Trojaner-Board - PC plötzlich langsamer als gewohnt, möglicher Befall?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - PC plötzlich langsamer als gewohnt, möglicher Befall? (https://www.trojaner-board.de/106339-pc-ploetzlich-langsamer-gewohnt-moeglicher-befall.html)

PC plötzlich langsamer als gewohnt, möglicher Befall?

Hallo Trojaner-Board!
Ich hoffe, meine Anfrage klingt (oder ist) nicht allzu unangemessen:

Vor etwas mehr als einer Woche hatte ich auf meinem Win7-32bit-System die Software "Samsung Kies" installiert und Windows Updates durchgeführt. Als Kies sich dann selbst updaten wollte, fuhr der Rechner ohne Anweisung oder irgendwelche Meldungen herunter. Seitdem habe ich das Gefühl, er laufe langsamer als gewohnt, vor allem der Systemstart hat sich verlängert.
Nach ein wenig Googlen habe ich dann den Autoneustart deaktiviert, konnte den Absturz aber nicht reproduzieren. Weil ich nun aber leider Angst habe, mir durch irgendein Versäumnis eine "unauffällige" Gemeinheit eingefangen zu haben, bitte ich euch, meine Logs anzuschauen - ich habe genug über Rootkits, befallene Bios und Spyeye etc. gelesen, als dass ich ohne professionelle Hilfe noch Onlinebanking oder Paypal nutzen könnte...

Die Logs:
Defogger wurde aktiviert (nach dem Scan gab es keine Neustartaufforderung, wurde dann manuell gemacht).

OTL gab nur ein Log heraus:
OTL.txt

Code:

OTL logfile created on: 16.12.2011 14:27:06 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eric\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,40% Memory free

7,00 Gb Paging File | 5,90 Gb Available in Paging File | 84,41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 931,41 Gb Total Space | 172,46 Gb Free Space | 18,52% Space Free | Partition Type: NTFS

Drive E: | 698,63 Gb Total Space | 247,17 Gb Free Space | 35,38% Space Free | Partition Type: NTFS

 

Computer Name: KISTE | User Name: Eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.16 14:13:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe

PRC - [2011.12.02 16:17:52 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2011.12.02 16:17:42 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.25 08:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe

PRC - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010.11.15 10:08:08 | 001,158,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe

PRC - [2010.11.15 10:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe

PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe

PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe

PRC - [2010.08.03 09:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe

PRC - [2010.08.03 09:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe

PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\smart6\timelock\AlarmClock.exe

PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\System32\XSrvSetup.exe

PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe

PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe

PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe

PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.06 06:17:55 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll

MOD - [2011.12.06 06:16:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4d72e6878b73da48f7a6953a5e0b9332\System.Runtime.Remoting.ni.dll

MOD - [2011.12.06 06:16:11 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll

MOD - [2011.12.06 04:24:30 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll

MOD - [2011.12.06 04:24:20 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll

MOD - [2011.12.06 04:24:19 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll

MOD - [2011.12.06 04:24:18 | 000,115,137 | ---- | M] () -- C:\Users\Eric\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll

MOD - [2011.12.06 04:24:15 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll

MOD - [2011.12.06 04:24:13 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll

MOD - [2011.12.06 04:24:12 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll

MOD - [2011.12.06 04:24:12 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll

MOD - [2011.12.06 04:24:12 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll

MOD - [2011.12.06 04:24:10 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll

MOD - [2011.12.06 04:24:05 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll

MOD - [2011.12.02 16:17:52 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2010.11.15 10:08:08 | 000,962,416 | ---- | M] () -- C:\Programme\Tablet\Wacom\libxml2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.10.03 00:40:56 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Programme\Common Files\Desura\desura_service.exe -- (Desura Install Service)

SRV - [2011.08.03 22:04:19 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010.12.29 00:08:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010.11.15 10:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)

SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.16 14:23:22 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2011.12.10 03:37:57 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.07.25 20:59:10 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2011.07.25 20:57:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2011.05.25 08:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.04.23 19:30:16 | 000,028,936 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wod0205.sys -- (wod0205)

DRV - [2011.02.12 19:01:24 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.19 03:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010.11.19 03:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010.11.02 15:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2010.10.25 09:59:32 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2010.10.25 09:59:28 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2010.09.07 03:37:16 | 000,104,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.04.22 15:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2009.12.21 16:30:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)

DRV - [2009.12.21 16:30:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)

DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)

DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV - [2009.07.20 03:26:40 | 000,027,648 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2008.12.11 14:56:14 | 000,013,056 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Kone.sys -- (KoneFltr)

DRV - [2007.12.03 03:19:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)

DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 74 29 1C 51 A4 CB 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.1

FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite

FF - prefs.js..extensions.enabledItems: faextender@neocodenetworks.com:0.4.0.7

FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3

FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1

FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3

FF - prefs.js..extensions.enabledItems: tito@sorttabs:2.100910.18

FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.8.2

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5

FF - prefs.js..extensions.enabledItems: yesscript@userstyles.org:1.9

FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3

FF - prefs.js..extensions.enabledItems: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.37

FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7

FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16

FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13

FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.2.1

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6

FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.7

FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:05:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.03 03:51:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.19 23:08:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2011.10.13 23:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions

[2010.06.05 20:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.10.13 23:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions\prism@developer.mozilla.org

[2011.12.16 14:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions

[2010.12.25 18:47:40 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}

[2011.11.10 15:56:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.03.12 03:24:50 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}

[2011.11.25 12:15:23 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}

[2011.11.22 17:14:59 | 000,000,000 | ---D | M] (Perapera Chinese-German Dictionary File) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\chinese-german@perapera.org

[2011.11.22 16:40:43 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\chineseperakun@gmail.com

[2011.02.26 23:07:46 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\FasterFox_Lite@BigRedBrent

[2011.03.19 15:12:57 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\multilinks@plugin

[2010.12.25 18:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\oakVoc

[2011.01.28 01:07:32 | 000,000,000 | ---D | M] (Tab Counter) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\tabcounter@morac

[2010.12.25 18:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\temp

[2011.02.03 00:45:39 | 000,000,000 | ---D | M] (YesScript) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\yesscript@userstyles.org

[2009.01.18 16:07:33 | 000,001,093 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\----zh.xml

[2010.02.10 20:04:55 | 000,001,647 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\deezercom.xml

[2011.12.16 13:37:36 | 000,002,012 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\handedict.xml

[2011.12.16 13:37:36 | 000,002,008 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\leo-de-en.xml

[2010.01.07 00:17:59 | 000,001,755 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\leo-deu-fra.xml

[2010.04.29 02:49:34 | 000,001,993 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\ubuntuusers-portal.xml

[2010.06.05 22:08:16 | 000,001,328 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wikipedia-de.xml

[2008.06.19 14:55:18 | 000,001,108 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wikipedia-en.xml

[2009.12.15 22:14:53 | 000,001,344 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wiktionary-de.xml

[2011.12.16 13:37:36 | 000,002,431 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\youtube---videos.xml

[2011.12.07 05:22:37 | 000,002,057 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\youtube-videosuche.xml

[2011.11.20 01:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.22 23:51:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.11.20 01:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{62B958B4-9962-4FC2-9983-01A9A42D6F2D}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{A4732521-77D9-447E-A557-B279AC923F06}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\FAEXTENDER@NEOCODENETWORKS.COM.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\PERAPERAKUN-CHINESE@GMAIL.COM.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\PERAPERAKUN-JPEN@GMAIL.COM.XPI

() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\SORTPLACES@ANDYHALFORD.COM.XPI

[2011.11.09 16:05:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.20 01:12:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.05.10 01:44:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.10 01:45:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.05.10 01:45:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.10 01:45:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.10 01:45:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.10 01:45:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [36X Raid Configurer] C:\Windows\System32\xRaidSetup.exe (Gigabyte Technology Corp.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F1952E-941C-4D79-8822-F65F9A8B63CF}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {0EFEE2B0-84D5-74A9-9D5A-5AD092B8495D} - Microsoft VM

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.16 14:13:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe

[2011.12.08 18:17:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Zeug

[2011.12.07 03:42:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira

[2011.12.07 03:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.12.07 03:37:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.12.07 03:37:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.07 03:37:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.12.07 03:37:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2011.12.07 03:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.12.07 03:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011.12.06 05:21:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011.12.06 05:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.06 05:02:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.12.06 05:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.12.06 04:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

[2011.12.06 04:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec

[2011.12.06 04:23:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32

[2011.12.06 04:22:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.12.06 04:21:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Samsung

[2011.12.06 04:20:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Samsung

[2011.12.06 04:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2011.12.06 04:18:39 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll

[2011.12.06 04:18:34 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll

[2011.12.06 04:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny

[2011.12.06 04:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2011.12.06 04:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung

[2011.12.02 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\LOVE

[2011.11.28 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Endless Fluff Games

[2011.11.28 03:51:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\DemolitionInc

[2011.11.24 03:41:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\My Kindle Content

[2011.11.24 03:40:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

[2011.11.24 03:40:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Amazon

[2011.11.24 03:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon

[2011.11.22 19:36:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\.minecraft

[2011.11.20 01:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.11.20 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011.11.18 02:53:25 | 000,000,000 | ---D | C] -- C:\antitwined

[2011.11.17 23:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.16 14:30:44 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.16 14:30:44 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.16 14:23:24 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.12.16 14:23:23 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2011.12.16 14:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.16 14:23:07 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.16 14:21:01 | 000,000,000 | ---- | M] () -- C:\Users\Eric\defogger_reenable

[2011.12.16 14:13:42 | 000,302,592 | ---- | M] () -- C:\Users\Eric\Desktop\80h5n60v.exe

[2011.12.16 14:13:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe

[2011.12.16 14:13:24 | 000,050,477 | ---- | M] () -- C:\Users\Eric\Desktop\Defogger.exe

[2011.12.16 14:04:49 | 003,670,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.12.16 13:37:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.10 03:37:57 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.12.08 23:17:16 | 000,680,312 | ---- | M] () -- C:\Users\Eric\.TransferManager.db

[2011.12.06 06:37:35 | 000,038,932 | ---- | M] () -- C:\Users\Eric\Desktop\cc_20111206_063725.reg

[2011.12.06 04:26:32 | 000,707,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.06 04:26:32 | 000,660,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.06 04:26:32 | 000,152,892 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.06 04:26:32 | 000,125,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.28 03:51:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll

[2011.11.22 19:33:17 | 000,270,142 | ---- | M] () -- C:\Users\Eric\Desktop\Minecraft.exe

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.16 14:21:01 | 000,000,000 | ---- | C] () -- C:\Users\Eric\defogger_reenable

[2011.12.16 14:13:42 | 000,302,592 | ---- | C] () -- C:\Users\Eric\Desktop\80h5n60v.exe

[2011.12.16 14:13:23 | 000,050,477 | ---- | C] () -- C:\Users\Eric\Desktop\Defogger.exe

[2011.12.08 23:17:16 | 000,680,312 | ---- | C] () -- C:\Users\Eric\.TransferManager.db

[2011.12.06 06:37:27 | 000,038,932 | ---- | C] () -- C:\Users\Eric\Desktop\cc_20111206_063725.reg

[2011.12.03 03:51:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.11.22 19:33:16 | 000,270,142 | ---- | C] () -- C:\Users\Eric\Desktop\Minecraft.exe

[2011.11.17 23:36:49 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk

[2011.11.04 03:07:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.07.26 23:30:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011.07.25 20:57:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2011.07.25 20:57:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2011.07.09 00:15:18 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2011.07.03 23:24:22 | 000,007,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg

[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.05.18 19:31:29 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2010.12.29 00:03:12 | 000,105,692 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.12.28 13:19:05 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2010.12.28 13:18:59 | 000,022,328 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\PnkBstrK.sys

[2010.12.28 13:18:26 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010.12.28 13:18:25 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe

[2010.12.28 13:18:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010.12.27 18:18:26 | 000,000,092 | ---- | C] () -- C:\Users\Eric\AppData\Local\fusioncache.dat

[2010.12.26 01:33:12 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010.12.25 20:23:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010.12.25 19:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.12.25 17:22:57 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys

[2010.12.25 17:19:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\CommCmd.dll

[2010.12.25 17:16:17 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe

[2010.12.25 17:16:17 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys

[2010.12.25 17:15:33 | 000,072,304 | ---- | C] () -- C:\Windows\System32\XSrvSetup.exe

[2010.12.25 17:12:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2010.09.24 08:49:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\lua5.1a_gui.exe

[2010.09.24 08:49:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\lua5.1a.exe

[2010.09.24 08:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll

[2009.10.06 08:16:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe

[2009.07.14 09:47:43 | 000,707,300 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.14 09:47:43 | 000,152,892 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 003,670,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,660,918 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,125,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2011.11.22 19:37:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft

[2011.08.06 20:02:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AtomZombieData

[2011.09.27 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity

[2010.12.26 01:17:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Blender Foundation

[2011.01.05 03:58:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Braid

[2011.07.10 14:36:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Brawsome

[2011.07.26 23:30:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Broken Rules

[2010.12.29 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.11.12 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Chocolate Castle

[2011.01.23 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command & Conquer 3 Kanes Rache

[2011.01.23 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2011.03.06 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command and Conquer 4

[2011.07.26 22:56:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Crayon Physics Deluxe

[2011.03.31 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\devilteam.com.6541CD13E116CF2CC04BB21990CF29C835563A61.1

[2011.05.08 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dwarfs

[2011.11.28 21:54:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Endless Fluff Games

[2011.01.23 20:27:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GameRanger

[2011.07.10 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GlarySoft

[2011.01.23 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\InfraRecorder

[2010.12.25 18:56:59 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\IrfanView

[2011.11.12 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Jasper's Journeys

[2011.07.03 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Kalypso Media

[2011.06.05 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Language

[2011.07.26 23:35:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lazy 8 Studios

[2011.10.12 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice

[2011.12.02 00:10:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LOVE

[2011.02.01 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Minetographer

[2011.08.15 22:30:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MinMaxGames

[2011.11.02 00:23:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Miranda

[2011.03.20 02:10:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Natural Selection 2

[2011.04.16 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\nikki-free-levels

[2010.12.26 01:27:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org

[2011.10.13 23:50:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Prism

[2010.12.25 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ROCCAT

[2011.12.06 04:20:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Samsung

[2011.08.11 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\sc68

[2010.12.28 23:59:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011.05.18 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\System

[2010.12.25 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SYSTEMAX Software Development

[2011.05.29 15:20:36 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TerrariaWorldViewer

[2011.04.03 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\The Creative Assembly

[2011.01.01 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\The Path

[2010.12.25 19:07:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird

[2011.12.06 06:36:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TS3Client

[2011.07.13 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ubisoft

[2011.01.19 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Unity

[2011.11.04 02:18:39 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Voxatron

[2011.06.05 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wippien

[2011.05.29 03:00:21 | 000,000,000 | -HSD | M] -- C:\Users\Eric\AppData\Roaming\wyUpdate AU

[2011.11.12 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Zen Puzzle Garden

[2011.01.01 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ZombieDriver

[2011.12.16 14:23:23 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job

[2011.10.22 23:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2010.12.25 17:07:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.11.18 22:35:14 | 000,000,000 | ---D | M] -- C:\antitwined

[2011.12.06 04:28:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2010.12.25 17:13:10 | 000,000,000 | ---D | M] -- C:\Intel

[2011.09.23 02:50:44 | 000,000,000 | ---D | M] -- C:\Minecraft Server

[2011.02.27 12:41:24 | 000,000,000 | ---D | M] -- C:\Minecraft Server 3

[2011.04.21 12:39:57 | 000,000,000 | ---D | M] -- C:\Minecraft Server1

[2011.02.05 03:07:31 | 000,000,000 | ---D | M] -- C:\Minecraft Server2

[2011.09.14 14:29:42 | 000,000,000 | ---D | M] -- C:\Minecraft Serverx

[2010.12.26 01:05:47 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.12.07 03:37:02 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.12.07 03:37:02 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.02.01 01:42:08 | 000,000,000 | ---D | M] -- C:\Python26

[2011.02.01 01:39:00 | 000,000,000 | ---D | M] -- C:\Python27

[2010.12.26 01:21:52 | 000,000,000 | ---D | M] -- C:\Python31

[2010.12.25 17:15:33 | 000,000,000 | ---D | M] -- C:\RaidTool

[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.11.12 20:40:39 | 000,000,000 | ---D | M] -- C:\Siele

[2011.11.12 20:37:06 | 000,000,000 | ---D | M] -- C:\Spiele

[2011.12.16 14:30:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.07.11 22:31:00 | 000,000,000 | R--D | M] -- C:\Users

[2011.12.08 20:05:59 | 000,000,000 | ---D | M] -- C:\Windows

[2011.12.16 14:09:34 | 000,000,000 | ---D | M] -- C:\zzzUbuntu

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: AFD.SYS  >

[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys

[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys

[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys

[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-16 13:02:33
 

< End of report >

Gmer wollte ich auch durchlaufen lassen, aber es stürzt ständig ab - manchmal mit Bluescreen (u.a. bad header error). Meistens endet der Suchlauf bei den Punkten "harddisk shadow volume copy 1" oder "harddisk shadow volume copy 2".

Vielen Dank für eure Zeit und Hilfe!

Eric

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo!
Mit ein bisschen Verzug habe ich nun auch Antimalware und Eset laufen lassen.
Hier die Logs:

Anti-Malware

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8397
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

19.12.2011 18:12:45

mbam-log-2011-12-19 (18-12-45).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)

Durchsuchte Objekte: 1434421

Laufzeit: 3 Stunde(n), 14 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Eric\Desktop\oi_cd112156.exe (PUP.Adware.OpenInstall) -> Quarantined and deleted successfully.

Eset

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-12-19 07:13:34

# local_time=2011-12-19 08:13:34 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 1094117 1094117 0 0

# compatibility_mode=5893 16776574 100 94 25465423 75947130 0 0

# compatibility_mode=8192 67108863 100 0 3839 3839 0 0

# scanned=334530

# found=0

# cleaned=0

# scan_time=6074

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-21 12:24:19

# local_time=2011-12-21 01:24:19 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 1205195 1205195 0 0

# compatibility_mode=5893 16776574 100 94 25576501 76058208 0 0

# compatibility_mode=8192 67108863 100 0 114917 114917 0 0

# scanned=3048

# found=0

# cleaned=0

# scan_time=41

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-21 06:24:24

# local_time=2011-12-21 07:24:24 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 1205544 1205544 0 0

# compatibility_mode=5893 16776574 100 94 25576850 76058557 0 0

# compatibility_mode=8192 67108863 100 0 115266 115266 0 0

# scanned=1275404

# found=5

# cleaned=0

# scan_time=21297

C:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe        probably a variant of Win32/Spy.Agent.BRFBWVA trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Eric\Desktopzeug\DL\FFSetup2.zip        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

E:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe        probably a variant of Win32/Spy.Agent.BRFBWVA trojan (unable to clean)        00000000000000000000000000000000        I

E:\Users\Eric\Downloads\FFSetup2.zip        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

E:\Users\Eric\Downloads\SoftonicDownloader38594.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Zum Eset-Scan muss ich noch anmerken, dass ich keinen Zugriff auf unsere Routereinstellungen hatte, falls der eine eigene Firewall laufen lässt. Zudem wurde angezeigt, dass der Windows Defender lief, obwohl er für den Scan deaktiviert wurde. Ich hoffe, die Ergebnisse wurden nicht verfäscht.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Sorry, das ist mein einziges vollständiges Log (vom gleichen Tag ist noch eines von einem abgebrochenen Suchlauf vorhanden). Ich hatte vor einer Weile einen Quick-Scan gemacht, der nichts fand. Das Log wurde aber gelöscht, als ich das Programm deinstallierte...

Zitat:

C:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe

Was ist denn das hier?

Das ist ein Addon zu dem Spiel Heroes of Might and Magic 5: "Random Map Generator". Das ist jetzt schon eine Weile auf dem Rechner, aber bei vorigen Scans (AntiVir etc.) nie aufgefallen...

Dann ist es ein Fehlalarm. Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier, einmal Quickscan als *.zip.

Also dass dein vollgestopfter Rechner langsam ist wundert mich überhaupt nicht :balla:
Hunderte Dateien liegen allein auf deinem Desktop und deine Programmordner ist ebenfalls mit Dutzenden Ordner gefüllt. Installierst du dir jeden Mist der dir in die Finger kommt? :balla:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="

O4 - HKCU..\Run: [AdobeBridge]  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

[2011.05.18 19:31:29 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs
 

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Zuerst einmal herzlichen Dank für die bisherige Hilfe, ich habe das Script ausgeführt und dieses Log erhalten:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

E:\autoexec.bat moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ deleted successfully.

C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Eric

->Temp folder emptied: 20983215 bytes

->Temporary Internet Files folder emptied: 20557939 bytes

->Java cache emptied: 1076853 bytes

->FireFox cache emptied: 75961956 bytes

->Flash cache emptied: 146430 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 401408 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18678 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 114,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_201825
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Zu meiner Verteidigung möchte allerdings ich sagen, dass meine Festplatte(n) zwar gut voll sind und nach einigen unübersichtlichen Kopieraktionen reichlich Ballast mit sich rumschleppen, den ich noch nicht abgeworfen habe. Aber "jeden Mist installieren" halte ich für eine Frage der persönlichen Präferenz, sofern man nicht "jeden Mist ungeprüft installiert. Meine Befürchtungen bezogen sich daher auch nicht auf eine generelle Trägheit meines PC, sondern auf jene subjektiven Veränderungen, die ich nach meiner obigen Schilderung wahrgenommen hatte.
Daher vielen Dank, dass Sie sich meines Problems so geduldig und gründlich angenommen haben. Es beruhigt mich sehr, dass nicht der böse Rootkit-Geist durch meinen Computer wabert und mich über Weihnachten heimsucht wie einen bekannten geizigen Knurrhahn...
Ich nehme an, die gefundenen Probleme bedürfen keiner weiteren Beachtung?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier ist das TDSSKiller-Log:

Code:

21:07:03.0602 5784        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

21:07:03.0727 5784        ============================================================

21:07:03.0727 5784        Current date / time: 2011/12/21 21:07:03.0727

21:07:03.0727 5784        SystemInfo:

21:07:03.0727 5784        

21:07:03.0727 5784        OS Version: 6.1.7601 ServicePack: 1.0

21:07:03.0727 5784        Product type: Workstation

21:07:03.0727 5784        ComputerName: KISTE

21:07:03.0727 5784        UserName: Eric

21:07:03.0727 5784        Windows directory: C:\Windows

21:07:03.0727 5784        System windows directory: C:\Windows

21:07:03.0727 5784        Processor architecture: Intel x86

21:07:03.0727 5784        Number of processors: 8

21:07:03.0727 5784        Page size: 0x1000

21:07:03.0727 5784        Boot type: Normal boot

21:07:03.0727 5784        ============================================================

21:07:04.0913 5784        Initialize success

21:07:16.0519 5000        ============================================================

21:07:16.0519 5000        Scan started

21:07:16.0519 5000        Mode: Manual; SigCheck; TDLFS; 

21:07:16.0519 5000        ============================================================

21:07:17.0346 5000        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

21:07:17.0424 5000        1394ohci - ok

21:07:17.0455 5000        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

21:07:17.0471 5000        ACPI - ok

21:07:17.0518 5000        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

21:07:17.0580 5000        AcpiPmi - ok

21:07:17.0642 5000        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

21:07:17.0674 5000        adp94xx - ok

21:07:17.0689 5000        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

21:07:17.0705 5000        adpahci - ok

21:07:17.0720 5000        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

21:07:17.0736 5000        adpu320 - ok

21:07:17.0830 5000        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

21:07:17.0861 5000        AFD - ok

21:07:17.0892 5000        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

21:07:17.0892 5000        agp440 - ok

21:07:17.0923 5000        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

21:07:17.0923 5000        aic78xx - ok

21:07:18.0001 5000        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

21:07:18.0017 5000        aliide - ok

21:07:18.0032 5000        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

21:07:18.0048 5000        amdagp - ok

21:07:18.0064 5000        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

21:07:18.0079 5000        amdide - ok

21:07:18.0095 5000        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

21:07:18.0157 5000        AmdK8 - ok

21:07:18.0204 5000        AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys

21:07:18.0251 5000        AmdLLD - ok

21:07:18.0251 5000        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

21:07:18.0313 5000        AmdPPM - ok

21:07:18.0344 5000        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

21:07:18.0360 5000        amdsata - ok

21:07:18.0391 5000        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

21:07:18.0438 5000        amdsbs - ok

21:07:18.0594 5000        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

21:07:18.0625 5000        amdxata - ok

21:07:18.0703 5000        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

21:07:18.0828 5000        AppID - ok

21:07:18.0859 5000        AppleCharger    (f0a48ce44d3f368990ca8954340bd9a0) C:\Windows\system32\DRIVERS\AppleCharger.sys

21:07:18.0875 5000        AppleCharger - ok

21:07:18.0906 5000        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

21:07:18.0922 5000        arc - ok

21:07:18.0937 5000        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

21:07:18.0953 5000        arcsas - ok

21:07:19.0015 5000        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

21:07:19.0093 5000        AsyncMac - ok

21:07:19.0124 5000        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

21:07:19.0124 5000        atapi - ok

21:07:19.0156 5000        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

21:07:19.0171 5000        atksgt - ok

21:07:19.0234 5000        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

21:07:19.0234 5000        avgntflt - ok

21:07:19.0280 5000        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys

21:07:19.0296 5000        avipbb - ok

21:07:19.0327 5000        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

21:07:19.0327 5000        avkmgr - ok

21:07:19.0374 5000        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

21:07:19.0405 5000        b06bdrv - ok

21:07:19.0468 5000        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

21:07:19.0483 5000        b57nd60x - ok

21:07:19.0514 5000        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

21:07:19.0561 5000        Beep - ok

21:07:19.0577 5000        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

21:07:19.0592 5000        blbdrive - ok

21:07:19.0639 5000        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

21:07:19.0686 5000        bowser - ok

21:07:19.0702 5000        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:07:19.0733 5000        BrFiltLo - ok

21:07:19.0764 5000        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:07:19.0811 5000        BrFiltUp - ok

21:07:19.0842 5000        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

21:07:19.0873 5000        Brserid - ok

21:07:19.0889 5000        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

21:07:19.0920 5000        BrSerWdm - ok

21:07:19.0951 5000        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:07:19.0998 5000        BrUsbMdm - ok

21:07:20.0014 5000        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

21:07:20.0045 5000        BrUsbSer - ok

21:07:20.0045 5000        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

21:07:20.0060 5000        BTHMODEM - ok

21:07:20.0076 5000        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

21:07:20.0107 5000        cdfs - ok

21:07:20.0185 5000        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

21:07:20.0201 5000        cdrom - ok

21:07:20.0232 5000        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

21:07:20.0263 5000        circlass - ok

21:07:20.0294 5000        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

21:07:20.0310 5000        CLFS - ok

21:07:20.0341 5000        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

21:07:20.0372 5000        CmBatt - ok

21:07:20.0419 5000        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

21:07:20.0435 5000        cmdide - ok

21:07:20.0466 5000        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

21:07:20.0482 5000        CNG - ok

21:07:20.0497 5000        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

21:07:20.0497 5000        Compbatt - ok

21:07:20.0560 5000        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

21:07:20.0575 5000        CompositeBus - ok

21:07:20.0591 5000        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

21:07:20.0591 5000        crcdisk - ok

21:07:20.0684 5000        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

21:07:20.0762 5000        DfsC - ok

21:07:20.0794 5000        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

21:07:20.0825 5000        discache - ok

21:07:20.0840 5000        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

21:07:20.0856 5000        Disk - ok

21:07:20.0887 5000        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

21:07:20.0903 5000        drmkaud - ok

21:07:20.0965 5000        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

21:07:20.0996 5000        DXGKrnl - ok

21:07:21.0059 5000        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

21:07:21.0106 5000        ebdrv - ok

21:07:21.0121 5000        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

21:07:21.0137 5000        elxstor - ok

21:07:21.0184 5000        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

21:07:21.0199 5000        ErrDev - ok

21:07:21.0277 5000        etdrv           (3af0ae042afe486b22644cd3fbebf2e2) C:\Windows\etdrv.sys

21:07:21.0293 5000        etdrv - ok

21:07:21.0308 5000        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

21:07:21.0340 5000        exfat - ok

21:07:21.0355 5000        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

21:07:21.0386 5000        fastfat - ok

21:07:21.0418 5000        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

21:07:21.0433 5000        fdc - ok

21:07:21.0433 5000        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

21:07:21.0449 5000        FileInfo - ok

21:07:21.0464 5000        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

21:07:21.0496 5000        Filetrace - ok

21:07:21.0542 5000        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

21:07:21.0558 5000        flpydisk - ok

21:07:21.0589 5000        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

21:07:21.0605 5000        FltMgr - ok

21:07:21.0620 5000        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

21:07:21.0620 5000        FsDepends - ok

21:07:21.0683 5000        fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys

21:07:21.0683 5000        fssfltr - ok

21:07:21.0745 5000        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

21:07:21.0761 5000        Fs_Rec - ok

21:07:21.0808 5000        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

21:07:21.0823 5000        fvevol - ok

21:07:21.0839 5000        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:07:21.0839 5000        gagp30kx - ok

21:07:21.0901 5000        gdrv            (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys

21:07:21.0917 5000        gdrv - ok

21:07:21.0917 5000        GMSIPCI - ok

21:07:22.0010 5000        hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

21:07:22.0026 5000        hamachi - ok

21:07:22.0026 5000        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

21:07:22.0057 5000        hcw85cir - ok

21:07:22.0151 5000        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

21:07:22.0182 5000        HdAudAddService - ok

21:07:22.0213 5000        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

21:07:22.0229 5000        HDAudBus - ok

21:07:22.0244 5000        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

21:07:22.0260 5000        HidBatt - ok

21:07:22.0276 5000        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

21:07:22.0291 5000        HidBth - ok

21:07:22.0307 5000        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

21:07:22.0322 5000        HidIr - ok

21:07:22.0400 5000        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

21:07:22.0416 5000        HidUsb - ok

21:07:22.0463 5000        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

21:07:22.0463 5000        HpSAMD - ok

21:07:22.0525 5000        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

21:07:22.0556 5000        HTTP - ok

21:07:22.0603 5000        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

21:07:22.0603 5000        hwpolicy - ok

21:07:22.0666 5000        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

21:07:22.0697 5000        i8042prt - ok

21:07:22.0728 5000        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

21:07:22.0744 5000        iaStorV - ok

21:07:22.0790 5000        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

21:07:22.0790 5000        iirsp - ok

21:07:22.0884 5000        IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys

21:07:22.0931 5000        IntcAzAudAddService - ok

21:07:22.0946 5000        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

21:07:22.0946 5000        intelide - ok

21:07:22.0993 5000        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

21:07:23.0009 5000        intelppm - ok

21:07:23.0024 5000        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:07:23.0071 5000        IpFilterDriver - ok

21:07:23.0102 5000        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

21:07:23.0134 5000        IPMIDRV - ok

21:07:23.0165 5000        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

21:07:23.0212 5000        IPNAT - ok

21:07:23.0227 5000        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

21:07:23.0258 5000        IRENUM - ok

21:07:23.0305 5000        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

21:07:23.0321 5000        isapnp - ok

21:07:23.0336 5000        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

21:07:23.0352 5000        iScsiPrt - ok

21:07:23.0414 5000        JRAID           (3d6b76b5875a3bc12fb6051c2d5ade59) C:\Windows\system32\DRIVERS\jraid.sys

21:07:23.0430 5000        JRAID - ok

21:07:23.0446 5000        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:07:23.0461 5000        kbdclass - ok

21:07:23.0477 5000        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

21:07:23.0492 5000        kbdhid - ok

21:07:23.0524 5000        KoneFltr        (5efbdef257e891773b22f2544b856c54) C:\Windows\system32\drivers\Kone.sys

21:07:23.0570 5000        KoneFltr - ok

21:07:23.0617 5000        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

21:07:23.0633 5000        KSecDD - ok

21:07:23.0680 5000        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

21:07:23.0695 5000        KSecPkg - ok

21:07:23.0726 5000        LGBusEnum       (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys

21:07:23.0726 5000        LGBusEnum - ok

21:07:23.0758 5000        LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys

21:07:23.0773 5000        LGVirHid - ok

21:07:23.0851 5000        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

21:07:23.0867 5000        lirsgt - ok

21:07:23.0898 5000        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

21:07:23.0945 5000        lltdio - ok

21:07:23.0976 5000        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:07:23.0976 5000        LSI_FC - ok

21:07:24.0007 5000        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:07:24.0023 5000        LSI_SAS - ok

21:07:24.0038 5000        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:07:24.0038 5000        LSI_SAS2 - ok

21:07:24.0054 5000        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:07:24.0054 5000        LSI_SCSI - ok

21:07:24.0070 5000        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

21:07:24.0116 5000        luafv - ok

21:07:24.0132 5000        MBAMSwissArmy - ok

21:07:24.0148 5000        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

21:07:24.0148 5000        megasas - ok

21:07:24.0179 5000        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

21:07:24.0194 5000        MegaSR - ok

21:07:24.0194 5000        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

21:07:24.0241 5000        Modem - ok

21:07:24.0241 5000        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

21:07:24.0257 5000        monitor - ok

21:07:24.0288 5000        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

21:07:24.0288 5000        mouclass - ok

21:07:24.0335 5000        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

21:07:24.0350 5000        mouhid - ok

21:07:24.0397 5000        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

21:07:24.0413 5000        mountmgr - ok

21:07:24.0460 5000        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

21:07:24.0475 5000        mpio - ok

21:07:24.0491 5000        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

21:07:24.0522 5000        mpsdrv - ok

21:07:24.0569 5000        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

21:07:24.0647 5000        MRxDAV - ok

21:07:24.0694 5000        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:07:24.0756 5000        mrxsmb - ok

21:07:24.0803 5000        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:07:24.0834 5000        mrxsmb10 - ok

21:07:24.0850 5000        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:07:24.0881 5000        mrxsmb20 - ok

21:07:24.0896 5000        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

21:07:24.0912 5000        msahci - ok

21:07:24.0928 5000        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

21:07:24.0943 5000        msdsm - ok

21:07:24.0974 5000        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

21:07:25.0006 5000        Msfs - ok

21:07:25.0037 5000        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

21:07:25.0099 5000        mshidkmdf - ok

21:07:25.0146 5000        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

21:07:25.0146 5000        msisadrv - ok

21:07:25.0177 5000        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

21:07:25.0224 5000        MSKSSRV - ok

21:07:25.0255 5000        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

21:07:25.0271 5000        MSPCLOCK - ok

21:07:25.0286 5000        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

21:07:25.0333 5000        MSPQM - ok

21:07:25.0364 5000        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

21:07:25.0364 5000        MsRPC - ok

21:07:25.0380 5000        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

21:07:25.0380 5000        mssmbios - ok

21:07:25.0380 5000        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

21:07:25.0411 5000        MSTEE - ok

21:07:25.0442 5000        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

21:07:25.0458 5000        MTConfig - ok

21:07:25.0474 5000        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

21:07:25.0474 5000        Mup - ok

21:07:25.0520 5000        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

21:07:25.0552 5000        NativeWifiP - ok

21:07:25.0614 5000        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

21:07:25.0630 5000        NDIS - ok

21:07:25.0692 5000        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

21:07:25.0739 5000        NdisCap - ok

21:07:25.0770 5000        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

21:07:25.0801 5000        NdisTapi - ok

21:07:25.0848 5000        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

21:07:25.0895 5000        Ndisuio - ok

21:07:25.0942 5000        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

21:07:25.0973 5000        NdisWan - ok

21:07:26.0020 5000        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

21:07:26.0066 5000        NDProxy - ok

21:07:26.0082 5000        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

21:07:26.0144 5000        NetBIOS - ok

21:07:26.0191 5000        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

21:07:26.0222 5000        NetBT - ok

21:07:26.0269 5000        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

21:07:26.0269 5000        nfrd960 - ok

21:07:26.0285 5000        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

21:07:26.0300 5000        Npfs - ok

21:07:26.0316 5000        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

21:07:26.0347 5000        nsiproxy - ok

21:07:26.0347 5000        NTACCESS - ok

21:07:26.0394 5000        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

21:07:26.0410 5000        Ntfs - ok

21:07:26.0425 5000        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

21:07:26.0441 5000        Null - ok

21:07:26.0472 5000        nusb3hub        (156bd6cf8a9ec8292c84e04d09bf0472) C:\Windows\system32\DRIVERS\nusb3hub.sys

21:07:26.0488 5000        nusb3hub - ok

21:07:26.0519 5000        nusb3xhc        (3b8166bb6d665e9242f05eb2bf68527a) C:\Windows\system32\DRIVERS\nusb3xhc.sys

21:07:26.0550 5000        nusb3xhc - ok

21:07:26.0612 5000        NVHDA           (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys

21:07:26.0628 5000        NVHDA - ok

21:07:26.0800 5000        nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:07:26.0956 5000        nvlddmkm - ok

21:07:27.0002 5000        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

21:07:27.0018 5000        nvraid - ok

21:07:27.0080 5000        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

21:07:27.0080 5000        nvstor - ok

21:07:27.0174 5000        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

21:07:27.0190 5000        nv_agp - ok

21:07:27.0221 5000        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

21:07:27.0268 5000        ohci1394 - ok

21:07:27.0299 5000        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

21:07:27.0314 5000        Parport - ok

21:07:27.0361 5000        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

21:07:27.0377 5000        partmgr - ok

21:07:27.0408 5000        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

21:07:27.0439 5000        Parvdm - ok

21:07:27.0486 5000        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

21:07:27.0502 5000        pci - ok

21:07:27.0517 5000        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

21:07:27.0517 5000        pciide - ok

21:07:27.0548 5000        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

21:07:27.0564 5000        pcmcia - ok

21:07:27.0580 5000        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

21:07:27.0595 5000        pcw - ok

21:07:27.0611 5000        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

21:07:27.0673 5000        PEAUTH - ok

21:07:27.0736 5000        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

21:07:27.0767 5000        PptpMiniport - ok

21:07:27.0782 5000        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

21:07:27.0798 5000        Processor - ok

21:07:27.0814 5000        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

21:07:27.0860 5000        Psched - ok

21:07:27.0892 5000        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

21:07:27.0938 5000        ql2300 - ok

21:07:27.0954 5000        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

21:07:27.0954 5000        ql40xx - ok

21:07:27.0985 5000        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

21:07:27.0985 5000        QWAVEdrv - ok

21:07:28.0016 5000        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

21:07:28.0063 5000        RasAcd - ok

21:07:28.0079 5000        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:07:28.0172 5000        RasAgileVpn - ok

21:07:28.0188 5000        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:07:28.0219 5000        Rasl2tp - ok

21:07:28.0266 5000        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

21:07:28.0313 5000        RasPppoe - ok

21:07:28.0328 5000        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

21:07:28.0344 5000        RasSstp - ok

21:07:28.0391 5000        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

21:07:28.0438 5000        rdbss - ok

21:07:28.0453 5000        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

21:07:28.0469 5000        rdpbus - ok

21:07:28.0500 5000        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:07:28.0547 5000        RDPCDD - ok

21:07:28.0578 5000        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

21:07:28.0609 5000        RDPENCDD - ok

21:07:28.0625 5000        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

21:07:28.0640 5000        RDPREFMP - ok

21:07:28.0687 5000        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

21:07:28.0718 5000        RDPWD - ok

21:07:28.0781 5000        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

21:07:28.0796 5000        rdyboost - ok

21:07:28.0812 5000        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

21:07:28.0843 5000        rspndr - ok

21:07:28.0874 5000        RTL8167         (93df2cca2e1e22d797dc76c3550b1f95) C:\Windows\system32\DRIVERS\Rt86win7.sys

21:07:28.0890 5000        RTL8167 - ok

21:07:28.0937 5000        RtNdPt60        (f2fec929e9fa9902f0bb52a4522068d4) C:\Windows\system32\DRIVERS\RtNdPt60.sys

21:07:28.0968 5000        RtNdPt60 - ok

21:07:28.0999 5000        RTTEAMPT        (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys

21:07:29.0015 5000        RTTEAMPT ( UnsignedFile.Multi.Generic ) - warning

21:07:29.0015 5000        RTTEAMPT - detected UnsignedFile.Multi.Generic (1)

21:07:29.0030 5000        RTVLANPT        (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVlan60.sys

21:07:29.0046 5000        RTVLANPT - ok

21:07:29.0093 5000        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

21:07:29.0108 5000        sbp2port - ok

21:07:29.0140 5000        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

21:07:29.0171 5000        scfilter - ok

21:07:29.0186 5000        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:07:29.0233 5000        secdrv - ok

21:07:29.0264 5000        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

21:07:29.0264 5000        Serenum - ok

21:07:29.0280 5000        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

21:07:29.0296 5000        Serial - ok

21:07:29.0342 5000        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

21:07:29.0374 5000        sermouse - ok

21:07:29.0389 5000        SetupNTGLM7X - ok

21:07:29.0436 5000        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

21:07:29.0483 5000        sffdisk - ok

21:07:29.0498 5000        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

21:07:29.0530 5000        sffp_mmc - ok

21:07:29.0545 5000        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

21:07:29.0561 5000        sffp_sd - ok

21:07:29.0561 5000        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

21:07:29.0592 5000        sfloppy - ok

21:07:29.0608 5000        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

21:07:29.0623 5000        sisagp - ok

21:07:29.0654 5000        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:07:29.0670 5000        SiSRaid2 - ok

21:07:29.0686 5000        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

21:07:29.0686 5000        SiSRaid4 - ok

21:07:29.0717 5000        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

21:07:29.0732 5000        Smb - ok

21:07:29.0764 5000        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

21:07:29.0764 5000        spldr - ok

21:07:29.0810 5000        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

21:07:29.0857 5000        srv - ok

21:07:29.0904 5000        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

21:07:29.0920 5000        srv2 - ok

21:07:29.0951 5000        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

21:07:29.0966 5000        srvnet - ok

21:07:29.0998 5000        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

21:07:30.0013 5000        ssmdrv - ok

21:07:30.0044 5000        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

21:07:30.0060 5000        stexstor - ok

21:07:30.0091 5000        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys

21:07:30.0122 5000        StillCam - ok

21:07:30.0154 5000        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

21:07:30.0154 5000        swenum - ok

21:07:30.0263 5000        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

21:07:30.0294 5000        Tcpip - ok

21:07:30.0310 5000        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

21:07:30.0325 5000        TCPIP6 - ok

21:07:30.0372 5000        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

21:07:30.0419 5000        tcpipreg - ok

21:07:30.0434 5000        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

21:07:30.0466 5000        TDPIPE - ok

21:07:30.0528 5000        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

21:07:30.0559 5000        TDTCP - ok

21:07:30.0606 5000        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

21:07:30.0653 5000        tdx - ok

21:07:30.0700 5000        TEAM            (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys

21:07:30.0700 5000        TEAM ( UnsignedFile.Multi.Generic ) - warning

21:07:30.0700 5000        TEAM - detected UnsignedFile.Multi.Generic (1)

21:07:30.0715 5000        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

21:07:30.0731 5000        TermDD - ok

21:07:30.0762 5000        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:07:30.0793 5000        tssecsrv - ok

21:07:30.0856 5000        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

21:07:30.0871 5000        TsUsbFlt - ok

21:07:30.0934 5000        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

21:07:30.0965 5000        tunnel - ok

21:07:30.0996 5000        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

21:07:30.0996 5000        uagp35 - ok

21:07:31.0043 5000        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

21:07:31.0074 5000        udfs - ok

21:07:31.0105 5000        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

21:07:31.0121 5000        uliagpkx - ok

21:07:31.0152 5000        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

21:07:31.0183 5000        umbus - ok

21:07:31.0199 5000        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

21:07:31.0214 5000        UmPass - ok

21:07:31.0261 5000        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

21:07:31.0308 5000        usbccgp - ok

21:07:31.0339 5000        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

21:07:31.0355 5000        usbcir - ok

21:07:31.0386 5000        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

21:07:31.0402 5000        usbehci - ok

21:07:31.0448 5000        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

21:07:31.0464 5000        usbhub - ok

21:07:31.0495 5000        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

21:07:31.0511 5000        usbohci - ok

21:07:31.0526 5000        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

21:07:31.0558 5000        usbprint - ok

21:07:31.0604 5000        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS

21:07:31.0636 5000        USBSTOR - ok

21:07:31.0651 5000        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

21:07:31.0682 5000        usbuhci - ok

21:07:31.0714 5000        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

21:07:31.0729 5000        vdrvroot - ok

21:07:31.0760 5000        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

21:07:31.0792 5000        vga - ok

21:07:31.0807 5000        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

21:07:31.0823 5000        VgaSave - ok

21:07:31.0854 5000        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

21:07:31.0854 5000        vhdmp - ok

21:07:31.0870 5000        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

21:07:31.0885 5000        viaagp - ok

21:07:31.0885 5000        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

21:07:31.0916 5000        ViaC7 - ok

21:07:31.0963 5000        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

21:07:31.0979 5000        viaide - ok

21:07:32.0010 5000        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

21:07:32.0026 5000        volmgr - ok

21:07:32.0041 5000        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

21:07:32.0057 5000        volmgrx - ok

21:07:32.0072 5000        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

21:07:32.0088 5000        volsnap - ok

21:07:32.0135 5000        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

21:07:32.0150 5000        vsmraid - ok

21:07:32.0166 5000        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

21:07:32.0197 5000        vwifibus - ok

21:07:32.0260 5000        wacmoumonitor   (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys

21:07:32.0275 5000        wacmoumonitor - ok

21:07:32.0338 5000        wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys

21:07:32.0338 5000        wacommousefilter - ok

21:07:32.0369 5000        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

21:07:32.0384 5000        WacomPen - ok

21:07:32.0416 5000        wacomvhid       (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys

21:07:32.0431 5000        wacomvhid - ok

21:07:32.0494 5000        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

21:07:32.0509 5000        WANARP - ok

21:07:32.0525 5000        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

21:07:32.0540 5000        Wanarpv6 - ok

21:07:32.0556 5000        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

21:07:32.0556 5000        Wd - ok

21:07:32.0572 5000        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

21:07:32.0587 5000        Wdf01000 - ok

21:07:32.0618 5000        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

21:07:32.0650 5000        WfpLwf - ok

21:07:32.0650 5000        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

21:07:32.0665 5000        WIMMount - ok

21:07:32.0743 5000        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

21:07:32.0759 5000        WmiAcpi - ok

21:07:32.0806 5000        wod0205         (1ac313913f66d8dcfb78d2b6e1672952) C:\Windows\system32\DRIVERS\wod0205.sys

21:07:32.0821 5000        wod0205 - ok

21:07:32.0821 5000        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

21:07:32.0868 5000        ws2ifsl - ok

21:07:32.0915 5000        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

21:07:32.0946 5000        WSDPrintDevice - ok

21:07:32.0962 5000        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

21:07:32.0993 5000        WudfPf - ok

21:07:33.0024 5000        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:07:33.0040 5000        WUDFRd - ok

21:07:33.0040 5000        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:07:33.0102 5000        \Device\Harddisk0\DR0 - ok

21:07:33.0118 5000        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

21:07:33.0227 5000        \Device\Harddisk1\DR1 - ok

21:07:33.0227 5000        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2

21:07:33.0305 5000        \Device\Harddisk2\DR2 - ok

21:07:33.0305 5000        Boot (0x1200)   (cb5e1e86874e3b8b7f96bc8c7cc36f8f) \Device\Harddisk0\DR0\Partition0

21:07:33.0305 5000        \Device\Harddisk0\DR0\Partition0 - ok

21:07:33.0336 5000        Boot (0x1200)   (1559d61fe2bdee3b1c687bb9776c9bcc) \Device\Harddisk0\DR0\Partition1

21:07:33.0336 5000        \Device\Harddisk0\DR0\Partition1 - ok

21:07:33.0336 5000        Boot (0x1200)   (11aa1b3c87c153b168d21dd3da189b73) \Device\Harddisk1\DR1\Partition0

21:07:33.0336 5000        \Device\Harddisk1\DR1\Partition0 - ok

21:07:33.0336 5000        ============================================================

21:07:33.0336 5000        Scan finished

21:07:33.0336 5000        ============================================================

21:07:33.0352 6124        Detected object count: 2

21:07:33.0352 6124        Actual detected object count: 2

21:07:47.0392 6124        RTTEAMPT ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:47.0392 6124        RTTEAMPT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

21:07:47.0392 6124        TEAM ( UnsignedFile.Multi.Generic ) - skipped by user

21:07:47.0392 6124        TEAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

So, hier das Combofix-Log:

Code:

ComboFix 11-12-21.02 - Eric 21.12.2011  21:21:27.1.8 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3582.2470 [GMT 1:00]

ausgeführt von:: c:\users\Eric\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\001

c:\users\Eric\AppData\Local\.#

c:\users\Eric\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll

c:\users\Eric\AppData\Roaming\Love

c:\users\Eric\AppData\Roaming\Love\com.thelonelycoder.ninjavssamurai\config.lua

c:\users\Eric\AppData\Roaming\Love\com.thelonelycoder.ninjavssamurai\score.lua

c:\windows\system32\muzapp.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

E:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))

.

.

2011-12-21 19:18 . 2011-12-21 19:18        --------        d-----w-        C:\_OTL

2011-12-19 17:28 . 2011-12-19 17:28        --------        d-----w-        c:\program files\ESET

2011-12-19 13:33 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-18 23:24 . 2011-12-18 23:24        --------        d-----w-        c:\program files\uTorrent

2011-12-18 23:22 . 2011-12-18 23:27        --------        d-----w-        c:\users\Eric\AppData\Roaming\uTorrent

2011-12-17 21:56 . 2011-12-17 21:58        --------        d-----w-        c:\users\Eric\AppData\Roaming\OpenMPT

2011-12-17 21:56 . 2011-12-17 21:56        --------        d-----w-        c:\program files\OpenMPT

2011-12-17 21:42 . 2011-12-17 21:42        --------        d-----w-        c:\program files\vmpk

2011-12-16 12:57 . 2011-11-24 04:25        2342912        ----a-w-        c:\windows\system32\win32k.sys

2011-12-16 12:57 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-16 12:57 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-16 12:57 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-16 12:57 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-12-16 12:57 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-12-07 02:42 . 2011-12-07 02:42        --------        d-----w-        c:\users\Eric\AppData\Roaming\Avira

2011-12-07 02:37 . 2011-12-10 02:37        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-07 02:37 . 2011-12-07 02:37        --------        d-----w-        c:\programdata\Avira

2011-12-07 02:37 . 2011-12-07 02:37        --------        d-----w-        c:\program files\Avira

2011-12-07 02:37 . 2011-10-19 15:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-12-07 02:37 . 2011-10-19 15:56        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-12-06 04:02 . 2011-12-19 13:33        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-12-06 03:26 . 2011-12-06 03:26        --------        d-----w-        c:\program files\MyFree Codec

2011-12-06 03:21 . 2011-12-06 03:24        --------        d-----w-        c:\users\Eric\AppData\Local\Samsung

2011-12-06 03:20 . 2011-12-06 03:20        --------        d-----w-        c:\users\Eric\AppData\Roaming\Samsung

2011-12-06 03:18 . 2011-10-31 10:22        4659712        ----a-w-        c:\windows\system32\Redemption.dll

2011-12-06 03:18 . 2011-12-06 03:18        --------        d-----w-        c:\program files\MarkAny

2011-12-06 03:18 . 2011-10-31 10:22        821824        ----a-w-        c:\windows\system32\dgderapi.dll

2011-12-06 03:18 . 2011-12-06 03:19        --------        d-----w-        c:\program files\Samsung

2011-12-06 03:18 . 2011-12-06 03:18        --------        d-----w-        c:\programdata\Samsung

2011-11-28 20:54 . 2011-11-28 20:54        --------        d-----w-        c:\users\Eric\AppData\Roaming\Endless Fluff Games

2011-11-24 02:40 . 2011-11-24 02:40        --------        d-----w-        c:\users\Eric\AppData\Local\Amazon

2011-11-24 02:40 . 2011-11-24 02:40        --------        d-----w-        c:\program files\Amazon

2011-11-22 18:36 . 2011-11-22 18:37        --------        d-----w-        c:\users\Eric\AppData\Roaming\.minecraft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-21 20:30 . 2010-12-30 19:10        17488        ----a-w-        c:\windows\gdrv.sys

2011-11-30 01:21 . 2011-12-21 06:28        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFFEC739-FB78-47BD-826E-9A1EDC312ABC}\mpengine.dll

2011-11-28 02:51 . 2011-01-01 22:05        444952        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-11-28 02:51 . 2011-01-01 22:05        109080        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-11-20 00:12 . 2010-12-25 23:51        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-11-15 13:29 . 2010-12-25 16:45        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-13 01:08 . 2011-05-14 01:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-31 10:22 . 2011-10-31 10:22        90112        ----a-w-        c:\windows\MAMCityDownload.ocx

2011-10-31 10:22 . 2011-10-31 10:22        325552        ----a-w-        c:\windows\MASetupCaller.dll

2011-10-31 10:22 . 2011-10-31 10:22        30568        ----a-w-        c:\windows\MusiccityDownload.exe

2011-10-31 10:22 . 2011-10-31 10:22        81920        ----a-w-        c:\windows\system32\issacapi_bs-2.3.dll

2011-10-31 10:22 . 2011-10-31 10:22        65536        ----a-w-        c:\windows\system32\issacapi_pe-2.3.dll

2011-10-31 10:22 . 2011-10-31 10:22        57344        ----a-w-        c:\windows\system32\issacapi_se-2.3.dll

2011-10-31 10:22 . 2011-10-31 10:22        49152        ----a-w-        c:\windows\system32\MaJGUILib.dll

2011-10-31 10:22 . 2011-10-31 10:22        45056        ----a-w-        c:\windows\system32\MaXMLProto.dll

2011-10-31 10:22 . 2011-10-31 10:22        40960        ----a-w-        c:\windows\system32\MTTELECHIP.dll

2011-10-31 10:22 . 2011-10-31 10:22        200704        ----a-w-        c:\windows\system32\muzwmts.dll

2011-10-31 10:22 . 2011-10-31 10:22        143360        ----a-w-        c:\windows\system32\3DAudio.ax

2011-10-31 10:22 . 2011-10-31 10:22        135168        ----a-w-        c:\windows\system32\muzaf1.dll

2011-10-31 10:22 . 2011-10-31 10:22        122880        ----a-w-        c:\windows\system32\muzeffect.ax

2011-10-31 10:22 . 2011-10-31 10:22        118784        ----a-w-        c:\windows\system32\MaDRM.dll

2011-10-31 10:22 . 2011-10-31 10:22        110592        ----a-w-        c:\windows\system32\muzmp4sp.ax

2011-10-31 10:22 . 2011-10-31 10:22        974848        ----a-w-        c:\windows\system32\cis-2.4.dll

2011-10-31 10:22 . 2011-10-31 10:22        57344        ----a-w-        c:\windows\system32\MTXSYNCICON.dll

2011-10-31 10:22 . 2011-10-31 10:22        57344        ----a-w-        c:\windows\system32\MK_Lyric.dll

2011-10-31 10:22 . 2011-10-31 10:22        569344        ----a-w-        c:\windows\system32\muzdecode.ax

2011-10-31 10:22 . 2011-10-31 10:22        491520        ----a-w-        c:\windows\system32\muzapp.dll

2011-10-31 10:22 . 2011-10-31 10:22        45056        ----a-w-        c:\windows\system32\MACXMLProto.dll

2011-10-31 10:22 . 2011-10-31 10:22        40960        ----a-w-        c:\windows\system32\MAMACExtract.dll

2011-10-31 10:22 . 2011-10-31 10:22        352256        ----a-w-        c:\windows\system32\MSLUR71.dll

2011-10-31 10:22 . 2011-10-31 10:22        258048        ----a-w-        c:\windows\system32\muzoggsp.ax

2011-10-31 10:22 . 2011-10-31 10:22        245760        ----a-w-        c:\windows\system32\MSCLib.dll

2011-10-31 10:22 . 2011-10-31 10:22        24576        ----a-w-        c:\windows\system32\MASetupCleaner.exe

2011-10-31 10:22 . 2011-10-31 10:22        155648        ----a-w-        c:\windows\system32\MSFLib.dll

2011-10-31 10:22 . 2011-10-31 10:22        131072        ----a-w-        c:\windows\system32\muzmpgsp.ax

2011-09-29 16:03 . 2011-11-09 13:57        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 15:05 . 2011-05-10 00:44        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-02 21392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]

"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]

"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1981016]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-02 3508624]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 136176]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2011-10-02 131912]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-02-12 17488]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 136176]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]

R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 19496]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]

S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]

S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2010-01-19 72304]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]

S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 13056]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-11 324200]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]

S3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\DRIVERS\wod0205.sys [2011-04-23 28936]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-21 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-07-10 06:26]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 00:22]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 00:22]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-UnityWebPlayer - c:\users\Eric\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.?W]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.?W\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q*u*i*n*n*F*o*ØMù4\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*•€?W]

@Class="Shell"

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*•€?W\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:64,40,02,d3,e5,ed,ca,55,37,f5,a1,be,6c,29,79,99,6a,05,b2,3d,f1,66,c1,

   fc,ba,47,04,c4,b1,04,db,e9,05,8d,14,44,48,bd,3f,d9,72,c7,5b,a1,bb,17,eb,39,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\SecuROM\License information*]

"datasecu"=hex:d2,29,42,ae,e2,90,5f,5a,bf,8c,aa,f3,df,e8,e7,43,d7,f2,7a,a0,cb,

   6e,d5,a4,ec,7a,69,61,5b,95,4a,12,33,c3,23,ef,7b,1b,b4,4a,55,6d,67,01,e5,e5,\

"rkeysecu"=hex:01,26,ac,26,c8,20,13,3b,eb,ce,fe,d3,54,45,c4,3e

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\WUDFHost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Tablet\Wacom\Wacom_TabletUser.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Mozilla Thunderbird\thunderbird.exe

c:\program files\ROCCAT\Kone Mouse\osd.exe

c:\windows\system32\taskhost.exe

c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe

c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe

c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe

c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-12-21  21:37:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-12-21 20:37

.

Vor Suchlauf: 21 Verzeichnis(se), 187.162.886.144 Bytes frei

Nach Suchlauf: 25 Verzeichnis(se), 187.039.969.280 Bytes frei

.

- - End Of File - - 30A3E36775CEC1278C409810B347B959