Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3 (https://www.trojaner-board.de/110557-exploit-java-cve-2010-0840-n-appdata-locallow-sun-java-deployment-cache-6-0-13-3-a.html)

duN 28.02.2012 00:54
Exploit.Java.CVE-2010-0840.N in \AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3
 
Guten Abend,

hab heute Mittag beim Scannen von MBAM, von meinem Virenscanner GData 2012 folgende Meldung erhalten.

Datei: C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\3624178d-31cdad9e
Virus: Exploit.Java.CVE-2010-0840.N (Engine A)

MBAM selbst hat darauf nichts mehr gefunden.

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.26.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421


27.02.2012 10:57:09
mbam-log-2012-02-27 (10-57-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 264880
Laufzeit: 1 Stunde(n), 8 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Java bereits runter geworfen und neue Version installiert. Nun ist meine Frage ob mein PC wieder "sauber" ist.

OTL Text
Code:
OTL logfile created on: 27.02.2012 21:51:54 - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 76,85% Memory free
6,00 Gb Paging File | 4,75 Gb Available in Paging File | 79,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 65,40 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 57,04 Gb Free Space | 58,41% Space Free | Partition Type: NTFS
Drive E: | 270,44 Gb Total Space | 181,03 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
 
Computer Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\miniduN\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\WireHelpSvc.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Programme\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe (IDT, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AVKService) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- c:\Programme\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe (IDT, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ESLWireAC) -- C:\Windows\System32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.31 21:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 19:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.27 18:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.07 01:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Extensions
[2011.11.07 01:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.27 18:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Firefox\Profiles\9orqflen.default\extensions
[2012.02.27 19:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.05 23:06:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.11.07 01:36:07 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.27 19:44:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.01.05 23:06:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.11.07 01:36:07 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
[2012.01.31 21:25:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.27 19:44:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30709977-E419-4B56-8D9E-CA2D25BE11B0}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.27 19:44:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.27 19:44:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.27 19:44:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.27 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.27 19:43:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.02.27 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.02.27 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice
[2012.02.27 17:33:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.02.25 13:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.25 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.02.25 13:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.02.25 13:19:59 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.17 03:00:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 03:00:55 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.17 03:00:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 03:00:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 03:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 03:00:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 23:42:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012.02.16 23:42:20 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.06 16:32:55 | 000,000,000 | ---D | C] -- C:\Users\duN\Documents\My Received Files
[2012.02.06 16:31:27 | 000,000,000 | ---D | C] -- C:\Users\duN\AppData\Roaming\Miranda
[2012.02.06 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2012.02.02 20:25:23 | 000,000,000 | ---D | C] -- C:\Users\duN\AppData\Roaming\OpenCandy
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.27 19:58:54 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 19:58:54 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.27 19:51:41 | 000,430,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.27 19:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.27 19:51:29 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.27 19:44:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.02.27 19:44:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.02.27 19:44:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.02.27 19:44:30 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.02.27 19:43:57 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.27 18:09:50 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.02.27 10:49:17 | 000,562,544 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.02.27 10:49:17 | 000,037,286 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.02.25 16:04:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.25 16:04:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.25 16:04:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.25 16:04:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.17 04:40:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.06 16:30:40 | 000,000,984 | ---- | M] () -- C:\Users\duN\Desktop\Miranda IM.lnk
[2012.01.29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2012.02.27 19:43:57 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.27 18:09:50 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.02.27 18:09:50 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.02.06 16:30:40 | 000,000,984 | ---- | C] () -- C:\Users\duN\Desktop\Miranda IM.lnk
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.19 16:02:44 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.07 20:06:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.07 11:08:49 | 000,562,544 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.11.07 02:34:16 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.11.07 01:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2011.12.30 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Canneverbe Limited
[2011.12.28 12:12:44 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.06 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Miranda
[2012.02.02 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\OpenCandy
[2011.11.07 01:32:56 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Thunderbird
[2011.12.31 12:40:54 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\TS3Client
[2012.01.10 12:26:09 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
OTL Extra

Code:
OTL Extras logfile created on: 27.02.2012 21:51:54 - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 76,85% Memory free
6,00 Gb Paging File | 4,75 Gb Available in Paging File | 79,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 65,40 Gb Free Space | 66,97% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 57,04 Gb Free Space | 58,41% Space Free | Partition Type: NTFS
Drive E: | 270,44 Gb Total Space | 181,03 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
 
Computer Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AD8819A-70E8-4380-92DA-F5B2421DAE35}" = G Data AntiVirus 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{305C431C-CC6E-5506-CE75-29512315D306}" = AMD Drag and Drop Transcoding
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C723C94-CB1B-E2BD-0E90-BC64DA26074C}" = AMD Fuel
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A146E311-4ABF-57D5-3773-92D303458BEC}" = AMD Media Foundation Decoders
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DB3D1784-421D-9942-3AC4-D90B18615BBC}" = ccc-utility
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B034EF-7F81-4E7A-8D70-BBC0185D5701}_is1" = CoH SGAMappack
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"ESL Wire_is1" = ESL Wire 1.11.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Miranda IM" = Miranda IM 0.9.42
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.32
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2012 11:38:31 | Computer Name = duNson | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wire.exe, Version: 1.11.1.7292, Zeitstempel:
 0x4f1ecb54  Name des fehlerhaften Moduls: wire.exe, Version: 1.11.1.7292, Zeitstempel:
 0x4f1ecb54  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021e18  ID des fehlerhaften Prozesses:
 0x12dc  Startzeit der fehlerhaften Anwendung: 0x01cce400a9051020  Pfad der fehlerhaften
 Anwendung: C:\Program Files\EslWire\wire.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\EslWire\wire.exe  Berichtskennung: 744f11c0-500f-11e1-9733-00ff01000001
 
Error - 09.02.2012 18:30:30 | Computer Name = duNson | Source = Application Hang | ID = 1002
Description = Programm taskmgr.exe, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1e4c    Startzeit: 01cce77a5dd68cf0    Endzeit: 0    Anwendungspfad:
C:\Windows\system32\taskmgr.exe    Berichts-ID: aaab1911-536d-11e1-b3a8-00ff01000001

 
Error - 09.02.2012 18:30:43 | Computer Name = duNson | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Name des fehlerhaften Moduls: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021dd8  ID des fehlerhaften Prozesses:
 0x3f8  Startzeit der fehlerhaften Anwendung: 0x01cce74f35de7da0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\EslWire\wire.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\EslWire\wire.exe  Berichtskennung: b331e5f0-536d-11e1-b3a8-00ff01000001
 
Error - 11.02.2012 01:25:59 | Computer Name = duNson | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Name des fehlerhaften Moduls: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021dd8  ID des fehlerhaften Prozesses:
 0x1d0  Startzeit der fehlerhaften Anwendung: 0x01cce863bf7df0d0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\EslWire\wire.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\EslWire\wire.exe  Berichtskennung: e10ef630-5470-11e1-ad25-00ff01000001
 
Error - 13.02.2012 22:08:59 | Computer Name = duNson | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Name des fehlerhaften Moduls: wire.exe, Version: 1.11.1.7318, Zeitstempel:
 0x4f310617  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00021dd8  ID des fehlerhaften Prozesses:
 0x1fd4  Startzeit der fehlerhaften Anwendung: 0x01ccea727b2603d0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\EslWire\wire.exe  Pfad des fehlerhaften Moduls: C:\Program
 Files\EslWire\wire.exe  Berichtskennung: dacad400-56b0-11e1-9264-00ff01000001
 
Error - 14.02.2012 17:20:39 | Computer Name = duNson | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1634    Startzeit:
 01cceb5e56dfea30    Endzeit: 15    Anwendungspfad: D:\Steam\Steam.exe    Berichts-ID: bbd288d1-5751-11e1-976f-00ff01000001

 
Error - 20.02.2012 13:11:32 | Computer Name = duNson | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Name des fehlerhaften Moduls: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008a8890  ID des fehlerhaften Prozesses:
 0x1120  Startzeit der fehlerhaften Anwendung: 0x01cceff2a638acf0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Skype\Phone\Skype.exe  Berichtskennung: eefb9100-5be5-11e1-97e0-00ff01000001
 
Error - 27.02.2012 13:46:27 | Computer Name =  | Source = VSS | ID = 8194
Description =
 
Error - 27.02.2012 13:52:53 | Computer Name = | Source = Windows Search Service | ID = 3007
Description =
 
Error - 27.02.2012 14:44:14 | Computer Name =  | Source = MsiInstaller | ID = 11500
Description =
 
[ System Events ]
Error - 30.01.2012 07:33:04 | Computer Name =  | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 30.01.2012 11:05:49 | Computer Name = | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 02.02.2012 14:58:20 | Computer Name =  | Source = DCOM | ID = 10010
Description =
 
Error - 06.02.2012 19:32:53 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.02.2012 19:32:54 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.02.2012 19:32:55 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.02.2012 19:32:55 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 06.02.2012 19:33:53 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 06.02.2012 19:33:54 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 06.02.2012 19:33:54 | Computer Name =  | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1d7f6ff08ed60d4289e6a84ac2221fa0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-27 10:40:25
# local_time=2012-02-27 11:40:25 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 9754468 9754468 0 0
# compatibility_mode=5893 16776573 100 94 304397 82008201 0 0
# compatibility_mode=8192 67108863 100 0 3720 3720 0 0
# scanned=93010
# found=0
# cleaned=0
# scan_time=5415
Vielen Dank vorab für die Zeit die sich genommen wird.

MFG duN

cosinus 29.02.2012 16:05
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

duN 29.02.2012 18:43
Jup, benutze MBAM regelmäßig, denke alle Logs zu Posten würde den Rahmen sprengen.


Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.23.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

23.02.2012 12:13:36
mbam-log-2012-02-23 (12-13-36).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 266491
Laufzeit: 37 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.21.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

21.02.2012 10:22:19
mbam-log-2012-02-21 (10-22-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 185070
Laufzeit: 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.19.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

19.02.2012 15:16:35
mbam-log-2012-02-19 (15-16-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 184667
Laufzeit: 3 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.16.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

17.02.2012 04:41:17
mbam-log-2012-02-17 (04-41-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 184130
Laufzeit: 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

14.02.2012 13:44:50
mbam-log-2012-02-14 (13-44-50).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 263524
Laufzeit: 33 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.09.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
duN :: DUNSON [Administrator]

09.02.2012 11:55:59
mbam-log-2012-02-09 (11-55-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 261835
Laufzeit: 35 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Wenn mehr Logs erwünscht sind einfach bescheid geben.
Vor jedem Scan wird auch aktualisiert.


MFG duN

cosinus 29.02.2012 19:00
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

duN 29.02.2012 19:45
OTL Custom Scan

Code:
OTL logfile created on: 29.02.2012 19:22:25 - Run 3
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\miniduN\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 4,81 Gb Available in Paging File | 80,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 64,30 Gb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 57,03 Gb Free Space | 58,40% Space Free | Partition Type: NTFS
Drive E: | 270,44 Gb Total Space | 181,03 Gb Free Space | 66,94% Space Free | Partition Type: NTFS
 
Computer Name: DUNSON | User Name: duN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\miniduN\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Common Files\WireHelpSvc.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Programme\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Programme\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe (IDT, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (AVKService) -- C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- c:\Programme\IDT\v114_ECS_D_6207.2V7_6099.8xp_G2.0V_RC_SDC\WDM\stacsv.exe (IDT, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ESLWireAC) -- C:\Windows\System32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG)
DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1243646636-350795432-2161022660-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1243646636-350795432-2161022660-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1243646636-350795432-2161022660-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1243646636-350795432-2161022660-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 69 00 13 1C F2 CC 01  [binary data]
IE - HKU\S-1-5-21-1243646636-350795432-2161022660-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.31 21:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 19:44:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.27 18:09:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.07 01:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Extensions
[2011.11.07 01:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.27 18:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\duN\AppData\Roaming\mozilla\Firefox\Profiles\9orqflen.default\extensions
[2012.02.27 19:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.05 23:06:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2011.11.07 01:36:07 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.02.27 19:44:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.01.05 23:06:30 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD}
[2011.11.07 01:36:07 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}
[2012.01.31 21:25:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.27 19:44:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\WebFilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1243646636-350795432-2161022660-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30709977-E419-4B56-8D9E-CA2D25BE11B0}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: ESL Wire - hkey= - key= - C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.28 10:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.28 10:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.02.27 22:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.27 19:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.27 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.27 19:43:57 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.02.27 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.02.27 19:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice
[2012.02.27 17:33:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.02.25 13:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.25 13:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.02.25 13:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.02.25 13:19:59 | 000,000,000 | ---D | C] -- C:\AMD
[2012.02.06 16:32:55 | 000,000,000 | ---D | C] -- C:\Users\duN\Documents\My Received Files
[2012.02.06 16:31:27 | 000,000,000 | ---D | C] -- C:\Users\duN\AppData\Roaming\Miranda
[2012.02.06 16:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2012.02.02 20:25:23 | 000,000,000 | ---D | C] -- C:\Users\duN\AppData\Roaming\OpenCandy
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.29 18:36:26 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.29 18:36:26 | 000,027,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.29 18:33:54 | 000,564,759 | ---- | M] () -- C:\Windows\System32\sig.bin
[2012.02.29 18:33:54 | 000,037,366 | ---- | M] () -- C:\Windows\System32\nmp.map
[2012.02.29 18:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.29 18:29:14 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.27 19:51:41 | 000,430,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.27 19:43:57 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.27 18:09:50 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.02.25 16:04:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.25 16:04:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.25 16:04:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.25 16:04:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.06 16:30:40 | 000,000,984 | ---- | M] () -- C:\Users\duN\Desktop\Miranda IM.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.27 19:43:57 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.02.27 18:09:50 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.02.27 18:09:50 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.02.06 16:30:40 | 000,000,984 | ---- | C] () -- C:\Users\duN\Desktop\Miranda IM.lnk
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.19 16:02:44 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.11.07 20:06:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.11.07 11:08:49 | 000,564,759 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011.11.07 02:34:16 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.11.07 01:06:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2011.12.30 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Canneverbe Limited
[2011.12.28 12:12:44 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.06 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Miranda
[2012.02.02 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\OpenCandy
[2011.11.07 01:32:56 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Thunderbird
[2011.12.31 12:40:54 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\TS3Client
[2012.02.24 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\BitTorrent
[2011.12.28 14:46:38 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\Canneverbe Limited
[2011.12.28 12:12:52 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\DVDVideoSoft
[2012.02.08 18:53:50 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\Miranda
[2012.02.27 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\OpenOffice.org
[2011.11.07 11:12:22 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\Thunderbird
[2012.02.27 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\TS3Client
[2012.02.24 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\miniduN\AppData\Roaming\uTorrent
[2012.01.10 12:26:09 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.30 12:48:04 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Adobe
[2011.11.07 02:29:48 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\ATI
[2011.12.30 13:25:45 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Canneverbe Limited
[2011.12.28 12:12:44 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.07 01:24:15 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Identities
[2011.11.07 03:59:46 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Logishrd
[2011.11.07 04:03:55 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Logitech
[2011.11.07 11:27:37 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Macromedia
[2011.11.07 03:32:39 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Media Center Programs
[2011.12.30 13:36:27 | 000,000,000 | --SD | M] -- C:\Users\duN\AppData\Roaming\Microsoft
[2012.02.06 16:31:27 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Miranda
[2011.11.07 01:35:51 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Mozilla
[2012.02.02 20:25:28 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\OpenCandy
[2011.11.07 03:59:19 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Skype
[2011.11.07 01:32:56 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Thunderbird
[2011.12.31 12:40:54 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\TS3Client
[2011.11.07 03:39:47 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\vlc
[2011.12.30 12:04:37 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\Winamp
[2011.12.30 12:43:47 | 000,000,000 | ---D | M] -- C:\Users\duN\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.02.02 20:25:31 | 000,880,760 | ---- | M] () -- C:\Users\duN\AppData\Roaming\OpenCandy\F4E61496F6EE41279CA37A83B6DD9644\aol_toolbar_DE_XPI_p1v2.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.12.06 04:12:52 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll

< End of report >

cosinus 01.03.2012 12:02
Unauffällig.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

duN 01.03.2012 15:44
TDSS Killer Log

Code:
15:40:16.0178 1340        TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
15:40:16.0319 1340        ============================================================
15:40:16.0319 1340        Current date / time: 2012/03/01 15:40:16.0319
15:40:16.0319 1340        SystemInfo:
15:40:16.0319 1340       
15:40:16.0319 1340        OS Version: 6.1.7601 ServicePack: 1.0
15:40:16.0319 1340        Product type: Workstation
15:40:16.0319 1340        ComputerName: DUNSON
15:40:16.0319 1340        UserName: duN
15:40:16.0319 1340        Windows directory: C:\Windows
15:40:16.0319 1340        System windows directory: C:\Windows
15:40:16.0319 1340        Processor architecture: Intel x86
15:40:16.0319 1340        Number of processors: 3
15:40:16.0319 1340        Page size: 0x1000
15:40:16.0319 1340        Boot type: Normal boot
15:40:16.0319 1340        ============================================================
15:40:17.0239 1340        Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:40:17.0239 1340        \Device\Harddisk0\DR0:
15:40:17.0239 1340        MBR used
15:40:17.0239 1340        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
15:40:17.0255 1340        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0xC34F28D
15:40:17.0270 1340        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x21CE27A9
15:40:17.0348 1340        Initialize success
15:40:17.0348 1340        ============================================================
15:40:44.0087 5060        ============================================================
15:40:44.0087 5060        Scan started
15:40:44.0087 5060        Mode: Manual; SigCheck; TDLFS;
15:40:44.0087 5060        ============================================================
15:40:44.0477 5060        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:40:44.0711 5060        1394ohci - ok
15:40:44.0726 5060        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:40:44.0757 5060        ACPI - ok
15:40:44.0773 5060        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:40:44.0820 5060        AcpiPmi - ok
15:40:44.0882 5060        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:44.0929 5060        adp94xx - ok
15:40:44.0945 5060        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:40:44.0976 5060        adpahci - ok
15:40:45.0007 5060        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:40:45.0054 5060        adpu320 - ok
15:40:45.0101 5060        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:40:45.0163 5060        AFD - ok
15:40:45.0179 5060        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:40:45.0210 5060        agp440 - ok
15:40:45.0257 5060        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:40:45.0288 5060        aic78xx - ok
15:40:45.0319 5060        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:40:45.0350 5060        aliide - ok
15:40:45.0381 5060        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:40:45.0413 5060        amdagp - ok
15:40:45.0444 5060        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:40:45.0491 5060        amdide - ok
15:40:45.0522 5060        amdiox86        (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
15:40:45.0631 5060        amdiox86 - ok
15:40:45.0678 5060        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:40:45.0725 5060        AmdK8 - ok
15:40:46.0021 5060        amdkmdag        (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:46.0286 5060        amdkmdag - ok
15:40:46.0380 5060        amdkmdap        (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
15:40:46.0442 5060        amdkmdap - ok
15:40:46.0473 5060        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:40:46.0520 5060        AmdPPM - ok
15:40:46.0551 5060        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:40:46.0583 5060        amdsata - ok
15:40:46.0614 5060        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:46.0645 5060        amdsbs - ok
15:40:46.0661 5060        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:40:46.0676 5060        amdxata - ok
15:40:46.0785 5060        AODDriver4.01  (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
15:40:46.0801 5060        AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning
15:40:46.0801 5060        AODDriver4.01 - detected UnsignedFile.Multi.Generic (1)
15:40:46.0817 5060        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:40:46.0895 5060        AppID - ok
15:40:46.0926 5060        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:40:46.0973 5060        arc - ok
15:40:46.0988 5060        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:40:47.0004 5060        arcsas - ok
15:40:47.0035 5060        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:47.0066 5060        AsyncMac - ok
15:40:47.0082 5060        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:40:47.0113 5060        atapi - ok
15:40:47.0144 5060        AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys
15:40:47.0175 5060        AtiHDAudioService - ok
15:40:47.0331 5060        atikmdag        (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:47.0487 5060        atikmdag - ok
15:40:47.0628 5060        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:40:47.0675 5060        b06bdrv - ok
15:40:47.0721 5060        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:40:47.0768 5060        b57nd60x - ok
15:40:47.0784 5060        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:40:47.0846 5060        Beep - ok
15:40:47.0877 5060        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:47.0909 5060        blbdrive - ok
15:40:47.0940 5060        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:40:47.0987 5060        bowser - ok
15:40:48.0018 5060        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:48.0080 5060        BrFiltLo - ok
15:40:48.0080 5060        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:48.0127 5060        BrFiltUp - ok
15:40:48.0158 5060        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:40:48.0221 5060        Brserid - ok
15:40:48.0236 5060        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:48.0283 5060        BrSerWdm - ok
15:40:48.0299 5060        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:48.0330 5060        BrUsbMdm - ok
15:40:48.0345 5060        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:48.0377 5060        BrUsbSer - ok
15:40:48.0392 5060        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:48.0439 5060        BTHMODEM - ok
15:40:48.0455 5060        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:48.0517 5060        cdfs - ok
15:40:48.0564 5060        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:40:48.0611 5060        cdrom - ok
15:40:48.0626 5060        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:40:48.0673 5060        circlass - ok
15:40:48.0704 5060        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:40:48.0735 5060        CLFS - ok
15:40:48.0767 5060        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:40:48.0798 5060        CmBatt - ok
15:40:48.0813 5060        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:40:48.0845 5060        cmdide - ok
15:40:48.0876 5060        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:40:48.0923 5060        CNG - ok
15:40:48.0938 5060        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:40:48.0969 5060        Compbatt - ok
15:40:48.0985 5060        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:40:49.0047 5060        CompositeBus - ok
15:40:49.0079 5060        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:40:49.0094 5060        crcdisk - ok
15:40:49.0141 5060        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
15:40:49.0188 5060        CSC - ok
15:40:49.0219 5060        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:40:49.0266 5060        DfsC - ok
15:40:49.0281 5060        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:40:49.0328 5060        discache - ok
15:40:49.0359 5060        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:40:49.0391 5060        Disk - ok
15:40:49.0422 5060        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:40:49.0484 5060        drmkaud - ok
15:40:49.0515 5060        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:49.0562 5060        DXGKrnl - ok
15:40:49.0640 5060        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:40:49.0734 5060        ebdrv - ok
15:40:49.0765 5060        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:40:49.0812 5060        elxstor - ok
15:40:49.0843 5060        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:40:49.0874 5060        ErrDev - ok
15:40:49.0921 5060        ESLvnic1        (3f3126a8f73e92f8eb369d54977d9e15) C:\Windows\system32\DRIVERS\ESLvnic.sys
15:40:49.0937 5060        ESLvnic1 - ok
15:40:49.0999 5060        ESLWireAC      (176fb7ed196dc57f9d622e000d9ec1cd) C:\Windows\system32\drivers\ESLWireACD.sys
15:40:50.0061 5060        ESLWireAC - ok
15:40:50.0093 5060        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:40:50.0155 5060        exfat - ok
15:40:50.0186 5060        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:40:50.0217 5060        fastfat - ok
15:40:50.0249 5060        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:40:50.0295 5060        fdc - ok
15:40:50.0327 5060        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:40:50.0342 5060        FileInfo - ok
15:40:50.0358 5060        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:40:50.0405 5060        Filetrace - ok
15:40:50.0420 5060        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:40:50.0467 5060        flpydisk - ok
15:40:50.0467 5060        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:40:50.0498 5060        FltMgr - ok
15:40:50.0529 5060        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:40:50.0545 5060        FsDepends - ok
15:40:50.0561 5060        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:50.0592 5060        Fs_Rec - ok
15:40:50.0623 5060        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:50.0654 5060        fvevol - ok
15:40:50.0670 5060        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:40:50.0717 5060        gagp30kx - ok
15:40:50.0763 5060        GDBehave        (1b519753da1e7e51f37001e23f1bb045) C:\Windows\system32\drivers\GDBehave.sys
15:40:50.0779 5060        GDBehave - ok
15:40:50.0795 5060        GDMnIcpt        (cd58774324a78bba15b89c35bed81593) C:\Windows\system32\drivers\MiniIcpt.sys
15:40:50.0810 5060        GDMnIcpt - ok
15:40:50.0826 5060        GdNetMon        (30fb73ea7391466051765c7d471ec750) C:\Windows\system32\drivers\GdNetMon32.sys
15:40:50.0857 5060        GdNetMon - ok
15:40:50.0888 5060        GDPkIcpt        (0f917bcee8f65402a2dd4024cf85ce32) C:\Windows\system32\drivers\PktIcpt.sys
15:40:50.0904 5060        GDPkIcpt - ok
15:40:50.0997 5060        gdwfpcd        (26d22ca524c547828d05a13a863ba0a2) C:\Windows\system32\drivers\gdwfpcd32.sys
15:40:51.0013 5060        gdwfpcd - ok
15:40:51.0044 5060        GRD            (f852b577f4c55aeaa91e0640a8d5c7f2) C:\Windows\system32\drivers\GRD.sys
15:40:51.0075 5060        GRD - ok
15:40:51.0107 5060        hamachi        (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:40:51.0153 5060        hamachi - ok
15:40:51.0169 5060        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:40:51.0247 5060        hcw85cir - ok
15:40:51.0294 5060        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:40:51.0356 5060        HdAudAddService - ok
15:40:51.0356 5060        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:51.0403 5060        HDAudBus - ok
15:40:51.0419 5060        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:40:51.0450 5060        HidBatt - ok
15:40:51.0465 5060        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:40:51.0497 5060        HidBth - ok
15:40:51.0512 5060        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:40:51.0543 5060        HidIr - ok
15:40:51.0559 5060        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:51.0590 5060        HidUsb - ok
15:40:51.0637 5060        HookCentre      (4feff88a4bc6eeac4898bfd05325f5c8) C:\Windows\system32\drivers\HookCentre.sys
15:40:51.0653 5060        HookCentre - ok
15:40:51.0684 5060        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:40:51.0699 5060        HpSAMD - ok
15:40:51.0731 5060        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:40:51.0809 5060        HTTP - ok
15:40:51.0840 5060        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:40:51.0871 5060        hwpolicy - ok
15:40:51.0902 5060        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:40:51.0933 5060        i8042prt - ok
15:40:51.0965 5060        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:40:51.0996 5060        iaStorV - ok
15:40:52.0011 5060        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:40:52.0043 5060        iirsp - ok
15:40:52.0074 5060        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:40:52.0089 5060        intelide - ok
15:40:52.0121 5060        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:52.0152 5060        intelppm - ok
15:40:52.0167 5060        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:52.0214 5060        IpFilterDriver - ok
15:40:52.0230 5060        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:52.0261 5060        IPMIDRV - ok
15:40:52.0277 5060        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:40:52.0355 5060        IPNAT - ok
15:40:52.0355 5060        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:40:52.0386 5060        IRENUM - ok
15:40:52.0417 5060        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:40:52.0433 5060        isapnp - ok
15:40:52.0464 5060        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:40:52.0495 5060        iScsiPrt - ok
15:40:52.0511 5060        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:52.0542 5060        kbdclass - ok
15:40:52.0573 5060        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:52.0620 5060        kbdhid - ok
15:40:52.0635 5060        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:40:52.0667 5060        KSecDD - ok
15:40:52.0682 5060        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:52.0698 5060        KSecPkg - ok
15:40:52.0760 5060        LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:40:52.0776 5060        LHidFilt - ok
15:40:52.0823 5060        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:52.0885 5060        lltdio - ok
15:40:52.0916 5060        LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:40:52.0947 5060        LMouFilt - ok
15:40:52.0979 5060        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:40:53.0010 5060        LSI_FC - ok
15:40:53.0025 5060        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:40:53.0057 5060        LSI_SAS - ok
15:40:53.0072 5060        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:40:53.0088 5060        LSI_SAS2 - ok
15:40:53.0119 5060        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:40:53.0135 5060        LSI_SCSI - ok
15:40:53.0166 5060        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:40:53.0228 5060        luafv - ok
15:40:53.0244 5060        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:40:53.0259 5060        megasas - ok
15:40:53.0275 5060        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:40:53.0306 5060        MegaSR - ok
15:40:53.0322 5060        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:40:53.0384 5060        Modem - ok
15:40:53.0431 5060        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:40:53.0462 5060        monitor - ok
15:40:53.0509 5060        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:53.0540 5060        mouclass - ok
15:40:53.0571 5060        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:53.0603 5060        mouhid - ok
15:40:53.0634 5060        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:40:53.0665 5060        mountmgr - ok
15:40:53.0681 5060        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:40:53.0712 5060        mpio - ok
15:40:53.0743 5060        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:40:53.0790 5060        mpsdrv - ok
15:40:53.0805 5060        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:40:53.0852 5060        MRxDAV - ok
15:40:53.0883 5060        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:53.0946 5060        mrxsmb - ok
15:40:53.0977 5060        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:54.0024 5060        mrxsmb10 - ok
15:40:54.0024 5060        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:54.0071 5060        mrxsmb20 - ok
15:40:54.0086 5060        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:40:54.0117 5060        msahci - ok
15:40:54.0133 5060        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:40:54.0164 5060        msdsm - ok
15:40:54.0195 5060        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:40:54.0227 5060        Msfs - ok
15:40:54.0242 5060        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:40:54.0289 5060        mshidkmdf - ok
15:40:54.0305 5060        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:40:54.0336 5060        msisadrv - ok
15:40:54.0367 5060        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:40:54.0414 5060        MSKSSRV - ok
15:40:54.0429 5060        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:54.0476 5060        MSPCLOCK - ok
15:40:54.0492 5060        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:40:54.0539 5060        MSPQM - ok
15:40:54.0554 5060        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:40:54.0585 5060        MsRPC - ok
15:40:54.0601 5060        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:40:54.0648 5060        mssmbios - ok
15:40:54.0663 5060        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:40:54.0741 5060        MSTEE - ok
15:40:54.0741 5060        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:40:54.0773 5060        MTConfig - ok
15:40:54.0804 5060        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:40:54.0819 5060        Mup - ok
15:40:54.0851 5060        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:40:54.0882 5060        NativeWifiP - ok
15:40:54.0913 5060        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:40:54.0944 5060        NDIS - ok
15:40:54.0960 5060        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:55.0007 5060        NdisCap - ok
15:40:55.0038 5060        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:55.0100 5060        NdisTapi - ok
15:40:55.0131 5060        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:55.0194 5060        Ndisuio - ok
15:40:55.0225 5060        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:55.0319 5060        NdisWan - ok
15:40:55.0350 5060        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:40:55.0412 5060        NDProxy - ok
15:40:55.0428 5060        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:40:55.0475 5060        NetBIOS - ok
15:40:55.0506 5060        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:40:55.0568 5060        NetBT - ok
15:40:55.0615 5060        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:40:55.0646 5060        nfrd960 - ok
15:40:55.0677 5060        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:40:55.0724 5060        Npfs - ok
15:40:55.0740 5060        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:40:55.0802 5060        nsiproxy - ok
15:40:55.0849 5060        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:40:55.0911 5060        Ntfs - ok
15:40:55.0927 5060        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:40:55.0958 5060        Null - ok
15:40:55.0989 5060        NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
15:40:56.0036 5060        NVENETFD - ok
15:40:56.0161 5060        NVNET          (1de923088878b495cd4219e47ba34eb8) C:\Windows\system32\DRIVERS\nvmf6232.sys
15:40:56.0192 5060        NVNET - ok
15:40:56.0223 5060        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:40:56.0270 5060        nvraid - ok
15:40:56.0286 5060        nvsmu          (f13618f0cb1e95232f4c2401592a59e9) C:\Windows\system32\DRIVERS\nvsmu.sys
15:40:56.0364 5060        nvsmu - ok
15:40:56.0379 5060        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:40:56.0395 5060        nvstor - ok
15:40:56.0426 5060        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:40:56.0457 5060        nv_agp - ok
15:40:56.0473 5060        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:40:56.0489 5060        ohci1394 - ok
15:40:56.0535 5060        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:40:56.0582 5060        Parport - ok
15:40:56.0613 5060        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:40:56.0645 5060        partmgr - ok
15:40:56.0660 5060        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:40:56.0691 5060        Parvdm - ok
15:40:56.0707 5060        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:40:56.0738 5060        pci - ok
15:40:56.0754 5060        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:40:56.0769 5060        pciide - ok
15:40:56.0785 5060        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:40:56.0816 5060        pcmcia - ok
15:40:56.0832 5060        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:40:56.0879 5060        pcw - ok
15:40:56.0910 5060        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:40:56.0972 5060        PEAUTH - ok
15:40:57.0035 5060        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:40:57.0081 5060        PptpMiniport - ok
15:40:57.0097 5060        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:40:57.0128 5060        Processor - ok
15:40:57.0159 5060        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:40:57.0222 5060        Psched - ok
15:40:57.0269 5060        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:40:57.0347 5060        ql2300 - ok
15:40:57.0362 5060        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:40:57.0409 5060        ql40xx - ok
15:40:57.0425 5060        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:40:57.0456 5060        QWAVEdrv - ok
15:40:57.0471 5060        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:40:57.0518 5060        RasAcd - ok
15:40:57.0549 5060        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:57.0596 5060        RasAgileVpn - ok
15:40:57.0612 5060        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:57.0674 5060        Rasl2tp - ok
15:40:57.0690 5060        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:57.0783 5060        RasPppoe - ok
15:40:57.0799 5060        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:40:57.0861 5060        RasSstp - ok
15:40:57.0893 5060        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:40:57.0955 5060        rdbss - ok
15:40:57.0971 5060        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:57.0986 5060        rdpbus - ok
15:40:58.0017 5060        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:58.0080 5060        RDPCDD - ok
15:40:58.0095 5060        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
15:40:58.0142 5060        RDPDR - ok
15:40:58.0158 5060        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:40:58.0205 5060        RDPENCDD - ok
15:40:58.0220 5060        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:40:58.0267 5060        RDPREFMP - ok
15:40:58.0283 5060        RDPWD          (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
15:40:58.0345 5060        RDPWD - ok
15:40:58.0376 5060        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:40:58.0407 5060        rdyboost - ok
15:40:58.0439 5060        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:40:58.0517 5060        rspndr - ok
15:40:58.0532 5060        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
15:40:58.0595 5060        s3cap - ok
15:40:58.0626 5060        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:40:58.0641 5060        sbp2port - ok
15:40:58.0657 5060        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:40:58.0704 5060        scfilter - ok
15:40:58.0751 5060        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:40:58.0797 5060        secdrv - ok
15:40:58.0829 5060        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:40:58.0875 5060        Serenum - ok
15:40:58.0891 5060        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:40:58.0938 5060        Serial - ok
15:40:58.0953 5060        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:40:59.0000 5060        sermouse - ok
15:40:59.0031 5060        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:40:59.0078 5060        sffdisk - ok
15:40:59.0078 5060        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:40:59.0109 5060        sffp_mmc - ok
15:40:59.0125 5060        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:40:59.0156 5060        sffp_sd - ok
15:40:59.0172 5060        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:40:59.0187 5060        sfloppy - ok
15:40:59.0234 5060        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:40:59.0250 5060        sisagp - ok
15:40:59.0265 5060        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:40:59.0297 5060        SiSRaid2 - ok
15:40:59.0312 5060        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:40:59.0343 5060        SiSRaid4 - ok
15:40:59.0375 5060        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:40:59.0437 5060        Smb - ok
15:40:59.0468 5060        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:40:59.0499 5060        spldr - ok
15:40:59.0562 5060        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:40:59.0624 5060        srv - ok
15:40:59.0640 5060        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:40:59.0687 5060        srv2 - ok
15:40:59.0702 5060        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:40:59.0749 5060        srvnet - ok
15:40:59.0811 5060        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:40:59.0827 5060        stexstor - ok
15:40:59.0858 5060        STHDA          (a53c956c0a38c454bcbdbe904906f718) C:\Windows\system32\DRIVERS\stwrt.sys
15:40:59.0905 5060        STHDA - ok
15:40:59.0936 5060        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
15:40:59.0967 5060        storflt - ok
15:40:59.0999 5060        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
15:41:00.0030 5060        storvsc - ok
15:41:00.0061 5060        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:41:00.0077 5060        swenum - ok
15:41:00.0139 5060        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:41:00.0186 5060        Tcpip - ok
15:41:00.0217 5060        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:41:00.0264 5060        TCPIP6 - ok
15:41:00.0295 5060        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:41:00.0342 5060        tcpipreg - ok
15:41:00.0373 5060        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:41:00.0420 5060        TDPIPE - ok
15:41:00.0435 5060        TDTCP          (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
15:41:00.0482 5060        TDTCP - ok
15:41:00.0513 5060        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:41:00.0560 5060        tdx - ok
15:41:00.0576 5060        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:41:00.0607 5060        TermDD - ok
15:41:00.0638 5060        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:41:00.0685 5060        tssecsrv - ok
15:41:00.0732 5060        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:41:00.0794 5060        TsUsbFlt - ok
15:41:00.0825 5060        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:41:00.0872 5060        tunnel - ok
15:41:00.0903 5060        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:41:00.0950 5060        uagp35 - ok
15:41:00.0981 5060        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:41:01.0028 5060        udfs - ok
15:41:01.0059 5060        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:41:01.0091 5060        uliagpkx - ok
15:41:01.0122 5060        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
15:41:01.0153 5060        umbus - ok
15:41:01.0153 5060        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:41:01.0200 5060        UmPass - ok
15:41:01.0215 5060        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:41:01.0247 5060        usbccgp - ok
15:41:01.0262 5060        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:41:01.0309 5060        usbcir - ok
15:41:01.0325 5060        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:41:01.0356 5060        usbehci - ok
15:41:01.0371 5060        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:41:01.0403 5060        usbhub - ok
15:41:01.0418 5060        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
15:41:01.0465 5060        usbohci - ok
15:41:01.0481 5060        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:41:01.0512 5060        usbprint - ok
15:41:01.0527 5060        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:41:01.0590 5060        USBSTOR - ok
15:41:01.0605 5060        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
15:41:01.0637 5060        usbuhci - ok
15:41:01.0668 5060        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:41:01.0699 5060        vdrvroot - ok
15:41:01.0715 5060        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:41:01.0746 5060        vga - ok
15:41:01.0761 5060        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:41:01.0808 5060        VgaSave - ok
15:41:01.0839 5060        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:41:01.0855 5060        vhdmp - ok
15:41:01.0886 5060        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:41:01.0902 5060        viaagp - ok
15:41:01.0933 5060        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:41:01.0980 5060        ViaC7 - ok
15:41:01.0995 5060        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:41:02.0027 5060        viaide - ok
15:41:02.0058 5060        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
15:41:02.0073 5060        vmbus - ok
15:41:02.0105 5060        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
15:41:02.0151 5060        VMBusHID - ok
15:41:02.0183 5060        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:41:02.0214 5060        volmgr - ok
15:41:02.0229 5060        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:41:02.0261 5060        volmgrx - ok
15:41:02.0276 5060        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:41:02.0292 5060        volsnap - ok
15:41:02.0323 5060        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:41:02.0339 5060        vsmraid - ok
15:41:02.0354 5060        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:41:02.0385 5060        vwifibus - ok
15:41:02.0417 5060        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:41:02.0448 5060        WacomPen - ok
15:41:02.0479 5060        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:41:02.0526 5060        WANARP - ok
15:41:02.0526 5060        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:41:02.0573 5060        Wanarpv6 - ok
15:41:02.0604 5060        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:41:02.0619 5060        Wd - ok
15:41:02.0635 5060        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:41:02.0682 5060        Wdf01000 - ok
15:41:02.0729 5060        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:41:02.0775 5060        WfpLwf - ok
15:41:02.0775 5060        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:41:02.0807 5060        WIMMount - ok
15:41:02.0853 5060        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:41:02.0900 5060        WinUsb - ok
15:41:02.0931 5060        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:41:02.0994 5060        WmiAcpi - ok
15:41:03.0041 5060        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:41:03.0103 5060        ws2ifsl - ok
15:41:03.0134 5060        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:41:03.0181 5060        WudfPf - ok
15:41:03.0212 5060        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:03.0243 5060        WUDFRd - ok
15:41:03.0275 5060        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:41:03.0368 5060        \Device\Harddisk0\DR0 - ok
15:41:03.0368 5060        Boot (0x1200)  (78d4caf652f06da91b8969d530e7ca38) \Device\Harddisk0\DR0\Partition0
15:41:03.0368 5060        \Device\Harddisk0\DR0\Partition0 - ok
15:41:03.0399 5060        Boot (0x1200)  (79e4a8d8763064f065a849045d7c69ad) \Device\Harddisk0\DR0\Partition1
15:41:03.0399 5060        \Device\Harddisk0\DR0\Partition1 - ok
15:41:03.0415 5060        Boot (0x1200)  (573b3157874bca6825e14438bcde0382) \Device\Harddisk0\DR0\Partition2
15:41:03.0415 5060        \Device\Harddisk0\DR0\Partition2 - ok
15:41:03.0415 5060        ============================================================
15:41:03.0415 5060        Scan finished
15:41:03.0415 5060        ============================================================
15:41:03.0431 2432        Detected object count: 1
15:41:03.0431 2432        Actual detected object count: 1
15:41:21.0714 2432        AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user
15:41:21.0714 2432        AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 01.03.2012 20:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

duN 01.03.2012 22:07
Hier die Log,

muss wohl hinzufügen das ich so schlau war und mich mit einem Standard Konto und nicht dem Administrator angemeldet habe und ComboFix damit nicht wirklich einverstanden war. Kam halt ständig ein Fenster das sich öffnete und anschließend schloss.

Hoffe das ist nicht allzutragisch, Scan lief problemlos ....

Code:
ComboFix 12-03-01.01 - duN 01.03.2012  21:11:24.1.3 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3071.2239 [GMT 1:00]
ausgeführt von:: c:\users\miniduN\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WireHelpSvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-01 bis 2012-03-01  ))))))))))))))))))))))))))))))
.
.
2012-03-01 20:16 . 2012-03-01 20:16        --------        d-----w-        c:\program files\LogMeIn Hamachi
2012-03-01 20:15 . 2012-03-01 20:54        --------        d-----w-        c:\users\duN\AppData\Local\temp
2012-02-28 09:57 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{49DFA9AD-4E3C-4609-9C61-31F1A7151C71}\mpengine.dll
2012-02-27 21:08 . 2012-02-27 21:08        --------        d-----w-        c:\program files\ESET
2012-02-27 18:46 . 2012-02-27 18:46        --------        d-----w-        c:\users\miniduN\AppData\Roaming\OpenOffice.org
2012-02-27 18:44 . 2012-02-27 18:44        --------        d-----w-        c:\program files\Common Files\Java
2012-02-27 18:44 . 2012-02-27 18:44        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-27 18:44 . 2012-02-27 18:44        --------        d-----w-        c:\program files\Java
2012-02-27 18:41 . 2012-02-27 18:41        --------        d-----w-        c:\program files\OpenOffice
2012-02-25 12:26 . 2012-02-25 12:26        --------        d-----w-        c:\programdata\ATI
2012-02-25 12:26 . 2012-02-25 12:26        --------        d-----w-        c:\program files\AMD APP
2012-02-25 12:19 . 2012-02-25 12:19        --------        d-----w-        C:\AMD
2012-02-23 11:18 . 2012-03-01 14:39        --------        d-----w-        c:\users\miniduN\AppData\Roaming\uTorrent
2012-02-16 22:42 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-16 22:42 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-16 22:42 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-16 22:42 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-08 17:53 . 2012-02-08 17:53        --------        d-----w-        c:\users\miniduN\AppData\Roaming\Miranda
2012-02-06 15:31 . 2012-02-06 15:31        --------        d-----w-        c:\users\duN\AppData\Roaming\Miranda
2012-02-06 15:30 . 2012-02-06 15:30        --------        d-----w-        c:\program files\Miranda IM
2012-02-02 19:25 . 2012-02-02 19:25        --------        d-----w-        c:\users\duN\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 18:44 . 2011-11-07 02:30        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-17 03:40 . 2011-11-07 02:20        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-11-07 00:51        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-24 12:50 . 2011-11-19 15:02        836496        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2011-12-29 19:19 . 2011-11-07 03:03        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-12-10 14:24 . 2011-11-07 02:32        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-06 03:44 . 2011-12-06 03:44        9067008        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17 . 2011-12-06 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16        778752        ----a-w-        c:\windows\system32\aticfx32.dll
2011-12-06 03:12 . 2011-12-06 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12        404992        ----a-w-        c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11        163328        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10        163840        ----a-w-        c:\windows\system32\atitmmxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        360448        ----a-w-        c:\windows\system32\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09        20992        ----a-w-        c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06        6159872        ----a-w-        c:\windows\system32\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56        19125760        ----a-w-        c:\windows\system32\atioglxx.dll
2011-12-06 02:39 . 2011-12-06 02:39        1828864        ----a-w-        c:\windows\system32\atiumdmv.dll
2011-12-06 02:34 . 2011-12-06 02:34        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2011-12-06 02:33 . 2011-11-10 02:33        5919232        ----a-w-        c:\windows\system32\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29        11484672        ----a-w-        c:\windows\system32\aticaldd.dll
2011-12-06 02:28 . 2011-11-10 02:29        4206592        ----a-w-        c:\windows\system32\atiumdva.dll
2011-12-06 02:18 . 2011-11-10 02:18        51200        ----a-w-        c:\windows\system32\coinst.dll
2011-12-06 02:12 . 2011-12-06 02:12        356352        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        33280        ----a-w-        c:\windows\system32\atigktxx.dll
2011-12-06 02:11 . 2011-12-06 02:11        264192        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11        33280        ----a-w-        c:\windows\system32\atiuxpag.dll
2011-12-06 02:11 . 2011-11-10 02:11        29696        ----a-w-        c:\windows\system32\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\system32\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\system32\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04        59904        ----a-w-        c:\windows\system32\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03        54784        ----a-w-        c:\windows\system32\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03        14499328        ----a-w-        c:\windows\system32\amdocl.dll
2012-01-31 20:25 . 2012-01-07 16:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-11 450667]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2012-02-14 13:34        2717696        ----a-w-        c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38        1987976        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-11-07 49016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 836496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2011-08-03 24504]
.
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\duN\AppData\Roaming\Mozilla\Firefox\Profiles\9orqflen.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-G Data AntiVirus Tray Application - c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-01  21:56:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-01 20:56
.
Vor Suchlauf: 7 Verzeichnis(se), 67.166.720.000 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 66.879.340.544 Bytes frei
.
- - End Of File - - A660F4E70F62D7E8B5FC776113E1573F

duN 01.03.2012 23:31
Sorry für den Doppelpost aber meine Aussage davor war etwas ungenau.

Nach dem Scan und Neustart habe ich mich mit einem Standard Benutzer angemeldet ...

cosinus 02.03.2012 12:51
Was heißt "Standardkonto" - hatte das Adminrechte oder nur Benutzerrechte?

duN 02.03.2012 14:35
Nur Benutzerrechte ....

cosinus 02.03.2012 14:36
Ja das kannste knicken. JEDES Tool hier braucht Adminrechte!

duN 02.03.2012 14:38
Lass den Scan gleich nochmal mit Adminrechten laufen ...

duN 02.03.2012 14:56
Nun aber

Code:
ComboFix 12-03-01.02 - duN 02.03.2012  14:44:08.2.3 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3071.2097 [GMT 1:00]
ausgeführt von:: c:\users\duN\Desktop\ComboFix.exe
AV: G Data AntiVirus 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
SP: G Data AntiVirus 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WireHelpSvc
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-02 bis 2012-03-02  ))))))))))))))))))))))))))))))
.
.
2012-03-02 13:49 . 2012-03-02 13:52        --------        d-----w-        c:\users\duN\AppData\Local\temp
2012-03-01 20:16 . 2012-03-01 20:16        --------        d-----w-        c:\program files\LogMeIn Hamachi
2012-02-27 21:08 . 2012-02-27 21:08        --------        d-----w-        c:\program files\ESET
2012-02-27 18:46 . 2012-02-27 18:46        --------        d-----w-        c:\users\miniduN\AppData\Roaming\OpenOffice.org
2012-02-27 18:44 . 2012-02-27 18:44        --------        d-----w-        c:\program files\Common Files\Java
2012-02-27 18:44 . 2012-02-27 18:44        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-27 18:44 . 2012-02-27 18:44        --------        d-----w-        c:\program files\Java
2012-02-27 18:41 . 2012-02-27 18:41        --------        d-----w-        c:\program files\OpenOffice
2012-02-25 12:26 . 2012-02-25 12:26        --------        d-----w-        c:\programdata\ATI
2012-02-25 12:26 . 2012-02-25 12:26        --------        d-----w-        c:\program files\AMD APP
2012-02-25 12:19 . 2012-02-25 12:19        --------        d-----w-        C:\AMD
2012-02-23 11:18 . 2012-03-01 14:39        --------        d-----w-        c:\users\miniduN\AppData\Roaming\uTorrent
2012-02-16 22:42 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-16 22:42 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-16 22:42 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-16 22:42 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-08 17:53 . 2012-02-08 17:53        --------        d-----w-        c:\users\miniduN\AppData\Roaming\Miranda
2012-02-06 15:31 . 2012-02-06 15:31        --------        d-----w-        c:\users\duN\AppData\Roaming\Miranda
2012-02-06 15:30 . 2012-02-06 15:30        --------        d-----w-        c:\program files\Miranda IM
2012-02-02 19:25 . 2012-02-02 19:25        --------        d-----w-        c:\users\duN\AppData\Roaming\OpenCandy
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 21:29 . 2011-11-07 01:20        30256        ----a-w-        c:\windows\system32\drivers\GRD.sys
2012-02-27 18:44 . 2011-11-07 02:30        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-17 03:40 . 2011-11-07 02:20        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-11-07 00:51        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-24 12:50 . 2011-11-19 15:02        836496        ----a-w-        c:\windows\system32\drivers\ESLWireACD.sys
2011-12-29 19:19 . 2011-11-07 03:03        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-12-10 14:24 . 2011-11-07 02:32        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-06 03:44 . 2011-12-06 03:44        9067008        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:17 . 2011-12-06 03:17        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-11-10 03:16        778752        ----a-w-        c:\windows\system32\aticfx32.dll
2011-12-06 03:12 . 2011-12-06 03:12        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12        404992        ----a-w-        c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11        163328        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10        163840        ----a-w-        c:\windows\system32\atitmmxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        360448        ----a-w-        c:\windows\system32\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10        278528        ----a-w-        c:\windows\system32\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09        20992        ----a-w-        c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2011-12-06 03:06 . 2011-11-10 03:06        6159872        ----a-w-        c:\windows\system32\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56        19125760        ----a-w-        c:\windows\system32\atioglxx.dll
2011-12-06 02:39 . 2011-12-06 02:39        1828864        ----a-w-        c:\windows\system32\atiumdmv.dll
2011-12-06 02:34 . 2011-12-06 02:34        46080        ----a-w-        c:\windows\system32\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34        44032        ----a-w-        c:\windows\system32\aticalcl.dll
2011-12-06 02:33 . 2011-11-10 02:33        5919232        ----a-w-        c:\windows\system32\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29        11484672        ----a-w-        c:\windows\system32\aticaldd.dll
2011-12-06 02:28 . 2011-11-10 02:29        4206592        ----a-w-        c:\windows\system32\atiumdva.dll
2011-12-06 02:18 . 2011-11-10 02:18        51200        ----a-w-        c:\windows\system32\coinst.dll
2011-12-06 02:12 . 2011-12-06 02:12        356352        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12        33280        ----a-w-        c:\windows\system32\atigktxx.dll
2011-12-06 02:11 . 2011-12-06 02:11        264192        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-11-10 02:11        33280        ----a-w-        c:\windows\system32\atiuxpag.dll
2011-12-06 02:11 . 2011-11-10 02:11        29696        ----a-w-        c:\windows\system32\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\system32\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53760        ----a-w-        c:\windows\system32\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-12-05 21:04 . 2011-12-05 21:04        59904        ----a-w-        c:\windows\system32\OpenVideo.dll
2011-12-05 21:03 . 2011-12-05 21:03        54784        ----a-w-        c:\windows\system32\OVDecode.dll
2011-12-05 21:03 . 2011-12-05 21:03        14499328        ----a-w-        c:\windows\system32\amdocl.dll
2012-01-31 20:25 . 2012-01-07 16:20        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-11 450667]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"G Data AntiVirus Tray Application"="c:\program files\G Data\AntiVirus\AVKTray\AVKTray.exe" [2011-05-11 923144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
2012-02-14 13:34        2717696        ----a-w-        c:\program files\EslWire\wire.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38        1987976        ----a-w-        c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2012-03-01 29400]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-11-07 49016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-03-01 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-03-01 79992]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2012-03-01 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-03-01 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-03-01 41336]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 163328]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 291840]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2011-06-24 39424]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\AntiVirus\AVK\AVKService.exe [2011-04-01 409608]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\AntiVirus\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 836496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 9067008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 264192]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2011-08-03 24504]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
.
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\duN\AppData\Roaming\Mozilla\Firefox\Profiles\9orqflen.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-02  14:54:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-02 13:54
.
Vor Suchlauf: 10 Verzeichnis(se), 68.924.407.808 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 68.924.837.888 Bytes frei
.
- - End Of File - - F9CC180AFC8E5527BBA55C050FA9C0E6


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:27 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129