsRPC - ok
21:58:58.0230 4776	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:58:58.0232 4776	mssmbios - ok
21:58:58.0248 4776	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:58:58.0250 4776	MSTEE - ok
21:58:58.0260 4776	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:58:58.0262 4776	MTConfig - ok
21:58:58.0278 4776	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:58:58.0280 4776	Mup - ok
21:58:58.0286 4776	mv91cons        (e53d9ab63917338d7ffe12e85310a636) C:\Windows\system32\drivers\mv91cons.sys
21:58:58.0287 4776	mv91cons - ok
21:58:58.0306 4776	mv91xx          (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\drivers\mv91xx.sys
21:58:58.0309 4776	mv91xx - ok
21:58:58.0342 4776	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:58:58.0345 4776	NativeWifiP - ok
21:58:58.0387 4776	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:58:58.0407 4776	NDIS - ok
21:58:58.0422 4776	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:58:58.0425 4776	NdisCap - ok
21:58:58.0440 4776	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:58.0442 4776	NdisTapi - ok
21:58:58.0462 4776	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:58.0465 4776	Ndisuio - ok
21:58:58.0482 4776	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:58.0484 4776	NdisWan - ok
21:58:58.0500 4776	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:58:58.0501 4776	NDProxy - ok
21:58:58.0514 4776	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:58:58.0515 4776	NetBIOS - ok
21:58:58.0529 4776	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:58:58.0532 4776	NetBT - ok
21:58:58.0573 4776	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:58:58.0575 4776	nfrd960 - ok
21:58:58.0590 4776	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:58:58.0591 4776	Npfs - ok
21:58:58.0631 4776	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:58:58.0633 4776	nsiproxy - ok
21:58:58.0685 4776	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:58:58.0705 4776	Ntfs - ok
21:58:58.0715 4776	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:58:58.0716 4776	Null - ok
21:58:58.0755 4776	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
21:58:58.0758 4776	NVHDA - ok
21:58:58.0947 4776	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:58:59.0107 4776	nvlddmkm - ok
21:58:59.0132 4776	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:58:59.0134 4776	nvraid - ok
21:58:59.0152 4776	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:58:59.0155 4776	nvstor - ok
21:58:59.0199 4776	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:58:59.0202 4776	nv_agp - ok
21:58:59.0214 4776	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:58:59.0216 4776	ohci1394 - ok
21:58:59.0252 4776	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:58:59.0254 4776	Parport - ok
21:58:59.0270 4776	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:58:59.0271 4776	partmgr - ok
21:58:59.0289 4776	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:58:59.0291 4776	pci - ok
21:58:59.0301 4776	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:58:59.0302 4776	pciide - ok
21:58:59.0326 4776	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:58:59.0328 4776	pcmcia - ok
21:58:59.0346 4776	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:58:59.0348 4776	pcw - ok
21:58:59.0373 4776	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:58:59.0381 4776	PEAUTH - ok
21:58:59.0437 4776	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:58:59.0441 4776	PptpMiniport - ok
21:58:59.0456 4776	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:58:59.0459 4776	Processor - ok
21:58:59.0488 4776	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:58:59.0490 4776	Psched - ok
21:58:59.0528 4776	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:58:59.0544 4776	ql2300 - ok
21:58:59.0558 4776	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:58:59.0560 4776	ql40xx - ok
21:58:59.0574 4776	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:58:59.0576 4776	QWAVEdrv - ok
21:58:59.0593 4776	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:58:59.0594 4776	RasAcd - ok
21:58:59.0626 4776	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:58:59.0629 4776	RasAgileVpn - ok
21:58:59.0648 4776	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:59.0651 4776	Rasl2tp - ok
21:58:59.0677 4776	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:59.0679 4776	RasPppoe - ok
21:58:59.0698 4776	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:58:59.0700 4776	RasSstp - ok
21:58:59.0718 4776	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:58:59.0721 4776	rdbss - ok
21:58:59.0734 4776	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:58:59.0736 4776	rdpbus - ok
21:58:59.0747 4776	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:59.0749 4776	RDPCDD - ok
21:58:59.0778 4776	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:58:59.0781 4776	RDPDR - ok
21:58:59.0787 4776	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:58:59.0788 4776	RDPENCDD - ok
21:58:59.0805 4776	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:58:59.0807 4776	RDPREFMP - ok
21:58:59.0827 4776	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:58:59.0829 4776	RdpVideoMiniport - ok
21:58:59.0852 4776	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:58:59.0855 4776	RDPWD - ok
21:58:59.0879 4776	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:58:59.0881 4776	rdyboost - ok
21:58:59.0900 4776	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:58:59.0902 4776	rspndr - ok
21:58:59.0930 4776	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:58:59.0934 4776	RTL8167 - ok
21:58:59.0957 4776	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:58:59.0958 4776	s3cap - ok
21:58:59.0993 4776	SaiK0728        (476baa3eebe9db94bf6bdfaf46747e5d) C:\Windows\system32\DRIVERS\SaiK0728.sys
21:58:59.0995 4776	SaiK0728 - ok
21:59:00.0014 4776	SaiK0836        (24099c3d4ec943f875bf29f75987a3a6) C:\Windows\system32\DRIVERS\SaiK0836.sys
21:59:00.0017 4776	SaiK0836 - ok
21:59:00.0045 4776	SaiK0CCB        (f6d3e9793f22c92cef9b96bf47da01f1) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
21:59:00.0049 4776	SaiK0CCB - ok
21:59:00.0067 4776	SaiMini         (64bc6cc8fd3408df37ea488d88d54a4a) C:\Windows\system32\DRIVERS\SaiMini.sys
21:59:00.0069 4776	SaiMini - ok
21:59:00.0076 4776	SaiNtBus        (6a78c024625926cc4b67b3e6ad14910a) C:\Windows\system32\drivers\SaiBus.sys
21:59:00.0077 4776	SaiNtBus - ok
21:59:00.0116 4776	SaiU0CCB        (ff2d7435c79b273752f0912feab839c0) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
21:59:00.0118 4776	SaiU0CCB - ok
21:59:00.0145 4776	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:59:00.0147 4776	sbp2port - ok
21:59:00.0170 4776	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:59:00.0171 4776	scfilter - ok
21:59:00.0181 4776	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:59:00.0183 4776	secdrv - ok
21:59:00.0197 4776	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:59:00.0198 4776	Serenum - ok
21:59:00.0222 4776	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:59:00.0224 4776	Serial - ok
21:59:00.0254 4776	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:59:00.0256 4776	sermouse - ok
21:59:00.0271 4776	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:59:00.0273 4776	sffdisk - ok
21:59:00.0280 4776	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:59:00.0282 4776	sffp_mmc - ok
21:59:00.0290 4776	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:59:00.0292 4776	sffp_sd - ok
21:59:00.0307 4776	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:59:00.0309 4776	sfloppy - ok
21:59:00.0327 4776	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:59:00.0329 4776	SiSRaid2 - ok
21:59:00.0343 4776	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:59:00.0345 4776	SiSRaid4 - ok
21:59:00.0365 4776	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:59:00.0367 4776	Smb - ok
21:59:00.0386 4776	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:59:00.0387 4776	spldr - ok
21:59:00.0428 4776	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:59:00.0433 4776	srv - ok
21:59:00.0449 4776	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:59:00.0454 4776	srv2 - ok
21:59:00.0469 4776	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:00.0472 4776	srvnet - ok
21:59:00.0514 4776	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:59:00.0515 4776	stexstor - ok
21:59:00.0533 4776	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:59:00.0534 4776	storflt - ok
21:59:00.0552 4776	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:59:00.0553 4776	storvsc - ok
21:59:00.0567 4776	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:59:00.0569 4776	swenum - ok
21:59:00.0582 4776	Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\Synth3dVsc.sys
21:59:00.0584 4776	Synth3dVsc - ok
21:59:00.0634 4776	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:59:00.0656 4776	Tcpip - ok
21:59:00.0686 4776	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:00.0693 4776	TCPIP6 - ok
21:59:00.0704 4776	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:59:00.0706 4776	tcpipreg - ok
21:59:00.0726 4776	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:59:00.0727 4776	TDPIPE - ok
21:59:00.0740 4776	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:59:00.0741 4776	TDTCP - ok
21:59:00.0761 4776	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:59:00.0763 4776	tdx - ok
21:59:00.0796 4776	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:59:00.0798 4776	TermDD - ok
21:59:00.0827 4776	terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
21:59:00.0829 4776	terminpt - ok
21:59:00.0847 4776	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:00.0848 4776	tssecsrv - ok
21:59:00.0863 4776	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:59:00.0865 4776	TsUsbFlt - ok
21:59:00.0886 4776	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:59:00.0887 4776	TsUsbGD - ok
21:59:00.0905 4776	tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
21:59:00.0907 4776	tsusbhub - ok
21:59:00.0920 4776	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:00.0922 4776	tunnel - ok
21:59:00.0941 4776	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:59:00.0942 4776	uagp35 - ok
21:59:00.0962 4776	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:59:00.0966 4776	udfs - ok
21:59:00.0990 4776	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:59:00.0992 4776	uliagpkx - ok
21:59:01.0022 4776	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:59:01.0024 4776	umbus - ok
21:59:01.0042 4776	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:59:01.0044 4776	UmPass - ok
21:59:01.0076 4776	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:59:01.0079 4776	usbaudio - ok
21:59:01.0111 4776	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:01.0114 4776	usbccgp - ok
21:59:01.0135 4776	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:59:01.0138 4776	usbcir - ok
21:59:01.0149 4776	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:59:01.0151 4776	usbehci - ok
21:59:01.0168 4776	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:01.0172 4776	usbhub - ok
21:59:01.0200 4776	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:59:01.0202 4776	usbohci - ok
21:59:01.0221 4776	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:01.0222 4776	usbprint - ok
21:59:01.0251 4776	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:01.0254 4776	USBSTOR - ok
21:59:01.0268 4776	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:59:01.0270 4776	usbuhci - ok
21:59:01.0318 4776	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
21:59:01.0320 4776	VClone - ok
21:59:01.0333 4776	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:59:01.0336 4776	vdrvroot - ok
21:59:01.0355 4776	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:01.0356 4776	vga - ok
21:59:01.0372 4776	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:59:01.0374 4776	VgaSave - ok
21:59:01.0380 4776	VGPU - ok
21:59:01.0397 4776	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:59:01.0400 4776	vhdmp - ok
21:59:01.0427 4776	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:59:01.0428 4776	viaide - ok
21:59:01.0443 4776	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:59:01.0446 4776	vmbus - ok
21:59:01.0459 4776	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:59:01.0460 4776	VMBusHID - ok
21:59:01.0476 4776	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:59:01.0478 4776	volmgr - ok
21:59:01.0496 4776	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:59:01.0499 4776	volmgrx - ok
21:59:01.0514 4776	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:59:01.0516 4776	volsnap - ok
21:59:01.0544 4776	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:59:01.0547 4776	vsmraid - ok
21:59:01.0559 4776	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:59:01.0561 4776	vwifibus - ok
21:59:01.0574 4776	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:59:01.0575 4776	WacomPen - ok
21:59:01.0591 4776	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:01.0593 4776	WANARP - ok
21:59:01.0596 4776	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:01.0597 4776	Wanarpv6 - ok
21:59:01.0619 4776	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:59:01.0620 4776	Wd - ok
21:59:01.0631 4776	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:59:01.0635 4776	Wdf01000 - ok
21:59:01.0660 4776	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:01.0662 4776	WfpLwf - ok
21:59:01.0683 4776	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:59:01.0684 4776	WIMMount - ok
21:59:01.0745 4776	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:59:01.0747 4776	WmiAcpi - ok
21:59:01.0775 4776	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:01.0777 4776	ws2ifsl - ok
21:59:01.0796 4776	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:59:01.0799 4776	WudfPf - ok
21:59:01.0826 4776	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:01.0828 4776	WUDFRd - ok
21:59:01.0880 4776	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
21:59:01.0883 4776	xusb21 - ok
21:59:01.0903 4776	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:59:01.0909 4776	\Device\Harddisk0\DR0 - ok
21:59:01.0912 4776	Boot (0x1200)   (822d578f15a36a96300da41e4f612601) \Device\Harddisk0\DR0\Partition0
21:59:01.0913 4776	\Device\Harddisk0\DR0\Partition0 - ok
21:59:01.0914 4776	============================================================
21:59:01.0914 4776	Scan finished
21:59:01.0914 4776	============================================================
21:59:01.0923 3668	Detected object count: 0
21:59:01.0923 3668	Actual detected object count: 0
21:59:29.0348 4924	Deinitialize success
         


Alt 21.12.2011, 22:29   #6
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
  • List Minidump Files
Klicke Go und poste den Inhalt der Result.txt.
__________________
--> Trojan.FakeAlert

Alt 21.12.2011, 22:30   #7
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Code:
ATTFilter
 MiniToolBox by Farbar 
Ran by Eric (administrator) on 21-12-2011 at 22:29:59
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2011 10:19:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2011 06:40:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610, Zeitstempel: 0x4c00573a
Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 2.5.0.16600, Zeitstempel: 0x4ca30e16
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000121da
ID des fehlerhaften Prozesses: 0x1064
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (12/19/2011 01:14:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/17/2011 04:50:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2011 03:21:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/15/2011 01:19:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/14/2011 07:16:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2011 03:49:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2011 02:15:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2011 05:45:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/21/2011 10:18:48 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (12/21/2011 10:17:51 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8a0a13837, 0xb3b7465ef31f7825, 0xfffff880033226c0, 0x0000000000000002)C:\Windows\MEMORY.DMP122111-16458-01

Error: (12/21/2011 10:17:51 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?21.?12.?2011 um 22:14:59 unerwartet heruntergefahren.

Error: (12/19/2011 02:39:08 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (12/19/2011 02:18:12 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "REDDRAGON-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/16/2011 04:18:35 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (12/16/2011 03:26:51 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (12/16/2011 03:21:11 AM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "REDDRAGON-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B895C12B-988A-444A-8A98-16F43F2F2E72}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (12/16/2011 03:02:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/16/2011 03:02:22 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8173.41 MB
Available physical RAM: 5951.93 MB
Total Pagefile: 16345.01 MB
Available Pagefile: 13683.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.52 MB

========================= Partitions: =====================================

1 Drive c: (OS_Install) (Fixed) (Total:921.26 GB) (Free:442.09 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\ERIC-HARDCOREPC

Administrator            Eric                     Gast                     
UpdatusUser              
Der Befehl wurde erfolgreich ausgefhrt.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****
         

Alt 21.12.2011, 22:36   #8
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Irgendwelche Hardware bzw Treiber in letzter Zeit installiert.
Der Fehlercode dürfte bei einem 64 bit System garnicht auftauchen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 21.12.2011, 22:38   #9
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



habe grade eine meldung von Malwarebytes gesehen: hxxp://imageshack.us/photo/my-images/684/zugang.png/

nein, in den letzten 3 Monaten afaik nicht, also keine neuen Treiber ect.

Alt 22.12.2011, 09:00   #10
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 22.12.2011, 09:37   #11
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-12-22.01 - Eric 22.12.2011   9:14.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.41.1031.18.8173.5971 [GMT 1:00]
ausgeführt von:: c:\users\Eric\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-20 22:52 . 2011-12-20 22:52	--------	d-----w-	c:\users\Eric\AppData\Roaming\Malwarebytes
2011-12-20 22:52 . 2011-12-20 22:52	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-20 22:52 . 2011-12-20 22:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-20 22:52 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-20 12:16 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C18FEB23-C5F0-4909-BF50-C4BD8B98A2FF}\mpengine.dll
2011-12-18 18:37 . 2011-12-18 18:37	--------	d-----w-	c:\users\Public\Games
2011-12-15 08:52 . 2008-07-12 07:18	467984	----a-w-	c:\windows\SysWow64\d3dx10_39.dll
2011-12-15 08:52 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\SysWow64\D3DCompiler_39.dll
2011-12-15 08:52 . 2008-07-12 07:18	540688	----a-w-	c:\windows\system32\d3dx10_39.dll
2011-12-15 08:52 . 2008-07-12 07:18	1942552	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2011-12-15 08:52 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\SysWow64\D3DX9_39.dll
2011-12-15 08:52 . 2008-07-12 07:18	4992520	----a-w-	c:\windows\system32\D3DX9_39.dll
2011-11-29 18:10 . 2011-11-29 18:10	--------	d-----w-	c:\users\Eric\AppData\Local\Divinity 2
2011-11-29 18:10 . 2011-11-29 18:10	--------	d-----w-	c:\programdata\Divinity 2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 14:59 . 2011-06-14 13:59	106224	----a-w-	c:\windows\SysWow64\drivers\GRD.sys
2011-12-10 22:48 . 2011-08-31 18:39	281656	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-12-10 22:48 . 2011-08-31 18:37	281656	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-12-08 18:26 . 2011-08-31 18:37	281656	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-12-08 11:12 . 2011-09-24 19:46	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2011-12-08 11:12 . 2011-09-24 19:46	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2011-12-08 11:12 . 2011-09-24 19:46	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2011-12-08 11:12 . 2011-09-24 19:46	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2011-12-01 17:47 . 2011-06-12 16:02	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-22 16:23 . 2011-08-31 18:37	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-11-01 10:34 . 2011-11-01 10:34	525544	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-23 11:20 . 2011-10-23 11:20	161058	----a-w-	c:\windows\Star Assault Uninstaller.exe
2011-10-22 14:58 . 2011-10-22 14:58	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2011-10-15 08:53 . 2011-11-03 22:01	3074368	----a-w-	c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-11-03 22:00	8791360	----a-w-	c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-11-03 22:00	7581504	----a-w-	c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-11-03 22:00	68928	----a-w-	c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-11-03 22:00	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-11-03 22:00	5578560	----a-w-	c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-11-03 22:00	2542912	----a-w-	c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-11-03 22:00	24796992	----a-w-	c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-11-03 22:00	24742720	----a-w-	c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-11-03 22:00	2401088	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-11-03 22:00	2232128	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-03 22:00	2099520	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-11-03 22:00	18871616	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-11-03 22:00	17248576	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-11-03 22:00	15693120	----a-w-	c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-11-03 22:00	1533248	----a-w-	c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-11-03 22:00	1454400	----a-w-	c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-11-03 22:00	12971840	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-03-30 21:04	7041856	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-03-30 21:04	2808128	----a-w-	c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-03-30 21:04	2458432	----a-w-	c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-03-30 21:04	13205312	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-01-14 05:02	222528	----a-w-	c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-01-14 05:02	1640768	----a-w-	c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-01-14 05:02	137536	----a-w-	c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-01-14 05:02	837952	----a-w-	c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-01-14 05:02	10406208	----a-w-	c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-01-14 05:02	5067584	----a-w-	c:\windows\system32\nvsvc64.dll
2011-10-14 23:54 . 2011-10-14 23:54	321856	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2011-10-03 03:06 . 2011-06-12 21:44	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-29 16:29 . 2011-11-09 18:20	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"ImpulseFastStart"="c:\program files (x86)\Stardock\Impulse\Impulse.exe" [2008-10-14 1717616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2010-08-26 996936]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2010-08-26 1538120]
"Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-08-27 1178184]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2010-03-31 410696]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2010-08-25 1865344]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [1937-11-25 1718608]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]
S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [x]
S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [x]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\59llgaul.default\
FF - prefs.js: browser.startup.homepage - hxxp://eve-radio.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4117731954-3112775516-3206149677-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,3d,01,37,38,01,b0,46,ad,63,a6,90,47,19,6f,24,4e,4e,38,ed,7b,
   58,15,e4,0c,cf,ca,59,bd,b4,35,52,d1,69,5b,3a,1b,5d,17,dd,9f,8e,24,e4,ca,32,\
"rkeysecu"=hex:ac,ac,4f,31,21,bf,07,73,55,6e,55,bc,28,2f,a5,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22  09:30:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-22 08:30
.
Vor Suchlauf: 15 Verzeichnis(se), 521'975'013'376 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 522'960'613'376 Bytes frei
.
- - End Of File - - 6E633EB390CBBEE6B35E24CDB5C1097B
         
--- --- ---

Alt 22.12.2011, 17:15   #12
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Hy,
Kommen die Warntöne noch immer ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 22.12.2011, 17:36   #13
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



... bisher hab ich keine Warntöne mehr gehört...

Ich lass nochmal Malwarebytes drüberschauen...

Alt 22.12.2011, 20:12   #14
Larusso
/// Selecta Jahrusso
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Ja poste mal wenn was gefunden wurde ( wirkt jetzt iwie total unprofessionell xD )
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 22.12.2011, 22:20   #15
Eric42
 
Trojan.FakeAlert - Standard

Trojan.FakeAlert



Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122204

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.12.2011 22:19:10
mbam-log-2011-12-22 (22-19-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 668513
Laufzeit: 2 Stunde(n), 54 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Antwort

Themen zu Trojan.FakeAlert
64-bit, adobe, bho, black, browser, c:\windows\system32\rundll32.exe, computer, defender, error, excel, explorer, flash player, format, gdata, grand theft auto, install.exe, jdownloader, langs, logfile, microsoft office word, mozilla, nvidia, nvidia update, office 2007, pirates, realtek, registry, required, rundll, security, security update, senden, server, software, teamspeak, temp, usb 3.0, version=1.0, webcheck, windows, windows live mesh, winlogon.exe



Ähnliche Themen: Trojan.FakeAlert


  1. Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (17)
  2. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  3. Trojan.FakeAlert in Registry gefunden
    Log-Analyse und Auswertung - 18.10.2011 (1)
  4. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  5. FakeAlert! gbr Trojan!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  6. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 05.06.2011 (36)
  7. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 24.05.2011 (25)
  8. 'TR/Kazy.21048.8' ; Trojan.FakeAlert
    Log-Analyse und Auswertung - 02.05.2011 (13)
  9. Trojan.FakeAlert / OTL Log / Festenplattenfehler HILFE!!!
    Log-Analyse und Auswertung - 23.04.2011 (3)
  10. Dateien weg nach Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (1)
  11. Trojan.FakeAlert entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2010 (8)
  12. Malewarebytes meldet 2 verschiedene Trojaner (Trojan.Downloader und Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (0)
  13. Trojan Fraudpack, Trojan.Fakealert und tr/renos.ewc.11
    Plagegeister aller Art und deren Bekämpfung - 19.06.2010 (11)
  14. iebho.dll (Trojan.FakeAlert, Trojan.BHO.H) lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.03.2010 (17)
  15. Hilfe!! Trojan.FakeAlert.AQE
    Plagegeister aller Art und deren Bekämpfung - 24.02.2009 (0)
  16. Trojan.FakeAlert und Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (3)
  17. Funktionsweise von Trojan.FakeAlert
    Diskussionsforum - 20.09.2008 (7)

Zum Thema Trojan.FakeAlert - Hallo Leute, Ich hab seit letzter Woche ca. 1-4 mal Täglich seltsame "Warntöne". Auf Youtube habe ich nichts gefunden, was so klingt, man kann sich das aber wie ein Normaler - Trojan.FakeAlert...
Archiv
Du betrachtest: Trojan.FakeAlert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.