PC plötzlich langsamer als gewohnt, möglicher Befall?

EerieEric · 16.12.2011, 15:24

Hallo Trojaner-Board!
Ich hoffe, meine Anfrage klingt (oder ist) nicht allzu unangemessen:

Vor etwas mehr als einer Woche hatte ich auf meinem Win7-32bit-System die Software "Samsung Kies" installiert und Windows Updates durchgeführt. Als Kies sich dann selbst updaten wollte, fuhr der Rechner ohne Anweisung oder irgendwelche Meldungen herunter. Seitdem habe ich das Gefühl, er laufe langsamer als gewohnt, vor allem der Systemstart hat sich verlängert.
Nach ein wenig Googlen habe ich dann den Autoneustart deaktiviert, konnte den Absturz aber nicht reproduzieren. Weil ich nun aber leider Angst habe, mir durch irgendein Versäumnis eine "unauffällige" Gemeinheit eingefangen zu haben, bitte ich euch, meine Logs anzuschauen - ich habe genug über Rootkits, befallene Bios und Spyeye etc. gelesen, als dass ich ohne professionelle Hilfe noch Onlinebanking oder Paypal nutzen könnte...

Die Logs:
Defogger wurde aktiviert (nach dem Scan gab es keine Neustartaufforderung, wurde dann manuell gemacht).

OTL gab nur ein Log heraus:
OTL.txt

Code:

ATTFilter

OTL logfile created on: 16.12.2011 14:27:06 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eric\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 72,40% Memory free
7,00 Gb Paging File | 5,90 Gb Available in Paging File | 84,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,41 Gb Total Space | 172,46 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 247,17 Gb Free Space | 35,38% Space Free | Partition Type: NTFS
 
Computer Name: KISTE | User Name: Eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.16 14:13:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2011.12.02 16:17:52 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.12.02 16:17:42 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.25 08:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.17 02:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.15 10:08:08 | 001,158,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2010.11.15 10:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.08.03 09:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe
PRC - [2010.08.03 09:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\System32\XSrvSetup.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver2\des2svr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.06 06:17:55 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll
MOD - [2011.12.06 06:16:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4d72e6878b73da48f7a6953a5e0b9332\System.Runtime.Remoting.ni.dll
MOD - [2011.12.06 06:16:11 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll
MOD - [2011.12.06 04:24:30 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll
MOD - [2011.12.06 04:24:20 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll
MOD - [2011.12.06 04:24:19 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll
MOD - [2011.12.06 04:24:18 | 000,115,137 | ---- | M] () -- C:\Users\Eric\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2011.12.06 04:24:15 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll
MOD - [2011.12.06 04:24:13 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll
MOD - [2011.12.06 04:24:12 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll
MOD - [2011.12.06 04:24:12 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll
MOD - [2011.12.06 04:24:12 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll
MOD - [2011.12.06 04:24:10 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll
MOD - [2011.12.06 04:24:05 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll
MOD - [2011.12.02 16:17:52 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010.11.15 10:08:08 | 000,962,416 | ---- | M] () -- C:\Programme\Tablet\Wacom\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.03 00:40:56 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Programme\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011.08.03 22:04:19 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 08:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.29 00:08:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.15 10:08:06 | 004,807,536 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\XSrvSetup.exe -- (JMB36X)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Programme\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.16 14:23:22 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.12.10 03:37:57 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.25 20:59:10 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.07.25 20:57:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.05.25 08:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.25 08:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.04.23 19:30:16 | 000,028,936 | ---- | M] (WeOnlyDo Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wod0205.sys -- (wod0205)
DRV - [2011.02.12 19:01:24 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.19 03:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.11.19 03:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.02 15:07:54 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010.10.25 09:59:32 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010.10.25 09:59:28 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010.09.07 03:37:16 | 000,104,024 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.22 15:08:26 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2009.12.21 16:30:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV - [2009.12.21 16:30:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.07.20 03:26:40 | 000,027,648 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.11 14:56:14 | 000,013,056 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Kone.sys -- (KoneFltr)
DRV - [2007.12.03 03:19:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD 74 29 1C 51 A4 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.1
FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: faextender@neocodenetworks.com:0.4.0.7
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: tito@sorttabs:2.100910.18
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.8.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: yesscript@userstyles.org:1.9
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.37
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: tabcounter@morac:1.8.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {359faf50-e061-11dd-ad8b-0800200c9a66}:2.2.1
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.7
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eric\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 16:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.03 03:51:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.19 23:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.10.13 23:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions
[2010.06.05 20:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.13 23:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\extensions\prism@developer.mozilla.org
[2011.12.16 14:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions
[2010.12.25 18:47:40 | 000,000,000 | ---D | M] (Slickerfox) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{359faf50-e061-11dd-ad8b-0800200c9a66}
[2011.11.10 15:56:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.12 03:24:50 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2011.11.25 12:15:23 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2011.11.22 17:14:59 | 000,000,000 | ---D | M] (Perapera Chinese-German Dictionary File) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\chinese-german@perapera.org
[2011.11.22 16:40:43 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\chineseperakun@gmail.com
[2011.02.26 23:07:46 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\FasterFox_Lite@BigRedBrent
[2011.03.19 15:12:57 | 000,000,000 | ---D | M] (Multi Links) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\multilinks@plugin
[2010.12.25 18:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\oakVoc
[2011.01.28 01:07:32 | 000,000,000 | ---D | M] (Tab Counter) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\tabcounter@morac
[2010.12.25 18:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\temp
[2011.02.03 00:45:39 | 000,000,000 | ---D | M] (YesScript) -- C:\Users\Eric\AppData\Roaming\mozilla\firefox\g7fg81q4.default\extensions\yesscript@userstyles.org
[2009.01.18 16:07:33 | 000,001,093 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\----zh.xml
[2010.02.10 20:04:55 | 000,001,647 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\deezercom.xml
[2011.12.16 13:37:36 | 000,002,012 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\handedict.xml
[2011.12.16 13:37:36 | 000,002,008 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\leo-de-en.xml
[2010.01.07 00:17:59 | 000,001,755 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\leo-deu-fra.xml
[2010.04.29 02:49:34 | 000,001,993 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\ubuntuusers-portal.xml
[2010.06.05 22:08:16 | 000,001,328 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wikipedia-de.xml
[2008.06.19 14:55:18 | 000,001,108 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wikipedia-en.xml
[2009.12.15 22:14:53 | 000,001,344 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\wiktionary-de.xml
[2011.12.16 13:37:36 | 000,002,431 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\youtube---videos.xml
[2011.12.07 05:22:37 | 000,002,057 | ---- | M] () -- C:\Users\Eric\AppData\Roaming\Mozilla\firefox\g7fg81q4.default\searchplugins\youtube-videosuche.xml
[2011.11.20 01:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.22 23:51:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.20 01:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{62B958B4-9962-4FC2-9983-01A9A42D6F2D}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{A4732521-77D9-447E-A557-B279AC923F06}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\FAEXTENDER@NEOCODENETWORKS.COM.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\PERAPERAKUN-CHINESE@GMAIL.COM.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\PERAPERAKUN-JPEN@GMAIL.COM.XPI
() (No name found) -- C:\USERS\ERIC\APPDATA\ROAMING\MOZILLA\FIREFOX\G7FG81Q4.DEFAULT\EXTENSIONS\SORTPLACES@ANDYHALFORD.COM.XPI
[2011.11.09 16:05:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.20 01:12:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.05.10 01:44:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.10 01:45:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.10 01:45:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.10 01:45:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.10 01:45:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.10 01:45:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [36X Raid Configurer] C:\Windows\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F1952E-941C-4D79-8822-F65F9A8B63CF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0EFEE2B0-84D5-74A9-9D5A-5AD092B8495D} - Microsoft VM
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.16 14:13:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011.12.08 18:17:08 | 000,000,000 | ---D | C] -- C:\Users\Eric\Desktop\Zeug
[2011.12.07 03:42:25 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Avira
[2011.12.07 03:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.07 03:37:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.07 03:37:02 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.07 03:37:02 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.07 03:37:02 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.07 03:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.07 03:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.06 05:21:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.06 05:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.06 05:02:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.06 05:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.06 04:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2011.12.06 04:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2011.12.06 04:23:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2011.12.06 04:22:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.06 04:21:15 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Samsung
[2011.12.06 04:20:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Samsung
[2011.12.06 04:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.12.06 04:18:39 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2011.12.06 04:18:34 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2011.12.06 04:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011.12.06 04:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.12.06 04:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.12.02 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\LOVE
[2011.11.28 21:54:24 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Endless Fluff Games
[2011.11.28 03:51:33 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\DemolitionInc
[2011.11.24 03:41:01 | 000,000,000 | ---D | C] -- C:\Users\Eric\Documents\My Kindle Content
[2011.11.24 03:40:53 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.11.24 03:40:52 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Amazon
[2011.11.24 03:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011.11.22 19:36:56 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\.minecraft
[2011.11.20 01:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.20 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.11.18 02:53:25 | 000,000,000 | ---D | C] -- C:\antitwined
[2011.11.17 23:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 14:30:44 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 14:30:44 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 14:23:24 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 14:23:23 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.12.16 14:23:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 14:23:07 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.16 14:21:01 | 000,000,000 | ---- | M] () -- C:\Users\Eric\defogger_reenable
[2011.12.16 14:13:42 | 000,302,592 | ---- | M] () -- C:\Users\Eric\Desktop\80h5n60v.exe
[2011.12.16 14:13:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2011.12.16 14:13:24 | 000,050,477 | ---- | M] () -- C:\Users\Eric\Desktop\Defogger.exe
[2011.12.16 14:04:49 | 003,670,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 13:37:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.10 03:37:57 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.08 23:17:16 | 000,680,312 | ---- | M] () -- C:\Users\Eric\.TransferManager.db
[2011.12.06 06:37:35 | 000,038,932 | ---- | M] () -- C:\Users\Eric\Desktop\cc_20111206_063725.reg
[2011.12.06 04:26:32 | 000,707,300 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 04:26:32 | 000,660,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 04:26:32 | 000,152,892 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 04:26:32 | 000,125,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.28 03:51:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.11.22 19:33:17 | 000,270,142 | ---- | M] () -- C:\Users\Eric\Desktop\Minecraft.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.16 14:21:01 | 000,000,000 | ---- | C] () -- C:\Users\Eric\defogger_reenable
[2011.12.16 14:13:42 | 000,302,592 | ---- | C] () -- C:\Users\Eric\Desktop\80h5n60v.exe
[2011.12.16 14:13:23 | 000,050,477 | ---- | C] () -- C:\Users\Eric\Desktop\Defogger.exe
[2011.12.08 23:17:16 | 000,680,312 | ---- | C] () -- C:\Users\Eric\.TransferManager.db
[2011.12.06 06:37:27 | 000,038,932 | ---- | C] () -- C:\Users\Eric\Desktop\cc_20111206_063725.reg
[2011.12.03 03:51:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.22 19:33:16 | 000,270,142 | ---- | C] () -- C:\Users\Eric\Desktop\Minecraft.exe
[2011.11.17 23:36:49 | 000,000,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Twin.lnk
[2011.11.04 03:07:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 23:30:29 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.07.25 20:57:59 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.07.25 20:57:58 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.07.09 00:15:18 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.07.03 23:24:22 | 000,007,608 | ---- | C] () -- C:\Users\Eric\AppData\Local\Resmon.ResmonCfg
[2011.05.20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.18 19:31:29 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.29 00:03:12 | 000,105,692 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.28 13:19:05 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.28 13:18:59 | 000,022,328 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\PnkBstrK.sys
[2010.12.28 13:18:26 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.28 13:18:25 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.12.28 13:18:25 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.27 18:18:26 | 000,000,092 | ---- | C] () -- C:\Users\Eric\AppData\Local\fusioncache.dat
[2010.12.26 01:33:12 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.25 20:23:03 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.12.25 19:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.25 17:22:57 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.12.25 17:19:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\CommCmd.dll
[2010.12.25 17:16:17 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2010.12.25 17:16:17 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2010.12.25 17:15:33 | 000,072,304 | ---- | C] () -- C:\Windows\System32\XSrvSetup.exe
[2010.12.25 17:12:18 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.09.24 08:49:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\lua5.1a_gui.exe
[2010.09.24 08:49:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\lua5.1a.exe
[2010.09.24 08:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2009.10.06 08:16:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 09:47:43 | 000,707,300 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,152,892 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 003,670,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,660,918 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,125,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.11.22 19:37:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\.minecraft
[2011.08.06 20:02:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\AtomZombieData
[2011.09.27 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Audacity
[2010.12.26 01:17:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Blender Foundation
[2011.01.05 03:58:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Braid
[2011.07.10 14:36:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Brawsome
[2011.07.26 23:30:29 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Broken Rules
[2010.12.29 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.11.12 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Chocolate Castle
[2011.01.23 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2011.01.23 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.03.06 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Command and Conquer 4
[2011.07.26 22:56:18 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Crayon Physics Deluxe
[2011.03.31 21:52:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\devilteam.com.6541CD13E116CF2CC04BB21990CF29C835563A61.1
[2011.05.08 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Dwarfs
[2011.11.28 21:54:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Endless Fluff Games
[2011.01.23 20:27:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GameRanger
[2011.07.10 13:21:32 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GlarySoft
[2011.01.23 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\InfraRecorder
[2010.12.25 18:56:59 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\IrfanView
[2011.11.12 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Jasper's Journeys
[2011.07.03 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Kalypso Media
[2011.06.05 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Language
[2011.07.26 23:35:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Lazy 8 Studios
[2011.10.12 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LibreOffice
[2011.12.02 00:10:56 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LOVE
[2011.02.01 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Minetographer
[2011.08.15 22:30:34 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\MinMaxGames
[2011.11.02 00:23:22 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Miranda
[2011.03.20 02:10:48 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Natural Selection 2
[2011.04.16 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\nikki-free-levels
[2010.12.26 01:27:14 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\OpenOffice.org
[2011.10.13 23:50:03 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Prism
[2010.12.25 17:47:23 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ROCCAT
[2011.12.06 04:20:52 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Samsung
[2011.08.11 22:31:15 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\sc68
[2010.12.28 23:59:53 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.05.18 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\System
[2010.12.25 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SYSTEMAX Software Development
[2011.05.29 15:20:36 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TerrariaWorldViewer
[2011.04.03 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\The Creative Assembly
[2011.01.01 19:08:00 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\The Path
[2010.12.25 19:07:47 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird
[2011.12.06 06:36:54 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TS3Client
[2011.07.13 00:46:06 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ubisoft
[2011.01.19 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Unity
[2011.11.04 02:18:39 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Voxatron
[2011.06.05 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Wippien
[2011.05.29 03:00:21 | 000,000,000 | -HSD | M] -- C:\Users\Eric\AppData\Roaming\wyUpdate AU
[2011.11.12 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Zen Puzzle Garden
[2011.01.01 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\ZombieDriver
[2011.12.16 14:23:23 | 000,000,312 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.10.22 23:48:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.25 17:07:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.18 22:35:14 | 000,000,000 | ---D | M] -- C:\antitwined
[2011.12.06 04:28:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.25 17:13:10 | 000,000,000 | ---D | M] -- C:\Intel
[2011.09.23 02:50:44 | 000,000,000 | ---D | M] -- C:\Minecraft Server
[2011.02.27 12:41:24 | 000,000,000 | ---D | M] -- C:\Minecraft Server 3
[2011.04.21 12:39:57 | 000,000,000 | ---D | M] -- C:\Minecraft Server1
[2011.02.05 03:07:31 | 000,000,000 | ---D | M] -- C:\Minecraft Server2
[2011.09.14 14:29:42 | 000,000,000 | ---D | M] -- C:\Minecraft Serverx
[2010.12.26 01:05:47 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.07 03:37:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.07 03:37:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.01 01:42:08 | 000,000,000 | ---D | M] -- C:\Python26
[2011.02.01 01:39:00 | 000,000,000 | ---D | M] -- C:\Python27
[2010.12.26 01:21:52 | 000,000,000 | ---D | M] -- C:\Python31
[2010.12.25 17:15:33 | 000,000,000 | ---D | M] -- C:\RaidTool
[2010.12.25 17:07:13 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.12 20:40:39 | 000,000,000 | ---D | M] -- C:\Siele
[2011.11.12 20:37:06 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.12.16 14:30:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.11 22:31:00 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.08 20:05:59 | 000,000,000 | ---D | M] -- C:\Windows
[2011.12.16 14:09:34 | 000,000,000 | ---D | M] -- C:\zzzUbuntu
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-16 13:02:33

< End of report >

Gmer wollte ich auch durchlaufen lassen, aber es stürzt ständig ab - manchmal mit Bluescreen (u.a. bad header error). Meistens endet der Suchlauf bei den Punkten "harddisk shadow volume copy 1" oder "harddisk shadow volume copy 2".

Vielen Dank für eure Zeit und Hilfe!

Eric

cosinus · 18.12.2011, 13:42

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

EerieEric · 21.12.2011, 16:08

Hallo!
Mit ein bisschen Verzug habe ich nun auch Antimalware und Eset laufen lassen.
Hier die Logs:

Anti-Malware

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8397

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

19.12.2011 18:12:45
mbam-log-2011-12-19 (18-12-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 1434421
Laufzeit: 3 Stunde(n), 14 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Eric\Desktop\oi_cd112156.exe (PUP.Adware.OpenInstall) -> Quarantined and deleted successfully.

Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-19 07:13:34
# local_time=2011-12-19 08:13:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1094117 1094117 0 0
# compatibility_mode=5893 16776574 100 94 25465423 75947130 0 0
# compatibility_mode=8192 67108863 100 0 3839 3839 0 0
# scanned=334530
# found=0
# cleaned=0
# scan_time=6074
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 12:24:19
# local_time=2011-12-21 01:24:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1205195 1205195 0 0
# compatibility_mode=5893 16776574 100 94 25576501 76058208 0 0
# compatibility_mode=8192 67108863 100 0 114917 114917 0 0
# scanned=3048
# found=0
# cleaned=0
# scan_time=41
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80fbdfb27ab27747a2c1111ea74743c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 06:24:24
# local_time=2011-12-21 07:24:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1205544 1205544 0 0
# compatibility_mode=5893 16776574 100 94 25576850 76058557 0 0
# compatibility_mode=8192 67108863 100 0 115266 115266 0 0
# scanned=1275404
# found=5
# cleaned=0
# scan_time=21297
C:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe	probably a variant of Win32/Spy.Agent.BRFBWVA trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Eric\Desktopzeug\DL\FFSetup2.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe	probably a variant of Win32/Spy.Agent.BRFBWVA trojan (unable to clean)	00000000000000000000000000000000	I
E:\Users\Eric\Downloads\FFSetup2.zip	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\Users\Eric\Downloads\SoftonicDownloader38594.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

Zum Eset-Scan muss ich noch anmerken, dass ich keinen Zugriff auf unsere Routereinstellungen hatte, falls der eine eigene Firewall laufen lässt. Zudem wurde angezeigt, dass der Windows Defender lief, obwohl er für den Scan deaktiviert wurde. Ich hoffe, die Ergebnisse wurden nicht verfäscht.

cosinus · 21.12.2011, 16:10

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

EerieEric · 21.12.2011, 16:21

Sorry, das ist mein einziges vollständiges Log (vom gleichen Tag ist noch eines von einem abgebrochenen Suchlauf vorhanden). Ich hatte vor einer Weile einen Quick-Scan gemacht, der nichts fand. Das Log wurde aber gelöscht, als ich das Programm deinstallierte...

cosinus · 21.12.2011, 16:22

Zitat:

C:\Users\Eric\Desk\Spiele\homm5rmg-1.0\homm5rmg.exe

Was ist denn das hier?

EerieEric · 21.12.2011, 16:28

Das ist ein Addon zu dem Spiel Heroes of Might and Magic 5: "Random Map Generator". Das ist jetzt schon eine Weile auf dem Rechner, aber bei vorigen Scans (AntiVir etc.) nie aufgefallen...

cosinus · 21.12.2011, 17:20

Dann ist es ein Fehlalarm. Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

EerieEric · 21.12.2011, 19:31

Hier, einmal Quickscan als *.zip.

cosinus · 21.12.2011, 20:05

Also dass dein vollgestopfter Rechner langsam ist wundert mich überhaupt nicht

Hunderte Dateien liegen allein auf deinem Desktop und deine Programmordner ist ebenfalls mit Dutzenden Ordner gefüllt. Installierst du dir jeden Mist der dir in die Finger kommt?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
O4 - HKCU..\Run: [AdobeBridge]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
[2011.05.18 19:31:29 | 000,000,132 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

EerieEric · 21.12.2011, 20:42

Zuerst einmal herzlichen Dank für die bisherige Hilfe, ich habe das Script ausgeführt und dieses Log erhalten:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
E:\autoexec.bat moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ deleted successfully.
C:\Users\Eric\AppData\Roaming\Adobe PNG Format CS5 Prefs moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Eric
->Temp folder emptied: 20983215 bytes
->Temporary Internet Files folder emptied: 20557939 bytes
->Java cache emptied: 1076853 bytes
->FireFox cache emptied: 75961956 bytes
->Flash cache emptied: 146430 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18678 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 114,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12212011_201825

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Zu meiner Verteidigung möchte allerdings ich sagen, dass meine Festplatte(n) zwar gut voll sind und nach einigen unübersichtlichen Kopieraktionen reichlich Ballast mit sich rumschleppen, den ich noch nicht abgeworfen habe. Aber "jeden Mist installieren" halte ich für eine Frage der persönlichen Präferenz, sofern man nicht "jeden Mist ungeprüft installiert. Meine Befürchtungen bezogen sich daher auch nicht auf eine generelle Trägheit meines PC, sondern auf jene subjektiven Veränderungen, die ich nach meiner obigen Schilderung wahrgenommen hatte.
Daher vielen Dank, dass Sie sich meines Problems so geduldig und gründlich angenommen haben. Es beruhigt mich sehr, dass nicht der böse Rootkit-Geist durch meinen Computer wabert und mich über Weihnachten heimsucht wie einen bekannten geizigen Knurrhahn...
Ich nehme an, die gefundenen Probleme bedürfen keiner weiteren Beachtung?

cosinus · 21.12.2011, 20:58

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

EerieEric · 21.12.2011, 21:09

Hier ist das TDSSKiller-Log:

Code:

ATTFilter

21:07:03.0602 5784	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:07:03.0727 5784	============================================================
21:07:03.0727 5784	Current date / time: 2011/12/21 21:07:03.0727
21:07:03.0727 5784	SystemInfo:
21:07:03.0727 5784	
21:07:03.0727 5784	OS Version: 6.1.7601 ServicePack: 1.0
21:07:03.0727 5784	Product type: Workstation
21:07:03.0727 5784	ComputerName: KISTE
21:07:03.0727 5784	UserName: Eric
21:07:03.0727 5784	Windows directory: C:\Windows
21:07:03.0727 5784	System windows directory: C:\Windows
21:07:03.0727 5784	Processor architecture: Intel x86
21:07:03.0727 5784	Number of processors: 8
21:07:03.0727 5784	Page size: 0x1000
21:07:03.0727 5784	Boot type: Normal boot
21:07:03.0727 5784	============================================================
21:07:04.0913 5784	Initialize success
21:07:16.0519 5000	============================================================
21:07:16.0519 5000	Scan started
21:07:16.0519 5000	Mode: Manual; SigCheck; TDLFS; 
21:07:16.0519 5000	============================================================
21:07:17.0346 5000	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:07:17.0424 5000	1394ohci - ok
21:07:17.0455 5000	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:07:17.0471 5000	ACPI - ok
21:07:17.0518 5000	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:07:17.0580 5000	AcpiPmi - ok
21:07:17.0642 5000	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:07:17.0674 5000	adp94xx - ok
21:07:17.0689 5000	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:07:17.0705 5000	adpahci - ok
21:07:17.0720 5000	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:07:17.0736 5000	adpu320 - ok
21:07:17.0830 5000	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:07:17.0861 5000	AFD - ok
21:07:17.0892 5000	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:07:17.0892 5000	agp440 - ok
21:07:17.0923 5000	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:07:17.0923 5000	aic78xx - ok
21:07:18.0001 5000	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:07:18.0017 5000	aliide - ok
21:07:18.0032 5000	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:07:18.0048 5000	amdagp - ok
21:07:18.0064 5000	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:07:18.0079 5000	amdide - ok
21:07:18.0095 5000	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:07:18.0157 5000	AmdK8 - ok
21:07:18.0204 5000	AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
21:07:18.0251 5000	AmdLLD - ok
21:07:18.0251 5000	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:07:18.0313 5000	AmdPPM - ok
21:07:18.0344 5000	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:07:18.0360 5000	amdsata - ok
21:07:18.0391 5000	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:07:18.0438 5000	amdsbs - ok
21:07:18.0594 5000	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:07:18.0625 5000	amdxata - ok
21:07:18.0703 5000	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:07:18.0828 5000	AppID - ok
21:07:18.0859 5000	AppleCharger    (f0a48ce44d3f368990ca8954340bd9a0) C:\Windows\system32\DRIVERS\AppleCharger.sys
21:07:18.0875 5000	AppleCharger - ok
21:07:18.0906 5000	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:07:18.0922 5000	arc - ok
21:07:18.0937 5000	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:07:18.0953 5000	arcsas - ok
21:07:19.0015 5000	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:07:19.0093 5000	AsyncMac - ok
21:07:19.0124 5000	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:07:19.0124 5000	atapi - ok
21:07:19.0156 5000	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
21:07:19.0171 5000	atksgt - ok
21:07:19.0234 5000	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
21:07:19.0234 5000	avgntflt - ok
21:07:19.0280 5000	avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
21:07:19.0296 5000	avipbb - ok
21:07:19.0327 5000	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:07:19.0327 5000	avkmgr - ok
21:07:19.0374 5000	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:07:19.0405 5000	b06bdrv - ok
21:07:19.0468 5000	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:07:19.0483 5000	b57nd60x - ok
21:07:19.0514 5000	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:07:19.0561 5000	Beep - ok
21:07:19.0577 5000	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:07:19.0592 5000	blbdrive - ok
21:07:19.0639 5000	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:07:19.0686 5000	bowser - ok
21:07:19.0702 5000	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:07:19.0733 5000	BrFiltLo - ok
21:07:19.0764 5000	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:07:19.0811 5000	BrFiltUp - ok
21:07:19.0842 5000	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:07:19.0873 5000	Brserid - ok
21:07:19.0889 5000	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:07:19.0920 5000	BrSerWdm - ok
21:07:19.0951 5000	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:07:19.0998 5000	BrUsbMdm - ok
21:07:20.0014 5000	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:07:20.0045 5000	BrUsbSer - ok
21:07:20.0045 5000	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:07:20.0060 5000	BTHMODEM - ok
21:07:20.0076 5000	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:07:20.0107 5000	cdfs - ok
21:07:20.0185 5000	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:07:20.0201 5000	cdrom - ok
21:07:20.0232 5000	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:07:20.0263 5000	circlass - ok
21:07:20.0294 5000	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:07:20.0310 5000	CLFS - ok
21:07:20.0341 5000	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:07:20.0372 5000	CmBatt - ok
21:07:20.0419 5000	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:07:20.0435 5000	cmdide - ok
21:07:20.0466 5000	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:07:20.0482 5000	CNG - ok
21:07:20.0497 5000	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:07:20.0497 5000	Compbatt - ok
21:07:20.0560 5000	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:07:20.0575 5000	CompositeBus - ok
21:07:20.0591 5000	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:07:20.0591 5000	crcdisk - ok
21:07:20.0684 5000	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:07:20.0762 5000	DfsC - ok
21:07:20.0794 5000	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:07:20.0825 5000	discache - ok
21:07:20.0840 5000	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:07:20.0856 5000	Disk - ok
21:07:20.0887 5000	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:07:20.0903 5000	drmkaud - ok
21:07:20.0965 5000	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:07:20.0996 5000	DXGKrnl - ok
21:07:21.0059 5000	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:07:21.0106 5000	ebdrv - ok
21:07:21.0121 5000	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:07:21.0137 5000	elxstor - ok
21:07:21.0184 5000	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:07:21.0199 5000	ErrDev - ok
21:07:21.0277 5000	etdrv           (3af0ae042afe486b22644cd3fbebf2e2) C:\Windows\etdrv.sys
21:07:21.0293 5000	etdrv - ok
21:07:21.0308 5000	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:07:21.0340 5000	exfat - ok
21:07:21.0355 5000	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:07:21.0386 5000	fastfat - ok
21:07:21.0418 5000	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:07:21.0433 5000	fdc - ok
21:07:21.0433 5000	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:07:21.0449 5000	FileInfo - ok
21:07:21.0464 5000	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:07:21.0496 5000	Filetrace - ok
21:07:21.0542 5000	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:07:21.0558 5000	flpydisk - ok
21:07:21.0589 5000	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:07:21.0605 5000	FltMgr - ok
21:07:21.0620 5000	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:07:21.0620 5000	FsDepends - ok
21:07:21.0683 5000	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
21:07:21.0683 5000	fssfltr - ok
21:07:21.0745 5000	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:07:21.0761 5000	Fs_Rec - ok
21:07:21.0808 5000	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:07:21.0823 5000	fvevol - ok
21:07:21.0839 5000	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:07:21.0839 5000	gagp30kx - ok
21:07:21.0901 5000	gdrv            (d556cb79967e92b5cc69686d16c1d846) C:\Windows\gdrv.sys
21:07:21.0917 5000	gdrv - ok
21:07:21.0917 5000	GMSIPCI - ok
21:07:22.0010 5000	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
21:07:22.0026 5000	hamachi - ok
21:07:22.0026 5000	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:07:22.0057 5000	hcw85cir - ok
21:07:22.0151 5000	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:07:22.0182 5000	HdAudAddService - ok
21:07:22.0213 5000	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:07:22.0229 5000	HDAudBus - ok
21:07:22.0244 5000	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:07:22.0260 5000	HidBatt - ok
21:07:22.0276 5000	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:07:22.0291 5000	HidBth - ok
21:07:22.0307 5000	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:07:22.0322 5000	HidIr - ok
21:07:22.0400 5000	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:07:22.0416 5000	HidUsb - ok
21:07:22.0463 5000	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:07:22.0463 5000	HpSAMD - ok
21:07:22.0525 5000	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:07:22.0556 5000	HTTP - ok
21:07:22.0603 5000	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:07:22.0603 5000	hwpolicy - ok
21:07:22.0666 5000	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:07:22.0697 5000	i8042prt - ok
21:07:22.0728 5000	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:07:22.0744 5000	iaStorV - ok
21:07:22.0790 5000	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:07:22.0790 5000	iirsp - ok
21:07:22.0884 5000	IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
21:07:22.0931 5000	IntcAzAudAddService - ok
21:07:22.0946 5000	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:07:22.0946 5000	intelide - ok
21:07:22.0993 5000	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:07:23.0009 5000	intelppm - ok
21:07:23.0024 5000	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:07:23.0071 5000	IpFilterDriver - ok
21:07:23.0102 5000	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:07:23.0134 5000	IPMIDRV - ok
21:07:23.0165 5000	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:07:23.0212 5000	IPNAT - ok
21:07:23.0227 5000	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:07:23.0258 5000	IRENUM - ok
21:07:23.0305 5000	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:07:23.0321 5000	isapnp - ok
21:07:23.0336 5000	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:07:23.0352 5000	iScsiPrt - ok
21:07:23.0414 5000	JRAID           (3d6b76b5875a3bc12fb6051c2d5ade59) C:\Windows\system32\DRIVERS\jraid.sys
21:07:23.0430 5000	JRAID - ok
21:07:23.0446 5000	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:07:23.0461 5000	kbdclass - ok
21:07:23.0477 5000	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
21:07:23.0492 5000	kbdhid - ok
21:07:23.0524 5000	KoneFltr        (5efbdef257e891773b22f2544b856c54) C:\Windows\system32\drivers\Kone.sys
21:07:23.0570 5000	KoneFltr - ok
21:07:23.0617 5000	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:07:23.0633 5000	KSecDD - ok
21:07:23.0680 5000	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:07:23.0695 5000	KSecPkg - ok
21:07:23.0726 5000	LGBusEnum       (170e7093a77ad586f3a012a3db651d94) C:\Windows\system32\drivers\LGBusEnum.sys
21:07:23.0726 5000	LGBusEnum - ok
21:07:23.0758 5000	LGVirHid        (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\Windows\system32\drivers\LGVirHid.sys
21:07:23.0773 5000	LGVirHid - ok
21:07:23.0851 5000	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
21:07:23.0867 5000	lirsgt - ok
21:07:23.0898 5000	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:07:23.0945 5000	lltdio - ok
21:07:23.0976 5000	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:07:23.0976 5000	LSI_FC - ok
21:07:24.0007 5000	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:07:24.0023 5000	LSI_SAS - ok
21:07:24.0038 5000	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:07:24.0038 5000	LSI_SAS2 - ok
21:07:24.0054 5000	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:07:24.0054 5000	LSI_SCSI - ok
21:07:24.0070 5000	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:07:24.0116 5000	luafv - ok
21:07:24.0132 5000	MBAMSwissArmy - ok
21:07:24.0148 5000	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:07:24.0148 5000	megasas - ok
21:07:24.0179 5000	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:07:24.0194 5000	MegaSR - ok
21:07:24.0194 5000	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:07:24.0241 5000	Modem - ok
21:07:24.0241 5000	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:07:24.0257 5000	monitor - ok
21:07:24.0288 5000	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:07:24.0288 5000	mouclass - ok
21:07:24.0335 5000	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:07:24.0350 5000	mouhid - ok
21:07:24.0397 5000	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:07:24.0413 5000	mountmgr - ok
21:07:24.0460 5000	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:07:24.0475 5000	mpio - ok
21:07:24.0491 5000	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:07:24.0522 5000	mpsdrv - ok
21:07:24.0569 5000	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:07:24.0647 5000	MRxDAV - ok
21:07:24.0694 5000	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:07:24.0756 5000	mrxsmb - ok
21:07:24.0803 5000	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:07:24.0834 5000	mrxsmb10 - ok
21:07:24.0850 5000	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:07:24.0881 5000	mrxsmb20 - ok
21:07:24.0896 5000	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:07:24.0912 5000	msahci - ok
21:07:24.0928 5000	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:07:24.0943 5000	msdsm - ok
21:07:24.0974 5000	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:07:25.0006 5000	Msfs - ok
21:07:25.0037 5000	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:07:25.0099 5000	mshidkmdf - ok
21:07:25.0146 5000	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:07:25.0146 5000	msisadrv - ok
21:07:25.0177 5000	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:07:25.0224 5000	MSKSSRV - ok
21:07:25.0255 5000	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:07:25.0271 5000	MSPCLOCK - ok
21:07:25.0286 5000	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:07:25.0333 5000	MSPQM - ok
21:07:25.0364 5000	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:07:25.0364 5000	MsRPC - ok
21:07:25.0380 5000	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:07:25.0380 5000	mssmbios - ok
21:07:25.0380 5000	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:07:25.0411 5000	MSTEE - ok
21:07:25.0442 5000	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:07:25.0458 5000	MTConfig - ok
21:07:25.0474 5000	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:07:25.0474 5000	Mup - ok
21:07:25.0520 5000	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:07:25.0552 5000	NativeWifiP - ok
21:07:25.0614 5000	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:07:25.0630 5000	NDIS - ok
21:07:25.0692 5000	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:07:25.0739 5000	NdisCap - ok
21:07:25.0770 5000	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:07:25.0801 5000	NdisTapi - ok
21:07:25.0848 5000	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:07:25.0895 5000	Ndisuio - ok
21:07:25.0942 5000	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:07:25.0973 5000	NdisWan - ok
21:07:26.0020 5000	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:07:26.0066 5000	NDProxy - ok
21:07:26.0082 5000	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:07:26.0144 5000	NetBIOS - ok
21:07:26.0191 5000	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:07:26.0222 5000	NetBT - ok
21:07:26.0269 5000	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:07:26.0269 5000	nfrd960 - ok
21:07:26.0285 5000	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:07:26.0300 5000	Npfs - ok
21:07:26.0316 5000	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:07:26.0347 5000	nsiproxy - ok
21:07:26.0347 5000	NTACCESS - ok
21:07:26.0394 5000	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:07:26.0410 5000	Ntfs - ok
21:07:26.0425 5000	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:07:26.0441 5000	Null - ok
21:07:26.0472 5000	nusb3hub        (156bd6cf8a9ec8292c84e04d09bf0472) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:07:26.0488 5000	nusb3hub - ok
21:07:26.0519 5000	nusb3xhc        (3b8166bb6d665e9242f05eb2bf68527a) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:07:26.0550 5000	nusb3xhc - ok
21:07:26.0612 5000	NVHDA           (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
21:07:26.0628 5000	NVHDA - ok
21:07:26.0800 5000	nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:07:26.0956 5000	nvlddmkm - ok
21:07:27.0002 5000	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:07:27.0018 5000	nvraid - ok
21:07:27.0080 5000	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:07:27.0080 5000	nvstor - ok
21:07:27.0174 5000	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:07:27.0190 5000	nv_agp - ok
21:07:27.0221 5000	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:07:27.0268 5000	ohci1394 - ok
21:07:27.0299 5000	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:07:27.0314 5000	Parport - ok
21:07:27.0361 5000	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:07:27.0377 5000	partmgr - ok
21:07:27.0408 5000	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:07:27.0439 5000	Parvdm - ok
21:07:27.0486 5000	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:07:27.0502 5000	pci - ok
21:07:27.0517 5000	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:07:27.0517 5000	pciide - ok
21:07:27.0548 5000	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:07:27.0564 5000	pcmcia - ok
21:07:27.0580 5000	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:07:27.0595 5000	pcw - ok
21:07:27.0611 5000	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:07:27.0673 5000	PEAUTH - ok
21:07:27.0736 5000	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:07:27.0767 5000	PptpMiniport - ok
21:07:27.0782 5000	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:07:27.0798 5000	Processor - ok
21:07:27.0814 5000	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:07:27.0860 5000	Psched - ok
21:07:27.0892 5000	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:07:27.0938 5000	ql2300 - ok
21:07:27.0954 5000	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:07:27.0954 5000	ql40xx - ok
21:07:27.0985 5000	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:07:27.0985 5000	QWAVEdrv - ok
21:07:28.0016 5000	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:07:28.0063 5000	RasAcd - ok
21:07:28.0079 5000	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:07:28.0172 5000	RasAgileVpn - ok
21:07:28.0188 5000	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:07:28.0219 5000	Rasl2tp - ok
21:07:28.0266 5000	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:07:28.0313 5000	RasPppoe - ok
21:07:28.0328 5000	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:07:28.0344 5000	RasSstp - ok
21:07:28.0391 5000	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:07:28.0438 5000	rdbss - ok
21:07:28.0453 5000	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:07:28.0469 5000	rdpbus - ok
21:07:28.0500 5000	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:07:28.0547 5000	RDPCDD - ok
21:07:28.0578 5000	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:07:28.0609 5000	RDPENCDD - ok
21:07:28.0625 5000	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:07:28.0640 5000	RDPREFMP - ok
21:07:28.0687 5000	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:07:28.0718 5000	RDPWD - ok
21:07:28.0781 5000	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:07:28.0796 5000	rdyboost - ok
21:07:28.0812 5000	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:07:28.0843 5000	rspndr - ok
21:07:28.0874 5000	RTL8167         (93df2cca2e1e22d797dc76c3550b1f95) C:\Windows\system32\DRIVERS\Rt86win7.sys
21:07:28.0890 5000	RTL8167 - ok
21:07:28.0937 5000	RtNdPt60        (f2fec929e9fa9902f0bb52a4522068d4) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:07:28.0968 5000	RtNdPt60 - ok
21:07:28.0999 5000	RTTEAMPT        (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:07:29.0015 5000	RTTEAMPT ( UnsignedFile.Multi.Generic ) - warning
21:07:29.0015 5000	RTTEAMPT - detected UnsignedFile.Multi.Generic (1)
21:07:29.0030 5000	RTVLANPT        (e6472a4007fb17d27d4091abd657a291) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:07:29.0046 5000	RTVLANPT - ok
21:07:29.0093 5000	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:07:29.0108 5000	sbp2port - ok
21:07:29.0140 5000	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:07:29.0171 5000	scfilter - ok
21:07:29.0186 5000	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:07:29.0233 5000	secdrv - ok
21:07:29.0264 5000	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:07:29.0264 5000	Serenum - ok
21:07:29.0280 5000	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:07:29.0296 5000	Serial - ok
21:07:29.0342 5000	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:07:29.0374 5000	sermouse - ok
21:07:29.0389 5000	SetupNTGLM7X - ok
21:07:29.0436 5000	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:07:29.0483 5000	sffdisk - ok
21:07:29.0498 5000	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:07:29.0530 5000	sffp_mmc - ok
21:07:29.0545 5000	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:07:29.0561 5000	sffp_sd - ok
21:07:29.0561 5000	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:07:29.0592 5000	sfloppy - ok
21:07:29.0608 5000	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:07:29.0623 5000	sisagp - ok
21:07:29.0654 5000	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:07:29.0670 5000	SiSRaid2 - ok
21:07:29.0686 5000	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:07:29.0686 5000	SiSRaid4 - ok
21:07:29.0717 5000	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:07:29.0732 5000	Smb - ok
21:07:29.0764 5000	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:07:29.0764 5000	spldr - ok
21:07:29.0810 5000	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:07:29.0857 5000	srv - ok
21:07:29.0904 5000	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:07:29.0920 5000	srv2 - ok
21:07:29.0951 5000	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:07:29.0966 5000	srvnet - ok
21:07:29.0998 5000	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:07:30.0013 5000	ssmdrv - ok
21:07:30.0044 5000	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:07:30.0060 5000	stexstor - ok
21:07:30.0091 5000	StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
21:07:30.0122 5000	StillCam - ok
21:07:30.0154 5000	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:07:30.0154 5000	swenum - ok
21:07:30.0263 5000	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:07:30.0294 5000	Tcpip - ok
21:07:30.0310 5000	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:07:30.0325 5000	TCPIP6 - ok
21:07:30.0372 5000	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:07:30.0419 5000	tcpipreg - ok
21:07:30.0434 5000	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:07:30.0466 5000	TDPIPE - ok
21:07:30.0528 5000	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:07:30.0559 5000	TDTCP - ok
21:07:30.0606 5000	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:07:30.0653 5000	tdx - ok
21:07:30.0700 5000	TEAM            (c8a7202fd20479ecf5788605806cfc9b) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:07:30.0700 5000	TEAM ( UnsignedFile.Multi.Generic ) - warning
21:07:30.0700 5000	TEAM - detected UnsignedFile.Multi.Generic (1)
21:07:30.0715 5000	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:07:30.0731 5000	TermDD - ok
21:07:30.0762 5000	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:07:30.0793 5000	tssecsrv - ok
21:07:30.0856 5000	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:07:30.0871 5000	TsUsbFlt - ok
21:07:30.0934 5000	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:07:30.0965 5000	tunnel - ok
21:07:30.0996 5000	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:07:30.0996 5000	uagp35 - ok
21:07:31.0043 5000	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:07:31.0074 5000	udfs - ok
21:07:31.0105 5000	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:07:31.0121 5000	uliagpkx - ok
21:07:31.0152 5000	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:07:31.0183 5000	umbus - ok
21:07:31.0199 5000	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:07:31.0214 5000	UmPass - ok
21:07:31.0261 5000	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:07:31.0308 5000	usbccgp - ok
21:07:31.0339 5000	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:07:31.0355 5000	usbcir - ok
21:07:31.0386 5000	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:07:31.0402 5000	usbehci - ok
21:07:31.0448 5000	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:07:31.0464 5000	usbhub - ok
21:07:31.0495 5000	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:07:31.0511 5000	usbohci - ok
21:07:31.0526 5000	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:07:31.0558 5000	usbprint - ok
21:07:31.0604 5000	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
21:07:31.0636 5000	USBSTOR - ok
21:07:31.0651 5000	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:07:31.0682 5000	usbuhci - ok
21:07:31.0714 5000	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:07:31.0729 5000	vdrvroot - ok
21:07:31.0760 5000	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:07:31.0792 5000	vga - ok
21:07:31.0807 5000	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:07:31.0823 5000	VgaSave - ok
21:07:31.0854 5000	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:07:31.0854 5000	vhdmp - ok
21:07:31.0870 5000	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:07:31.0885 5000	viaagp - ok
21:07:31.0885 5000	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:07:31.0916 5000	ViaC7 - ok
21:07:31.0963 5000	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:07:31.0979 5000	viaide - ok
21:07:32.0010 5000	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:07:32.0026 5000	volmgr - ok
21:07:32.0041 5000	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:07:32.0057 5000	volmgrx - ok
21:07:32.0072 5000	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:07:32.0088 5000	volsnap - ok
21:07:32.0135 5000	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:07:32.0150 5000	vsmraid - ok
21:07:32.0166 5000	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:07:32.0197 5000	vwifibus - ok
21:07:32.0260 5000	wacmoumonitor   (c3b03ed7b06657a3355f620bc02acfb6) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
21:07:32.0275 5000	wacmoumonitor - ok
21:07:32.0338 5000	wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
21:07:32.0338 5000	wacommousefilter - ok
21:07:32.0369 5000	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:07:32.0384 5000	WacomPen - ok
21:07:32.0416 5000	wacomvhid       (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
21:07:32.0431 5000	wacomvhid - ok
21:07:32.0494 5000	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:32.0509 5000	WANARP - ok
21:07:32.0525 5000	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:07:32.0540 5000	Wanarpv6 - ok
21:07:32.0556 5000	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:07:32.0556 5000	Wd - ok
21:07:32.0572 5000	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:07:32.0587 5000	Wdf01000 - ok
21:07:32.0618 5000	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:07:32.0650 5000	WfpLwf - ok
21:07:32.0650 5000	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:07:32.0665 5000	WIMMount - ok
21:07:32.0743 5000	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:07:32.0759 5000	WmiAcpi - ok
21:07:32.0806 5000	wod0205         (1ac313913f66d8dcfb78d2b6e1672952) C:\Windows\system32\DRIVERS\wod0205.sys
21:07:32.0821 5000	wod0205 - ok
21:07:32.0821 5000	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:07:32.0868 5000	ws2ifsl - ok
21:07:32.0915 5000	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:07:32.0946 5000	WSDPrintDevice - ok
21:07:32.0962 5000	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:07:32.0993 5000	WudfPf - ok
21:07:33.0024 5000	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:07:33.0040 5000	WUDFRd - ok
21:07:33.0040 5000	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:07:33.0102 5000	\Device\Harddisk0\DR0 - ok
21:07:33.0118 5000	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:07:33.0227 5000	\Device\Harddisk1\DR1 - ok
21:07:33.0227 5000	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
21:07:33.0305 5000	\Device\Harddisk2\DR2 - ok
21:07:33.0305 5000	Boot (0x1200)   (cb5e1e86874e3b8b7f96bc8c7cc36f8f) \Device\Harddisk0\DR0\Partition0
21:07:33.0305 5000	\Device\Harddisk0\DR0\Partition0 - ok
21:07:33.0336 5000	Boot (0x1200)   (1559d61fe2bdee3b1c687bb9776c9bcc) \Device\Harddisk0\DR0\Partition1
21:07:33.0336 5000	\Device\Harddisk0\DR0\Partition1 - ok
21:07:33.0336 5000	Boot (0x1200)   (11aa1b3c87c153b168d21dd3da189b73) \Device\Harddisk1\DR1\Partition0
21:07:33.0336 5000	\Device\Harddisk1\DR1\Partition0 - ok
21:07:33.0336 5000	============================================================
21:07:33.0336 5000	Scan finished
21:07:33.0336 5000	============================================================
21:07:33.0352 6124	Detected object count: 2
21:07:33.0352 6124	Actual detected object count: 2
21:07:47.0392 6124	RTTEAMPT ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:47.0392 6124	RTTEAMPT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:07:47.0392 6124	TEAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:07:47.0392 6124	TEAM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 21.12.2011, 21:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

EerieEric · 21.12.2011, 21:43

So, hier das Combofix-Log:

Code:

ATTFilter

ComboFix 11-12-21.02 - Eric 21.12.2011  21:21:27.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3582.2470 [GMT 1:00]
ausgeführt von:: c:\users\Eric\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\001
c:\users\Eric\AppData\Local\.#
c:\users\Eric\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\users\Eric\AppData\Roaming\Love
c:\users\Eric\AppData\Roaming\Love\com.thelonelycoder.ninjavssamurai\config.lua
c:\users\Eric\AppData\Roaming\Love\com.thelonelycoder.ninjavssamurai\score.lua
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\avrt.dll
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\mfplat.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))
.
.
2011-12-21 19:18 . 2011-12-21 19:18	--------	d-----w-	C:\_OTL
2011-12-19 17:28 . 2011-12-19 17:28	--------	d-----w-	c:\program files\ESET
2011-12-19 13:33 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-18 23:24 . 2011-12-18 23:24	--------	d-----w-	c:\program files\uTorrent
2011-12-18 23:22 . 2011-12-18 23:27	--------	d-----w-	c:\users\Eric\AppData\Roaming\uTorrent
2011-12-17 21:56 . 2011-12-17 21:58	--------	d-----w-	c:\users\Eric\AppData\Roaming\OpenMPT
2011-12-17 21:56 . 2011-12-17 21:56	--------	d-----w-	c:\program files\OpenMPT
2011-12-17 21:42 . 2011-12-17 21:42	--------	d-----w-	c:\program files\vmpk
2011-12-16 12:57 . 2011-11-24 04:25	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-12-16 12:57 . 2011-11-05 04:26	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-16 12:57 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-16 12:57 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-16 12:57 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-16 12:57 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-07 02:42 . 2011-12-07 02:42	--------	d-----w-	c:\users\Eric\AppData\Roaming\Avira
2011-12-07 02:37 . 2011-12-10 02:37	134856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-07 02:37 . 2011-12-07 02:37	--------	d-----w-	c:\programdata\Avira
2011-12-07 02:37 . 2011-12-07 02:37	--------	d-----w-	c:\program files\Avira
2011-12-07 02:37 . 2011-10-19 15:56	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-07 02:37 . 2011-10-19 15:56	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-06 04:02 . 2011-12-19 13:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-06 03:26 . 2011-12-06 03:26	--------	d-----w-	c:\program files\MyFree Codec
2011-12-06 03:21 . 2011-12-06 03:24	--------	d-----w-	c:\users\Eric\AppData\Local\Samsung
2011-12-06 03:20 . 2011-12-06 03:20	--------	d-----w-	c:\users\Eric\AppData\Roaming\Samsung
2011-12-06 03:18 . 2011-10-31 10:22	4659712	----a-w-	c:\windows\system32\Redemption.dll
2011-12-06 03:18 . 2011-12-06 03:18	--------	d-----w-	c:\program files\MarkAny
2011-12-06 03:18 . 2011-10-31 10:22	821824	----a-w-	c:\windows\system32\dgderapi.dll
2011-12-06 03:18 . 2011-12-06 03:19	--------	d-----w-	c:\program files\Samsung
2011-12-06 03:18 . 2011-12-06 03:18	--------	d-----w-	c:\programdata\Samsung
2011-11-28 20:54 . 2011-11-28 20:54	--------	d-----w-	c:\users\Eric\AppData\Roaming\Endless Fluff Games
2011-11-24 02:40 . 2011-11-24 02:40	--------	d-----w-	c:\users\Eric\AppData\Local\Amazon
2011-11-24 02:40 . 2011-11-24 02:40	--------	d-----w-	c:\program files\Amazon
2011-11-22 18:36 . 2011-11-22 18:37	--------	d-----w-	c:\users\Eric\AppData\Roaming\.minecraft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 20:30 . 2010-12-30 19:10	17488	----a-w-	c:\windows\gdrv.sys
2011-11-30 01:21 . 2011-12-21 06:28	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFFEC739-FB78-47BD-826E-9A1EDC312ABC}\mpengine.dll
2011-11-28 02:51 . 2011-01-01 22:05	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2011-11-28 02:51 . 2011-01-01 22:05	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2011-11-20 00:12 . 2010-12-25 23:51	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-15 13:29 . 2010-12-25 16:45	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-13 01:08 . 2011-05-14 01:47	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-31 10:22 . 2011-10-31 10:22	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-10-31 10:22 . 2011-10-31 10:22	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-10-31 10:22 . 2011-10-31 10:22	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-10-31 10:22 . 2011-10-31 10:22	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2011-10-31 10:22 . 2011-10-31 10:22	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2011-10-31 10:22 . 2011-10-31 10:22	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2011-10-31 10:22 . 2011-10-31 10:22	200704	----a-w-	c:\windows\system32\muzwmts.dll
2011-10-31 10:22 . 2011-10-31 10:22	143360	----a-w-	c:\windows\system32\3DAudio.ax
2011-10-31 10:22 . 2011-10-31 10:22	135168	----a-w-	c:\windows\system32\muzaf1.dll
2011-10-31 10:22 . 2011-10-31 10:22	122880	----a-w-	c:\windows\system32\muzeffect.ax
2011-10-31 10:22 . 2011-10-31 10:22	118784	----a-w-	c:\windows\system32\MaDRM.dll
2011-10-31 10:22 . 2011-10-31 10:22	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2011-10-31 10:22 . 2011-10-31 10:22	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2011-10-31 10:22 . 2011-10-31 10:22	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2011-10-31 10:22 . 2011-10-31 10:22	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2011-10-31 10:22 . 2011-10-31 10:22	569344	----a-w-	c:\windows\system32\muzdecode.ax
2011-10-31 10:22 . 2011-10-31 10:22	491520	----a-w-	c:\windows\system32\muzapp.dll
2011-10-31 10:22 . 2011-10-31 10:22	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2011-10-31 10:22 . 2011-10-31 10:22	40960	----a-w-	c:\windows\system32\MAMACExtract.dll
2011-10-31 10:22 . 2011-10-31 10:22	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2011-10-31 10:22 . 2011-10-31 10:22	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2011-10-31 10:22 . 2011-10-31 10:22	245760	----a-w-	c:\windows\system32\MSCLib.dll
2011-10-31 10:22 . 2011-10-31 10:22	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-10-31 10:22 . 2011-10-31 10:22	155648	----a-w-	c:\windows\system32\MSFLib.dll
2011-10-31 10:22 . 2011-10-31 10:22	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2011-09-29 16:03 . 2011-11-09 13:57	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:05 . 2011-05-10 00:44	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-02 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Kone"="c:\program files\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-09-07 1981016]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-12-02 3508624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2011-10-02 131912]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-02-12 17488]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 19496]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2010-01-19 72304]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [2008-12-11 13056]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 62208]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 141568]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-25 139368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-11-11 324200]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]
S3 wod0205;WeOnlyDo Network Adapter 2.5;c:\windows\system32\DRIVERS\wod0205.sys [2011-04-23 28936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-07-10 06:26]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 00:22]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-11 00:22]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-UnityWebPlayer - c:\users\Eric\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.?W]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*.?W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Q*u*i*n*n*F*o*ØMù4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*•€?W]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*•€?W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:64,40,02,d3,e5,ed,ca,55,37,f5,a1,be,6c,29,79,99,6a,05,b2,3d,f1,66,c1,
   fc,ba,47,04,c4,b1,04,db,e9,05,8d,14,44,48,bd,3f,d9,72,c7,5b,a1,bb,17,eb,39,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-4087164549-3349538413-2313599696-1000\Software\SecuROM\License information*]
"datasecu"=hex:d2,29,42,ae,e2,90,5f,5a,bf,8c,aa,f3,df,e8,e7,43,d7,f2,7a,a0,cb,
   6e,d5,a4,ec,7a,69,61,5b,95,4a,12,33,c3,23,ef,7b,1b,b4,4a,55,6d,67,01,e5,e5,\
"rkeysecu"=hex:01,26,ac,26,c8,20,13,3b,eb,ce,fe,d3,54,45,c4,3e
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Tablet\Wacom\Wacom_TabletUser.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Mozilla Thunderbird\thunderbird.exe
c:\program files\ROCCAT\Kone Mouse\osd.exe
c:\windows\system32\taskhost.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
c:\program files\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-21  21:37:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-21 20:37
.
Vor Suchlauf: 21 Verzeichnis(se), 187.162.886.144 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 187.039.969.280 Bytes frei
.
- - End Of File - - 30A3E36775CEC1278C409810B347B959

21.12.2011, 16:10	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC plötzlich langsamer als gewohnt, möglicher Befall? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

PC plötzlich langsamer als gewohnt, möglicher Befall?

Plagegeister aller Art und deren Bekämpfung: PC plötzlich langsamer als gewohnt, möglicher Befall?