Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   browsersafesearhing.com als standardsuchmaschine nach installation von steam-download.de (https://www.trojaner-board.de/110017-browsersafesearhing-com-standardsuchmaschine-installation-steam-download-de.html)

Yagami 15.02.2012 23:21
browsersafesearhing.com als standardsuchmaschine nach installation von steam-download.de
 
Dieses Problem ist bei anderen Usern, nach dem was ich gelesen habe, nun schon öfter aufgetreten:
Seit der Installation eines Programms von steam-download.de werde ich bei einer Eingabe in die Adresszeile zu browsersafesearching.com geleitet (benutze übrigens Firefox). Nachdem ich in den Configs die keyword.url auf google gesetzt hatte und den Browser neu gestartet hatte, wurde ich dennoch wieder zu der genannten url geleitet. Eingaben über google funktionieren ganz normal, soll heißen, die Ergebnisse werden als google-Suchergebnisse dargestellt, aber darum geht es ja nicht, sondern wohl eher darum, dass sich bei mir wohl Malware eingeschlichen hat und ich diese wieder gerne entfernen würde. Da ähnliche Fälle trotzdem individuell behandelt werden sollen, bitte ich euch hier inständig um Hilfe.
Habe, bevor ich hier gelandet bin, schon auf anderen Seiten nachgeschaut, was ich unternehmen kann. Schritte die ich bisher unternommen habe:
Habe HiJackThis durchlaufen lassen, ebenso wie MalwareBytes und Etes.
HiJackThis und MalwareBytes haben keine verdächtigen Funde gemeldet Etes jedoch schon (Logfile im Anhang). Falls HiJackThis- und MalwareBytes-Logs noch benötigt werden, einfach Bescheid geben. Bin recht unerfahren mit dem Posten in Boards und falls ich etwas falsch / zu nachlässig gemacht habe, einfach melden. Vielen Dank im Vorraus!
Achja, es handelt sich bei meinem System um einen ASUS Laptop aber ich denke, dass das ja irgendwo in den Logs drinsteht. Falls dies nicht der Fall ist und zu meinem System nähere Daten gebraucht werden, auch hier wieder einfach melden :) .

cosinus 17.02.2012 12:15
Bitte alle Logs von Malwarebytes posten

Zitat:
C:\Users\***\Downloads\SoftonicDownloader_fuer_gamemagic-s60.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Yagami 17.02.2012 19:08
Um ehrlich zu sein, weiß ich weder, worum es sich bei dieser Software handelt, noch wie die in meinem Download-Ordner gelandet ist. Das Malwarebytes Log ist im Anhang (wobei ich mir nicht sicher bin, ob das richtig ist, da es nicht wirklich aussagekräftig ist Oo). Grüße und Danke schonmal für die Info

cosinus 17.02.2012 19:46
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Yagami 17.02.2012 20:32
Habe vorher noch nicht mit Malwarebytes gearbeitet habe es mir erst am 12. wegen diesem Problem runtergeladen. Trotzdem auch in diesen nichts zu finden ist, die Logs vom 12. hier.
(1 Log war Quick-Scan)

cosinus 17.02.2012 20:38
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Yagami 20.02.2012 16:54
Oh, das ist mir ja jetzt erst aufgefallen. Ich habe eingänglich mein ESET Log schon mitgeschickt (ausgeführt wie in der Beschreibung deines Posts), hab es aber (war wohl schon müde) mit Etes beschrieben. Entschuldigung hierfür und wie gesagt, in meinem ersten Post ist das Log bereits angehängt. Grüße Yagami

cosinus 20.02.2012 20:51
Richtig, das hab ich übersehen.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Yagami 21.02.2012 03:32
Komm iwie nicht weiter. Hab die Schritte mehrfach befolgt und komme auch nach wiederholtem Runterladen bzw. Rebooten trotzdem immer auf dasselbe Ergebnis: bei getting folder structure hängt er ne weile und dann kommt nach ein paar minuten out of memory. Was tun?

cosinus 21.02.2012 13:01
Probiers im abgesicherten Modus nochmal aus

Yagami 21.02.2012 18:16
Abgesicherter Modus, selbes Ergebnis :(

cosinus 21.02.2012 19:07
Dann mal so, aber auch hier den Haken bei Scanne alle Benutzer setzen!

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Yagami 21.02.2012 20:36
So fertig OTL Logfile:
Code:
OTL logfile created on: 21.02.2012 19:52:00 - Run 1
OTL by OldTimer - Version 3.2.33.1    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,03% Memory free
7,83 Gb Paging File | 6,27 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 415,40 Gb Free Space | 89,21% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 7F 73 94 53 A5 CC 01  [binary data]
IE - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2011.12.16 16:36:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.21 01:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.17 19:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.02.21 01:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bmh2japt.default\extensions
[2011.11.20 05:24:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmh2japt.default\searchplugins\SweetIM Search.xml
[2011.11.20 05:24:19 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmh2japt.default\searchplugins\sweetim.xml
[2012.01.01 11:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.21 01:11:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.01 11:13:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.25 11:30:08 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.01 11:13:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.01 11:13:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.01 11:13:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.08 22:21:52 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.01.01 11:13:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.01 11:13:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\***\AppData\Roaming\instplugin\toolbar.dll ()
O3 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Programme\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{394A2B56-22F3-43D6-84CC-0B6234708E98}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Programme\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95b0a8fc-108f-11e1-9fa1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95b0a8fc-108f-11e1-9fa1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.21 02:47:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Axialis
[2012.02.21 01:18:52 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.16 10:19:33 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 10:19:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 10:19:31 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 10:19:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 10:19:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 10:19:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 10:19:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 10:19:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 10:19:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 10:19:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 10:19:29 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 21:41:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.02.15 14:36:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 14:36:13 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 14:36:13 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 14:36:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 03:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.15 02:07:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.15 02:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HiJackThis
[2012.02.14 03:29:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.02.12 14:26:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.02.12 14:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.12 14:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.12 14:26:25 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.12 14:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.09 20:20:30 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Netzwerke üklausuren
[2012.02.09 12:32:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Netzwerke Wiederholung 200 Seiten
[2012.02.05 20:11:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TGI
[2012.02.05 00:14:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Text
[2012.02.01 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PG
[2012.01.31 04:47:34 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.31 04:47:34 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.31 04:47:33 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.31 04:47:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.31 04:47:33 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.31 04:47:33 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.27 03:04:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Abel
[2012.01.26 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TGI 4
[2012.01.25 02:24:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\termin6
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.21 18:21:27 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 18:21:27 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 18:20:01 | 001,831,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.21 18:20:01 | 000,774,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.21 18:20:01 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.21 18:20:01 | 000,177,360 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.21 18:20:01 | 000,150,306 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.21 18:14:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.02.21 18:13:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.21 18:13:37 | 3152,080,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.21 01:18:56 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.02.16 16:13:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 22:36:34 | 000,006,470 | ---- | M] () -- C:\Users\***\Desktop\Logs.zip
[2012.02.15 22:15:30 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.02.15 21:41:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com
[2012.02.15 21:41:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.02.15 20:52:58 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.05 00:13:32 | 000,765,315 | ---- | M] () -- C:\Users\***\Desktop\thumb-1379719.jpg
 
========== Files Created - No Company Name ==========
 
[2012.02.15 22:35:32 | 000,006,470 | ---- | C] () -- C:\Users\***\Desktop\Logs.zip
[2012.02.15 22:15:30 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.02.15 21:41:04 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.02.05 00:13:28 | 000,765,315 | ---- | C] () -- C:\Users\***\Desktop\thumb-1379719.jpg
[2011.12.01 10:57:50 | 001,808,924 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.25 11:29:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.11.20 05:15:29 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.11.16 22:01:17 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.11.16 22:01:09 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.11.16 22:01:09 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.11.16 22:00:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.11.16 21:42:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.16 21:38:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.31 19:46:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

< End of report >
und #2 OTL Logfile:
Code:
OTL Extras logfile created on: 21.02.2012 19:52:00 - Run 1
OTL by OldTimer - Version 3.2.33.1    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 70,03% Memory free
7,83 Gb Paging File | 6,27 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 415,40 Gb Free Space | 89,21% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco ConfigMaker v2.6" = Cisco ConfigMaker v2.6
"ESET Online Scanner" = ESET Online Scanner v3
"GNUARM 4.1.1_is1" = GNUARM 4.1.1
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"instplugin" = instplugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1072091681-1570296779-4092454682-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.02.2012 20:49:38 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.33.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13f8    Startzeit:
 01ccf0323a686f55    Endzeit: 4    Anwendungspfad: C:\Users\***\Desktop\OTL.exe    Berichts-ID:
 e969034d-5c25-11e1-97c8-5404a6232d2b 
 
Error - 20.02.2012 21:24:49 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.33.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 978    Startzeit:
01ccf0376fb3840c    Endzeit: 6    Anwendungspfad: C:\Users\***\Desktop\OTL.exe    Berichts-ID:
 
 
Error - 20.02.2012 21:45:48 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.33.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14cc    Startzeit:
 01ccf037d88f3eaa    Endzeit: 9    Anwendungspfad: C:\Users\***\Desktop\OTL.exe    Berichts-ID:
 
 
Error - 20.02.2012 22:34:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.02.2012 12:38:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.02.2012 12:42:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.02.2012 12:52:26 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.02.2012 13:00:26 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.02.2012 13:01:31 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
 
Error - 21.02.2012 13:14:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 21.02.2012 12:59:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 21.02.2012 12:59:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
 
< End of report >

cosinus 21.02.2012 21:09
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2011.11.20 05:24:27 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmh2japt.default\searchplugins\SweetIM Search.xml
[2011.11.20 05:24:19 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmh2japt.default\searchplugins\sweetim.xml
[2011.11.25 11:30:08 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.08 22:21:52 | 000,000,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
O3 - HKLM\..\Toolbar: (instplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\***\AppData\Roaming\instplugin\toolbar.dll ()
O3 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1072091681-1570296779-4092454682-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{95b0a8fc-108f-11e1-9fa1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95b0a8fc-108f-11e1-9fa1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\InstAll.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Yagami 21.02.2012 22:52
Also ..., hab es gemacht wie beschrieben, nur kam gegen Ende dann die Fehlermeldung (bin mir nicht 100% über den Wortlaut sicher) "Could not create C:\Windows\System32\drivers\etc\Hosts" und dann ist für ca. 5-10 Minuten nichts mehr passiert, also habe ich OTL manuell geschlossen (obwohl da stand "create hosts .... do not interrupt" ; aber hab an der LED gesehen des nichts mehr gerechnet wurde).
Code:

Files\Folders moved on Reboot...
File move failed. C:\Users\SeBrickler\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
hab dann manuell gerebootet.
Achja wollte noch erwähnen, hatte es bisher wieder vergessen, dass bei meinem ersten Systemstart heute die System-und versteckte Dateien eingeblendet waren. Hab das in den Ordneroptionen wieder umgestellt und seitdem ist es auch nicht wieder aufgetreten. Vielleicht ist es ja von Bedeutung. Gruß Yagami

cosinus 22.02.2012 10:02
Probier nochmal:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Yagami 22.02.2012 20:04
Wieder "Out of memory". :(

cosinus 22.02.2012 20:52
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Yagami 02.03.2012 00:43
Hi, sry war im Urlaub und hab vergessen, dass hier zu erwähnen. :twak:
der log:
Code:
00:36:57.0421 5024        TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
00:36:57.0721 5024        ============================================================
00:36:57.0721 5024        Current date / time: 2012/03/02 00:36:57.0721
00:36:57.0721 5024        SystemInfo:
00:36:57.0721 5024       
00:36:57.0721 5024        OS Version: 6.1.7601 ServicePack: 1.0
00:36:57.0721 5024        Product type: Workstation
00:36:57.0721 5024        ComputerName: SEBRICKLER-PC
00:36:57.0721 5024        UserName: SeBrickler
00:36:57.0721 5024        Windows directory: C:\Windows
00:36:57.0721 5024        System windows directory: C:\Windows
00:36:57.0721 5024        Running under WOW64
00:36:57.0721 5024        Processor architecture: Intel x64
00:36:57.0721 5024        Number of processors: 4
00:36:57.0721 5024        Page size: 0x1000
00:36:57.0721 5024        Boot type: Normal boot
00:36:57.0721 5024        ============================================================
00:36:58.0431 5024        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:36:58.0451 5024        \Device\Harddisk0\DR0:
00:36:58.0451 5024        MBR used
00:36:58.0451 5024        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:36:58.0451 5024        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
00:36:58.0571 5024        Initialize success
00:36:58.0571 5024        ============================================================
00:38:20.0811 6036        ============================================================
00:38:20.0811 6036        Scan started
00:38:20.0811 6036        Mode: Manual; SigCheck; TDLFS;
00:38:20.0811 6036        ============================================================
00:38:22.0201 6036        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:38:22.0391 6036        1394ohci - ok
00:38:22.0491 6036        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:38:22.0521 6036        ACPI - ok
00:38:22.0561 6036        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:38:22.0621 6036        AcpiPmi - ok
00:38:22.0771 6036        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:38:22.0791 6036        adp94xx - ok
00:38:22.0851 6036        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:38:22.0871 6036        adpahci - ok
00:38:22.0941 6036        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:38:22.0961 6036        adpu320 - ok
00:38:23.0071 6036        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:38:23.0141 6036        AFD - ok
00:38:23.0251 6036        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:38:23.0261 6036        agp440 - ok
00:38:23.0361 6036        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:38:23.0371 6036        aliide - ok
00:38:23.0401 6036        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:38:23.0431 6036        amdide - ok
00:38:23.0471 6036        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:38:23.0511 6036        AmdK8 - ok
00:38:23.0591 6036        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:38:23.0621 6036        AmdPPM - ok
00:38:23.0691 6036        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:38:23.0701 6036        amdsata - ok
00:38:23.0771 6036        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:38:23.0781 6036        amdsbs - ok
00:38:23.0841 6036        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:38:23.0851 6036        amdxata - ok
00:38:24.0011 6036        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:38:24.0261 6036        AppID - ok
00:38:24.0401 6036        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:38:24.0421 6036        arc - ok
00:38:24.0461 6036        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:38:24.0471 6036        arcsas - ok
00:38:24.0551 6036        ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:38:24.0651 6036        ASMMAP64 - ok
00:38:24.0771 6036        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:38:24.0911 6036        AsyncMac - ok
00:38:25.0041 6036        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:38:25.0061 6036        atapi - ok
00:38:25.0241 6036        ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
00:38:25.0251 6036        ATKWMIACPIIO - ok
00:38:25.0361 6036        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
00:38:25.0371 6036        avgntflt - ok
00:38:25.0461 6036        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
00:38:25.0471 6036        avipbb - ok
00:38:25.0541 6036        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:38:25.0551 6036        avkmgr - ok
00:38:25.0661 6036        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:38:25.0711 6036        b06bdrv - ok
00:38:25.0811 6036        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:38:25.0851 6036        b57nd60a - ok
00:38:25.0931 6036        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:38:25.0991 6036        Beep - ok
00:38:26.0131 6036        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:38:26.0161 6036        blbdrive - ok
00:38:26.0251 6036        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:38:26.0321 6036        bowser - ok
00:38:26.0431 6036        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:38:26.0471 6036        BrFiltLo - ok
00:38:26.0521 6036        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:38:26.0541 6036        BrFiltUp - ok
00:38:26.0611 6036        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:38:26.0671 6036        Brserid - ok
00:38:26.0731 6036        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:38:26.0761 6036        BrSerWdm - ok
00:38:26.0831 6036        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:38:26.0861 6036        BrUsbMdm - ok
00:38:26.0881 6036        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:38:26.0921 6036        BrUsbSer - ok
00:38:27.0021 6036        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:38:27.0071 6036        BTHMODEM - ok
00:38:27.0181 6036        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:38:27.0231 6036        cdfs - ok
00:38:27.0291 6036        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:38:27.0321 6036        cdrom - ok
00:38:27.0441 6036        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:38:27.0481 6036        circlass - ok
00:38:27.0521 6036        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:38:27.0541 6036        CLFS - ok
00:38:27.0641 6036        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:38:27.0671 6036        CmBatt - ok
00:38:27.0721 6036        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:38:27.0731 6036        cmdide - ok
00:38:27.0781 6036        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:38:27.0821 6036        CNG - ok
00:38:27.0921 6036        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:38:27.0941 6036        Compbatt - ok
00:38:27.0991 6036        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:38:28.0021 6036        CompositeBus - ok
00:38:28.0091 6036        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:38:28.0111 6036        crcdisk - ok
00:38:28.0181 6036        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:38:28.0231 6036        CSC - ok
00:38:28.0331 6036        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:38:28.0391 6036        DfsC - ok
00:38:28.0451 6036        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:38:28.0511 6036        discache - ok
00:38:28.0591 6036        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:38:28.0601 6036        Disk - ok
00:38:28.0661 6036        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
00:38:28.0711 6036        dmvsc - ok
00:38:28.0811 6036        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:38:28.0851 6036        drmkaud - ok
00:38:28.0941 6036        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:38:28.0991 6036        DXGKrnl - ok
00:38:29.0111 6036        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:38:29.0211 6036        ebdrv - ok
00:38:29.0291 6036        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:38:29.0321 6036        elxstor - ok
00:38:29.0381 6036        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:38:29.0401 6036        ErrDev - ok
00:38:29.0441 6036        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:38:29.0471 6036        exfat - ok
00:38:29.0521 6036        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:38:29.0561 6036        fastfat - ok
00:38:29.0631 6036        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:38:29.0661 6036        fdc - ok
00:38:29.0731 6036        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:38:29.0741 6036        FileInfo - ok
00:38:29.0781 6036        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:38:29.0831 6036        Filetrace - ok
00:38:29.0861 6036        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:38:29.0881 6036        flpydisk - ok
00:38:29.0911 6036        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:38:29.0921 6036        FltMgr - ok
00:38:29.0971 6036        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:38:29.0971 6036        FsDepends - ok
00:38:30.0011 6036        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:38:30.0021 6036        Fs_Rec - ok
00:38:30.0071 6036        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:38:30.0081 6036        fvevol - ok
00:38:30.0131 6036        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:38:30.0151 6036        gagp30kx - ok
00:38:30.0201 6036        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:38:30.0241 6036        hcw85cir - ok
00:38:30.0321 6036        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:38:30.0361 6036        HdAudAddService - ok
00:38:30.0441 6036        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:38:30.0461 6036        HDAudBus - ok
00:38:30.0531 6036        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:38:30.0611 6036        HidBatt - ok
00:38:30.0651 6036        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:38:30.0671 6036        HidBth - ok
00:38:30.0721 6036        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:38:30.0731 6036        HidIr - ok
00:38:30.0821 6036        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:38:30.0851 6036        HidUsb - ok
00:38:30.0901 6036        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:38:30.0911 6036        HpSAMD - ok
00:38:30.0961 6036        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:38:31.0051 6036        HTTP - ok
00:38:31.0141 6036        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:38:31.0161 6036        hwpolicy - ok
00:38:31.0201 6036        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:38:31.0221 6036        i8042prt - ok
00:38:31.0301 6036        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
00:38:31.0321 6036        iaStor - ok
00:38:31.0381 6036        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:38:31.0421 6036        iaStorV - ok
00:38:31.0711 6036        igfx            (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:38:32.0081 6036        igfx - ok
00:38:32.0161 6036        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:38:32.0191 6036        iirsp - ok
00:38:32.0311 6036        IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\Windows\system32\drivers\RTKVHD64.sys
00:38:32.0391 6036        IntcAzAudAddService - ok
00:38:32.0481 6036        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:38:32.0521 6036        IntcDAud - ok
00:38:32.0591 6036        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:38:32.0601 6036        intelide - ok
00:38:32.0661 6036        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:38:32.0691 6036        intelppm - ok
00:38:32.0741 6036        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:38:32.0781 6036        IpFilterDriver - ok
00:38:32.0821 6036        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:38:32.0841 6036        IPMIDRV - ok
00:38:32.0921 6036        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:38:32.0971 6036        IPNAT - ok
00:38:33.0071 6036        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:38:33.0161 6036        IRENUM - ok
00:38:33.0261 6036        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:38:33.0271 6036        isapnp - ok
00:38:33.0311 6036        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:38:33.0331 6036        iScsiPrt - ok
00:38:33.0371 6036        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:38:33.0381 6036        kbdclass - ok
00:38:33.0421 6036        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:38:33.0441 6036        kbdhid - ok
00:38:33.0511 6036        kbfiltr        (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
00:38:33.0531 6036        kbfiltr - ok
00:38:33.0591 6036        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:38:33.0601 6036        KSecDD - ok
00:38:33.0611 6036        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:38:33.0631 6036        KSecPkg - ok
00:38:33.0651 6036        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:38:33.0691 6036        ksthunk - ok
00:38:33.0751 6036        L1C            (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:38:33.0761 6036        L1C - ok
00:38:33.0821 6036        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:38:33.0861 6036        lltdio - ok
00:38:33.0991 6036        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:38:34.0011 6036        LSI_FC - ok
00:38:34.0041 6036        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:38:34.0051 6036        LSI_SAS - ok
00:38:34.0101 6036        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:38:34.0111 6036        LSI_SAS2 - ok
00:38:34.0171 6036        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:38:34.0191 6036        LSI_SCSI - ok
00:38:34.0231 6036        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:38:34.0271 6036        luafv - ok
00:38:34.0291 6036        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:38:34.0301 6036        megasas - ok
00:38:34.0421 6036        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:38:34.0441 6036        MegaSR - ok
00:38:34.0491 6036        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:38:34.0501 6036        MEIx64 - ok
00:38:34.0521 6036        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:38:34.0561 6036        Modem - ok
00:38:34.0601 6036        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:38:34.0621 6036        monitor - ok
00:38:34.0721 6036        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:38:34.0731 6036        mouclass - ok
00:38:34.0771 6036        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:38:34.0801 6036        mouhid - ok
00:38:34.0831 6036        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:38:34.0841 6036        mountmgr - ok
00:38:34.0871 6036        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:38:34.0881 6036        mpio - ok
00:38:34.0901 6036        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:38:34.0941 6036        mpsdrv - ok
00:38:34.0971 6036        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:38:34.0991 6036        MRxDAV - ok
00:38:35.0081 6036        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:38:35.0131 6036        mrxsmb - ok
00:38:35.0231 6036        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:38:35.0261 6036        mrxsmb10 - ok
00:38:35.0301 6036        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:38:35.0311 6036        mrxsmb20 - ok
00:38:35.0331 6036        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:38:35.0341 6036        msahci - ok
00:38:35.0371 6036        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:38:35.0381 6036        msdsm - ok
00:38:35.0401 6036        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:38:35.0451 6036        Msfs - ok
00:38:35.0471 6036        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:38:35.0521 6036        mshidkmdf - ok
00:38:35.0591 6036        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:38:35.0601 6036        msisadrv - ok
00:38:35.0661 6036        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:38:35.0711 6036        MSKSSRV - ok
00:38:35.0731 6036        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:38:35.0771 6036        MSPCLOCK - ok
00:38:35.0791 6036        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:38:35.0821 6036        MSPQM - ok
00:38:35.0851 6036        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:38:35.0871 6036        MsRPC - ok
00:38:35.0881 6036        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:38:35.0891 6036        mssmbios - ok
00:38:35.0931 6036        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:38:35.0961 6036        MSTEE - ok
00:38:35.0981 6036        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:38:36.0001 6036        MTConfig - ok
00:38:36.0021 6036        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:38:36.0031 6036        Mup - ok
00:38:36.0081 6036        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:38:36.0111 6036        NativeWifiP - ok
00:38:36.0201 6036        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:38:36.0271 6036        NDIS - ok
00:38:36.0351 6036        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:38:36.0391 6036        NdisCap - ok
00:38:36.0481 6036        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:38:36.0541 6036        NdisTapi - ok
00:38:36.0581 6036        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:38:36.0621 6036        Ndisuio - ok
00:38:36.0691 6036        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:38:36.0731 6036        NdisWan - ok
00:38:36.0751 6036        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:38:36.0791 6036        NDProxy - ok
00:38:36.0881 6036        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:38:36.0931 6036        NetBIOS - ok
00:38:36.0971 6036        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:38:37.0001 6036        NetBT - ok
00:38:37.0151 6036        netr28x        (f1814e62eb6e50472afc9903525ecec1) C:\Windows\system32\DRIVERS\netr28x.sys
00:38:37.0221 6036        netr28x - ok
00:38:37.0291 6036        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:38:37.0301 6036        nfrd960 - ok
00:38:37.0381 6036        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:38:37.0431 6036        Npfs - ok
00:38:37.0461 6036        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:38:37.0501 6036        nsiproxy - ok
00:38:37.0621 6036        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:38:37.0671 6036        Ntfs - ok
00:38:37.0751 6036        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:38:37.0821 6036        Null - ok
00:38:38.0231 6036        nvlddmkm        (41a7c6ed2bab4c304633b785c884a912) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:38:38.0591 6036        nvlddmkm - ok
00:38:38.0661 6036        nvpciflt        (d542153cb23459b8aad88cf17e36b670) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:38:38.0671 6036        nvpciflt - ok
00:38:38.0731 6036        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:38:38.0751 6036        nvraid - ok
00:38:38.0781 6036        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:38:38.0791 6036        nvstor - ok
00:38:38.0841 6036        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:38:38.0851 6036        nv_agp - ok
00:38:38.0871 6036        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:38:38.0891 6036        ohci1394 - ok
00:38:38.0911 6036        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:38:38.0931 6036        Parport - ok
00:38:38.0991 6036        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:38:39.0011 6036        partmgr - ok
00:38:39.0041 6036        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:38:39.0051 6036        pci - ok
00:38:39.0081 6036        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:38:39.0091 6036        pciide - ok
00:38:39.0111 6036        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:38:39.0121 6036        pcmcia - ok
00:38:39.0151 6036        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:38:39.0151 6036        pcw - ok
00:38:39.0181 6036        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:38:39.0231 6036        PEAUTH - ok
00:38:39.0381 6036        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:38:39.0451 6036        PptpMiniport - ok
00:38:39.0481 6036        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:38:39.0501 6036        Processor - ok
00:38:39.0591 6036        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:38:39.0631 6036        Psched - ok
00:38:39.0711 6036        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:38:39.0771 6036        ql2300 - ok
00:38:39.0841 6036        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:38:39.0851 6036        ql40xx - ok
00:38:39.0901 6036        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:38:39.0921 6036        QWAVEdrv - ok
00:38:39.0961 6036        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:38:39.0991 6036        RasAcd - ok
00:38:40.0081 6036        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:38:40.0121 6036        RasAgileVpn - ok
00:38:40.0161 6036        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:38:40.0201 6036        Rasl2tp - ok
00:38:40.0231 6036        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:38:40.0271 6036        RasPppoe - ok
00:38:40.0371 6036        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:38:40.0431 6036        RasSstp - ok
00:38:40.0481 6036        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:38:40.0541 6036        rdbss - ok
00:38:40.0631 6036        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:38:40.0671 6036        rdpbus - ok
00:38:40.0711 6036        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:38:40.0741 6036        RDPCDD - ok
00:38:40.0771 6036        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:38:40.0821 6036        RDPDR - ok
00:38:40.0921 6036        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:38:40.0991 6036        RDPENCDD - ok
00:38:41.0021 6036        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:38:41.0051 6036        RDPREFMP - ok
00:38:41.0081 6036        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:38:41.0111 6036        RDPWD - ok
00:38:41.0191 6036        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:38:41.0201 6036        rdyboost - ok
00:38:41.0301 6036        RsFx0103        (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
00:38:41.0311 6036        RsFx0103 - ok
00:38:41.0361 6036        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:38:41.0401 6036        rspndr - ok
00:38:41.0441 6036        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:38:41.0461 6036        s3cap - ok
00:38:41.0561 6036        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:38:41.0581 6036        sbp2port - ok
00:38:41.0641 6036        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:38:41.0691 6036        scfilter - ok
00:38:41.0751 6036        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:38:41.0791 6036        secdrv - ok
00:38:41.0831 6036        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:38:41.0851 6036        Serenum - ok
00:38:41.0921 6036        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:38:41.0961 6036        Serial - ok
00:38:42.0061 6036        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:38:42.0091 6036        sermouse - ok
00:38:42.0131 6036        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:38:42.0141 6036        sffdisk - ok
00:38:42.0181 6036        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:38:42.0211 6036        sffp_mmc - ok
00:38:42.0251 6036        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:38:42.0271 6036        sffp_sd - ok
00:38:42.0321 6036        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:38:42.0341 6036        sfloppy - ok
00:38:42.0421 6036        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:38:42.0431 6036        SiSRaid2 - ok
00:38:42.0461 6036        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:38:42.0471 6036        SiSRaid4 - ok
00:38:42.0511 6036        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:38:42.0551 6036        Smb - ok
00:38:42.0661 6036        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:38:42.0671 6036        spldr - ok
00:38:42.0771 6036        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:38:42.0811 6036        srv - ok
00:38:42.0871 6036        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:38:42.0921 6036        srv2 - ok
00:38:42.0991 6036        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:38:43.0021 6036        srvnet - ok
00:38:43.0151 6036        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:38:43.0161 6036        stexstor - ok
00:38:43.0211 6036        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:38:43.0231 6036        storflt - ok
00:38:43.0261 6036        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:38:43.0271 6036        storvsc - ok
00:38:43.0301 6036        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:38:43.0311 6036        swenum - ok
00:38:43.0381 6036        SynTP          (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
00:38:43.0441 6036        SynTP - ok
00:38:43.0581 6036        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:38:43.0661 6036        Tcpip - ok
00:38:43.0741 6036        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:38:43.0771 6036        TCPIP6 - ok
00:38:43.0811 6036        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:38:43.0851 6036        tcpipreg - ok
00:38:43.0871 6036        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:38:43.0911 6036        TDPIPE - ok
00:38:43.0921 6036        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:38:43.0941 6036        TDTCP - ok
00:38:43.0971 6036        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:38:43.0991 6036        tdx - ok
00:38:44.0121 6036        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:38:44.0131 6036        TermDD - ok
00:38:44.0201 6036        tmactmon        (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
00:38:44.0211 6036        tmactmon - ok
00:38:44.0251 6036        tmcomm          (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
00:38:44.0261 6036        tmcomm - ok
00:38:44.0281 6036        tmevtmgr        (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
00:38:44.0291 6036        tmevtmgr - ok
00:38:44.0331 6036        tmtdi          (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
00:38:44.0341 6036        tmtdi - ok
00:38:44.0371 6036        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:38:44.0411 6036        tssecsrv - ok
00:38:44.0441 6036        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:38:44.0491 6036        TsUsbFlt - ok
00:38:44.0531 6036        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:38:44.0551 6036        TsUsbGD - ok
00:38:44.0651 6036        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:38:44.0691 6036        tunnel - ok
00:38:44.0751 6036        TurboB          (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
00:38:44.0761 6036        TurboB - ok
00:38:44.0801 6036        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:38:44.0811 6036        uagp35 - ok
00:38:44.0841 6036        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:38:44.0881 6036        udfs - ok
00:38:44.0951 6036        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:38:44.0961 6036        uliagpkx - ok
00:38:45.0011 6036        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:38:45.0051 6036        umbus - ok
00:38:45.0111 6036        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:38:45.0131 6036        UmPass - ok
00:38:45.0191 6036        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:38:45.0231 6036        usbccgp - ok
00:38:45.0301 6036        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:38:45.0341 6036        usbcir - ok
00:38:45.0381 6036        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:38:45.0401 6036        usbehci - ok
00:38:45.0461 6036        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:38:45.0491 6036        usbhub - ok
00:38:45.0531 6036        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:38:45.0561 6036        usbohci - ok
00:38:45.0601 6036        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:38:45.0621 6036        usbprint - ok
00:38:45.0641 6036        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:38:45.0701 6036        USBSTOR - ok
00:38:45.0791 6036        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:38:45.0831 6036        usbuhci - ok
00:38:45.0891 6036        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:38:45.0941 6036        usbvideo - ok
00:38:46.0041 6036        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:38:46.0051 6036        vdrvroot - ok
00:38:46.0101 6036        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:38:46.0121 6036        vga - ok
00:38:46.0171 6036        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:38:46.0221 6036        VgaSave - ok
00:38:46.0261 6036        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:38:46.0271 6036        vhdmp - ok
00:38:46.0301 6036        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:38:46.0311 6036        viaide - ok
00:38:46.0361 6036        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:38:46.0381 6036        vmbus - ok
00:38:46.0401 6036        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:38:46.0421 6036        VMBusHID - ok
00:38:46.0441 6036        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:38:46.0451 6036        volmgr - ok
00:38:46.0471 6036        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:38:46.0491 6036        volmgrx - ok
00:38:46.0511 6036        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:38:46.0541 6036        volsnap - ok
00:38:46.0571 6036        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:38:46.0591 6036        vsmraid - ok
00:38:46.0611 6036        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:38:46.0631 6036        vwifibus - ok
00:38:46.0671 6036        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:38:46.0691 6036        vwififlt - ok
00:38:46.0711 6036        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:38:46.0731 6036        WacomPen - ok
00:38:46.0821 6036        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:38:46.0861 6036        WANARP - ok
00:38:46.0871 6036        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:38:46.0891 6036        Wanarpv6 - ok
00:38:46.0941 6036        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:38:46.0951 6036        Wd - ok
00:38:47.0001 6036        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:38:47.0021 6036        Wdf01000 - ok
00:38:47.0081 6036        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:38:47.0111 6036        WfpLwf - ok
00:38:47.0171 6036        WimFltr        (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
00:38:47.0181 6036        WimFltr - ok
00:38:47.0221 6036        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:38:47.0231 6036        WIMMount - ok
00:38:47.0291 6036        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:38:47.0311 6036        WmiAcpi - ok
00:38:47.0351 6036        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:38:47.0381 6036        ws2ifsl - ok
00:38:47.0431 6036        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:38:47.0471 6036        WudfPf - ok
00:38:47.0531 6036        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:38:47.0581 6036        WUDFRd - ok
00:38:47.0611 6036        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:38:47.0781 6036        \Device\Harddisk0\DR0 - ok
00:38:47.0781 6036        Boot (0x1200)  (32f4cb882f7b00b213d89318686e8458) \Device\Harddisk0\DR0\Partition0
00:38:47.0781 6036        \Device\Harddisk0\DR0\Partition0 - ok
00:38:47.0821 6036        Boot (0x1200)  (dfa30819b7d002198067f4e7de0a97a2) \Device\Harddisk0\DR0\Partition1
00:38:47.0831 6036        \Device\Harddisk0\DR0\Partition1 - ok
00:38:47.0831 6036        ============================================================
00:38:47.0831 6036        Scan finished
00:38:47.0831 6036        ============================================================
00:38:47.0841 4384        Detected object count: 0
00:38:47.0841 4384        Actual detected object count: 0
00:39:24.0921 5872        Deinitialize success
Grüße Yagami

cosinus 02.03.2012 13:41
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Yagami 02.03.2012 18:36
So, von Update kam nichts und es hat auch irgendwie statt den angegebenen 10 Minuten ne knappe Stunde gedauert, aber hier ist das Log.
Combofix Logfile:
Code:
ComboFix 12-03-01.02 - *** 02.03.2012  16:34:55.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4008.2675 [GMT 1:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-02 bis 2012-03-02  ))))))))))))))))))))))))))))))
.
.
2012-03-02 17:14 . 2012-03-02 17:14        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-02 17:14 . 2012-03-02 17:14        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-28 12:02 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A397408-80F2-4CB0-8FC5-EAB649402B18}\mpengine.dll
2012-02-25 10:03 . 2012-02-25 10:03        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-02-25 10:01 . 2012-02-25 10:01        --------        d-----w-        c:\program files (x86)\Oracle
2012-02-25 10:01 . 2012-01-10 12:57        637848        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-02-25 10:01 . 2012-02-25 10:01        --------        d-----w-        c:\program files (x86)\Java
2012-02-21 21:38 . 2012-02-21 21:38        --------        d-----w-        C:\_OTL
2012-02-21 01:47 . 2012-02-21 01:48        --------        d-----w-        c:\users\***\AppData\Local\Axialis
2012-02-15 13:36 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 13:36 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:36 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 13:36 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2012-02-15 13:36 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 13:36 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-02-15 13:36 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 13:36 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2012-02-15 02:39 . 2012-02-15 02:39        --------        d-----w-        c:\program files (x86)\ESET
2012-02-15 01:07 . 2012-02-15 01:07        388096        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-14 02:29 . 2012-02-14 02:29        --------        d-----w-        c:\users\***\AppData\Local\ElevatedDiagnostics
2012-02-12 13:26 . 2012-02-12 13:26        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-02-12 13:26 . 2012-02-12 13:26        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-12 13:26 . 2012-02-12 13:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 13:26 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 17:15 . 2011-11-20 13:57        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2012-02-15 19:52 . 2011-11-17 18:16        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-29 04:10 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-20 00:19 . 2011-11-17 18:23        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-10 12:57 . 2011-11-20 04:13        567696        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-11-19 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-08 2009704]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-13 2984832]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Web-Suche - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bmh2japt.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearching.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-instplugin - c:\users\SEBRIC~1\AppData\Local\Temp\WZSE3.TMP\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02  18:19:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-02 17:19
.
Vor Suchlauf: 14 Verzeichnis(se), 442.903.855.104 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 442.367.512.576 Bytes frei
.
- - End Of File - - 705E823B165F163813ECA02D4175A143
--- --- ---

Grüße Yagami

cosinus 02.03.2012 19:29
Zitat:
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
Sind noch beide Programme installiert? Wenn ja umgehend TrenMicro deinstallieren, Suites sind kontraproduktiv!

Yagami 02.03.2012 19:57
Trend Micro ist noch installiert, kann ich aber löschen. Etwas anderes ...
Ich spiel ja nebenbei noch ein bisschen und nach dem Ausführen von ComboFix ist meine Performance tierisch in den Keller gegangen. Woran kann das liegen? (stört mich schon ziemlich)
Grüße Yagami

cosinus 05.03.2012 10:33
Wieso musst du denn jetzt spielen wenn wir mitten in der Bereinigung sind?! Das hat doch nun gar keine Priorität das Zocken!
Und ja deinstallier TrendMicro bitte erstmal.

Yagami 06.03.2012 12:29
Trend micro ist deinstalliert. Hat ja nicht nur das Zocken betroffen. Das Booten war auch DEUTLICH langsamer und sämtliche anderen Prozesse auch, z.B. Firefox hat erst einmal 1-2 Sekunden ein weißes Fenster ohne Rahmen gezeigt, wo es vorher doch instant offen war. Hoffe du bist mir nicht böse, aber ich will ja hier mein System bereinigen und nicht runterslowen / verschlechtern. Hab deshalb den Systemwiederherstellungspunkt von vor dem Scan aktiviert. Jetzt läuft alles wieder wie vorher. (Das Zocken hab ich getestet, weil alles andere schon langsamer war und ich wollte die Auswirkung bei Prozessen sehen, die ein bisschen mehr Auslastung erforden)
Grüße Yagami

cosinus 06.03.2012 13:45
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:11 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130