Windows Security Center: Computer gesperrt! Virus, Trojaner ?

creatix · 06.02.2012, 17:31

Hallo,
als ich mich heute mittels Gastaccount einloggte, wurde plötzlich der Bildschirm weiß und ich bekam eine offensichtlich gefakte Meldung vom Windows Security Center. Ich solle 100 € bezahlen, ansonsten würden meine Daten gelöscht werden. Dies konnte ich weder schließen noch umgehen, deshalb habe ich auf der suche nach einer Lösung dieses Forum gefunden und ich hoffe ihr könnt mir helfen. Ich habe den OTL scan mittels eines anderen Account durchgeführt (ich hoffe das funktioniert auch), der seltsamer weise nicht betroffen ist. Ich hoffe ihr könnt mir helfen.

OTL Extras logfile created on: 06.02.2012 17:16:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 74,85% Memory free
15,99 Gb Paging File | 14,04 Gb Available in Paging File | 87,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 655,38 Gb Free Space | 71,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive E: | 5,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 100,00 Mb Total Space | 71,82 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Fraps" = Fraps (remove only)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"OnLive" = OnLive
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Steam App 113400" = APB Reloaded
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 99700" = NightSky
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.02.2012 09:29:53 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9016

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9016

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10015

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

[ System Events ]
Error - 29.11.2011 09:56:35 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 29.11.2011 17:56:57 | Computer Name = creatix-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"G:" können nicht gelesen werden.

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

< End of report >

cosinus · 06.02.2012, 20:28

Mit dem anderen Konto ist das suboptimal, weil der u.U. nicht alle Pfade mitscannt, die vom betroffenen User sind.
Funktioniert der betroffene User noch im abgesicherten Modus mit Netzwerktreibern?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

creatix · 06.02.2012, 20:54

Wenn ich versuche das Gast Konto im Abgesicherten Modus zu starten bekomme ich folgende Meldung:

Es konnte keine Verbindung mit dem Dienst "Sens" hergestellt werden.

cosinus · 06.02.2012, 20:58

Log dich mit dem Admin-User ein. Wenn der im normalen Modus funktioniert, dann kannst es auch da machen.

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

creatix · 07.02.2012, 06:43

Das scannen durch Malwarebytes hat 2 Trojaner gefunden die jetzt beide entfernt sind, was scheinbar das Problem gelöst hat. Ich werde Eset nochmal zur sicherheit durchlaufen lassen aber ich denke das Problem ist beseitigt.

Vielen Dank für die schnelle und kompetente Hilfe!

creatix · 07.02.2012, 18:01

Hier nochmal die Ergebnisse von ESET

Code:

ATTFilter

 ETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a1e15d9e9b0ea4c9cbc24e336d1cce6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 04:45:48
# local_time=2012-02-07 05:45:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775165 100 94 178074 65125577 50671 0
# compatibility_mode=5893 16776574 100 94 40130 80999385 0 0
# compatibility_mode=8192 67108863 100 0 34701 34701 0 0
# scanned=461841
# found=7
# cleaned=0
# scan_time=39434
C:\Users\creatix\AppData\Local\Temp\ICReinstall\cnet_OrbitDownloaderSetup_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\creatix\AppData\Local\Temp\is1598539481\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\creatix\Downloads\cnet_OrbitDownloaderSetup_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Gast.creatix-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2c4810be-71d25570	a variant of Java/Exploit.CVE-2011-3544.AK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Documents and Settings\cr3at1x\Downloads\VeohWebPlayerSetup_eng.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Users\cr3at1x\Downloads\VeohWebPlayerSetup_eng.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I

cosinus · 07.02.2012, 20:23

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

creatix · 09.02.2012, 06:56

Ich habe jetzt 2 mal den Scan durchgeführt und bekomme beim Schritt 'Manual File Scan - Getting folder structure' immer folgende Meldung:

Out of memory.

cosinus · 09.02.2012, 15:42

Dann probier es so, auch dab den Haken bei Scanne alle Benutzer setzen!

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

creatix · 09.02.2012, 22:09

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.02.2012 21:33:34 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,43% Memory free
15,99 Gb Paging File | 13,84 Gb Available in Paging File | 86,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 653,63 Gb Free Space | 71,79% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,81% Space Free | Partition Type: NTFS
 
Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"OnLive" = OnLive
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Steam App 113400" = APB Reloaded
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 99700" = NightSky
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2012 18:24:08 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12028
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error - 07.02.2012 01:44:28 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 07.02.2012 01:44:29 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 07.02.2012 01:44:31 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 08.02.2012 17:27:25 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 08.02.2012 17:28:42 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 09.02.2012 13:37:55 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
[ System Events ]
Error - 29.11.2011 09:56:35 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.11.2011 17:56:57 | Computer Name = creatix-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "G:" können nicht gelesen werden.
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.02.2012 21:33:34 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,43% Memory free
15,99 Gb Paging File | 13,84 Gb Available in Paging File | 86,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 653,63 Gb Free Space | 71,79% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,81% Space Free | Partition Type: NTFS
 
Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\creatix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 5E 83 D7 38 84 CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D7 23 A0 26 6E CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.04 13:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.08 14:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\creatix\AppData\Roaming\mozilla\Extensions
[2011.10.06 16:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\creatix\AppData\Roaming\mozilla\Firefox\Profiles\lr8zugrf.default\extensions
[2011.11.11 22:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.04 13:18:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 15:56:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:56:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:56:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:56:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 15:56:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:56:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S31DA.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\creatix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gast.creatix-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D208CFA5-2EB0-4D57-9733-83F3ADFA250D}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E0A44877-3CE7-4502-BCDB-36B5D69B54C2}
[2012.02.09 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{24A3F7F8-26A0-4B4C-B477-1AB959C2B6EA}
[2012.02.07 06:40:27 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{7145AF6F-FE08-4A92-93AB-A50007658286}
[2012.02.07 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{B445F6EB-B404-4E98-8390-81B2737DB6AA}
[2012.02.06 22:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.06 22:09:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 21:05:24 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\Malwarebytes
[2012.02.06 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 21:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 21:05:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.06 21:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.06 17:14:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\creatix\Desktop\OTL.exe
[2012.02.06 17:02:55 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{94218428-21FA-4D81-A335-117EABF1B8D3}
[2012.02.06 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{2E4A4A28-FACE-4BCB-B6DB-D908F1B4FA86}
[2012.02.06 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{D15C47E5-596D-4A86-AE32-991A1BA9FA75}
[2012.02.05 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{6384F5CA-D395-4814-83BA-C1387916B221}
[2012.02.03 13:14:25 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{43B528F8-C1AA-489F-9214-B2B75494475B}
[2012.02.01 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{53614C15-BEE5-4BBA-A47A-FFE59D2ADA85}
[2012.01.31 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{D69C39CC-9629-4C1A-866A-3BF220F06CC7}
[2012.01.30 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{677320F3-8C63-443F-A9E6-51F29D233746}
[2012.01.28 08:58:41 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.01.28 08:58:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.01.28 08:55:25 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{100B3DED-5F91-4FFA-BF3F-870F9729BC6B}
[2012.01.25 18:42:06 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.25 18:42:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.25 18:42:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.25 18:42:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.25 18:42:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.25 18:42:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.24 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{7954B0DF-B1BE-486A-8FCE-B627B0DAAC37}
[2012.01.22 09:01:01 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{2859FF77-2C7F-4941-B251-47C7BEB6AD63}
[2012.01.21 09:18:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E9FC332F-2E8E-4536-AC9C-71921624AA45}
[2012.01.20 12:49:46 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{F7581ED9-DE0E-4F60-8265-C57F150ECF61}
[2012.01.20 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E069E557-0C0E-4205-BBC7-312E7F6F4BA6}
[2012.01.19 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{4AD5F416-8DBC-4A69-9D6B-42BB01AEA4FB}
[2012.01.19 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{229152C4-869D-4BDC-AD92-896AD1441029}
[2012.01.18 21:41:50 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{4AA8ECF3-257E-404B-B474-F8C32AB08351}
[2012.01.18 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{52B7B41F-02C9-4914-A2AF-384359D86A47}
[2012.01.18 21:24:23 | 000,000,000 | ---D | C] -- C:\Users\creatix\Desktop\Videos
[2012.01.18 21:01:42 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32qt.exe
[2012.01.18 21:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.18 21:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.01.18 21:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.18 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Orb
[2012.01.18 21:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Myst Masterpiece Edition
[2012.01.18 21:01:14 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012.01.18 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\SplitMediaLabs
[2012.01.17 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{FE07F29C-5CEE-4FF6-BFB8-FA96ED2AA74E}
[2012.01.16 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{33C952C1-9C82-4FA1-8926-C66CD687B30D}
[2012.01.15 09:24:30 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{1838372E-AE0E-476B-B9DB-575D1D8AB2AC}
[2012.01.13 13:12:31 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{C130B20E-4A35-47F7-B1F2-B95A76173613}
[2012.01.13 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{57A29237-650A-49BD-AC82-9B4FCB5F8787}
[2012.01.12 15:04:35 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{12471B52-F1CE-42FD-B04C-A1013E190DFD}
[2012.01.11 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{B780772C-EC75-4053-B197-62B7D176BA22}
[2012.01.11 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{63C312D0-3DF9-4A15-89CF-1E90548A3428}
[2012.01.11 13:48:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 13:48:57 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 13:48:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 13:48:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 13:48:52 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 13:48:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 13:48:50 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 13:48:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 13:48:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.10 21:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.01.10 21:44:02 | 000,739,472 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20O.ocx
[2012.01.10 21:44:02 | 000,208,896 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbPrinter.dll
[2012.01.10 21:44:02 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012.01.10 21:44:02 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.01.10 21:44:02 | 000,122,880 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbNet.dll
[2012.01.10 21:44:02 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012.01.10 21:44:02 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\cbuenger
[2012.01.10 21:44:01 | 000,065,536 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBXML.dll
[2012.01.10 21:44:01 | 000,057,344 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbSysHTrck.dll
[2012.01.10 21:44:01 | 000,053,248 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbvCalendar.dll
[2012.01.10 21:44:01 | 000,040,960 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBDTPicker.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 21:09:10 | 001,898,823 | ---- | M] () -- C:\Users\creatix\Desktop\2012-02-09_21.09.09.png
[2012.02.09 13:55:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 13:55:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 13:51:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.09 13:51:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.09 13:51:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.09 13:51:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.09 13:51:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.09 13:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 13:47:27 | 2146,148,351 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.06 22:09:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 21:05:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 17:14:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\creatix\Desktop\OTL.exe
[2012.01.18 21:02:09 | 000,001,237 | ---- | M] () -- C:\Users\creatix\Desktop\Myst Masterpiece Edition.lnk
[2012.01.18 21:01:41 | 000,000,278 | ---- | M] () -- C:\Windows\SysWow64\QuickTime.qtp
[2012.01.18 21:01:38 | 000,001,049 | ---- | M] () -- C:\Users\creatix\Desktop\QuickTime Player.lnk
[2012.01.13 18:48:51 | 000,004,143 | ---- | M] () -- C:\Users\creatix\.recently-used.xbel
[2012.01.11 07:51:12 | 000,294,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 21:11:37 | 001,898,823 | ---- | C] () -- C:\Users\creatix\Desktop\2012-02-09_21.09.09.png
[2012.02.06 21:05:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.18 21:02:09 | 000,001,237 | ---- | C] () -- C:\Users\creatix\Desktop\Myst Masterpiece Edition.lnk
[2012.01.18 21:01:39 | 000,000,278 | ---- | C] () -- C:\Windows\SysWow64\QuickTime.qtp
[2012.01.18 21:01:38 | 000,001,049 | ---- | C] () -- C:\Users\creatix\Desktop\QuickTime Player.lnk
[2012.01.13 18:48:51 | 000,004,143 | ---- | C] () -- C:\Users\creatix\.recently-used.xbel
[2012.01.10 21:44:01 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2011.12.17 17:38:51 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.17 17:38:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.09 18:25:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

--- --- ---

cosinus · 10.02.2012, 12:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 5E 83 D7 38 84 CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D7 23 A0 26 6E CC 01  [binary data]
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\Users\creatix\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

creatix · 10.02.2012, 19:41

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Users\creatix\AppData\Local\{00943E21-B826-4A52-86E5-79A9E81BFC3A} folder moved successfully.
C:\Users\creatix\AppData\Local\{00A804F6-B591-4EC1-8F09-E4BB90A6E972} folder moved successfully.
C:\Users\creatix\AppData\Local\{05110ABF-D326-434E-8199-875A4A6F357D} folder moved successfully.
C:\Users\creatix\AppData\Local\{06D2E189-F18E-4E8B-ABD5-E0E291FA07E7} folder moved successfully.
C:\Users\creatix\AppData\Local\{08E56057-096F-496B-A00C-67693F4BEEAC} folder moved successfully.
C:\Users\creatix\AppData\Local\{08F23992-444E-4798-8FC7-296E28366BC5} folder moved successfully.
C:\Users\creatix\AppData\Local\{0C65E1F9-951E-4150-B4AE-F99901975643} folder moved successfully.
C:\Users\creatix\AppData\Local\{100B3DED-5F91-4FFA-BF3F-870F9729BC6B} folder moved successfully.
C:\Users\creatix\AppData\Local\{12471B52-F1CE-42FD-B04C-A1013E190DFD} folder moved successfully.
C:\Users\creatix\AppData\Local\{14173185-6532-4B1C-9D14-DCB8C90ACE8B} folder moved successfully.
C:\Users\creatix\AppData\Local\{1502C102-0350-4B9B-A8A9-60ED26412299} folder moved successfully.
C:\Users\creatix\AppData\Local\{1707D541-D508-486E-A999-2628F9D3A912} folder moved successfully.
C:\Users\creatix\AppData\Local\{1838372E-AE0E-476B-B9DB-575D1D8AB2AC} folder moved successfully.
C:\Users\creatix\AppData\Local\{1AFE00B7-322D-413E-A660-150D895F8741} folder moved successfully.
C:\Users\creatix\AppData\Local\{1AFE4B32-74B7-4844-92E3-A2C145CBEB03} folder moved successfully.
C:\Users\creatix\AppData\Local\{2060B1B9-1CAD-48F4-9159-314CB5F8D769} folder moved successfully.
C:\Users\creatix\AppData\Local\{20E66BDB-2688-42F5-8B59-494478E1ECFE} folder moved successfully.
C:\Users\creatix\AppData\Local\{229152C4-869D-4BDC-AD92-896AD1441029} folder moved successfully.
C:\Users\creatix\AppData\Local\{22F7DF6E-A818-4795-914D-9E0134C5B5DB} folder moved successfully.
C:\Users\creatix\AppData\Local\{2320793E-1B6B-4D52-B4E1-B6B88BD6BFEF} folder moved successfully.
C:\Users\creatix\AppData\Local\{24A3F7F8-26A0-4B4C-B477-1AB959C2B6EA} folder moved successfully.
C:\Users\creatix\AppData\Local\{264060EA-C28E-4A65-9ABB-26E7698FF2B3} folder moved successfully.
C:\Users\creatix\AppData\Local\{2859FF77-2C7F-4941-B251-47C7BEB6AD63} folder moved successfully.
C:\Users\creatix\AppData\Local\{2887D3B0-01B6-4A4C-A6C4-D62BCA1BD424} folder moved successfully.
C:\Users\creatix\AppData\Local\{2E4A4A28-FACE-4BCB-B6DB-D908F1B4FA86} folder moved successfully.
C:\Users\creatix\AppData\Local\{33C952C1-9C82-4FA1-8926-C66CD687B30D} folder moved successfully.
C:\Users\creatix\AppData\Local\{3FAA1BD5-183A-4BE6-9CC2-5EE9396A8C71} folder moved successfully.
C:\Users\creatix\AppData\Local\{400A3A20-9D3C-4E6C-883B-2CE99E418B68} folder moved successfully.
C:\Users\creatix\AppData\Local\{411C523E-E152-49E1-809A-59604AA15F39} folder moved successfully.
C:\Users\creatix\AppData\Local\{41C5068E-AD53-438C-A399-72C8C0D24CED} folder moved successfully.
C:\Users\creatix\AppData\Local\{43B528F8-C1AA-489F-9214-B2B75494475B} folder moved successfully.
C:\Users\creatix\AppData\Local\{4AA8ECF3-257E-404B-B474-F8C32AB08351} folder moved successfully.
C:\Users\creatix\AppData\Local\{4AD5F416-8DBC-4A69-9D6B-42BB01AEA4FB} folder moved successfully.
C:\Users\creatix\AppData\Local\{4B599F98-5518-4393-8402-A2DFE929824D} folder moved successfully.
C:\Users\creatix\AppData\Local\{4E83DA14-8393-4ECE-BE83-26DE7D037D1F} folder moved successfully.
C:\Users\creatix\AppData\Local\{52B7B41F-02C9-4914-A2AF-384359D86A47} folder moved successfully.
C:\Users\creatix\AppData\Local\{53614C15-BEE5-4BBA-A47A-FFE59D2ADA85} folder moved successfully.
C:\Users\creatix\AppData\Local\{553208F1-DF2D-480F-BB96-C609C36641D8} folder moved successfully.
C:\Users\creatix\AppData\Local\{57A29237-650A-49BD-AC82-9B4FCB5F8787} folder moved successfully.
C:\Users\creatix\AppData\Local\{59FCFB98-7348-4311-8364-1BF582F895A9} folder moved successfully.
C:\Users\creatix\AppData\Local\{61162087-97A2-41F5-8254-6D4CE23D7626} folder moved successfully.
C:\Users\creatix\AppData\Local\{6384F5CA-D395-4814-83BA-C1387916B221} folder moved successfully.
C:\Users\creatix\AppData\Local\{63C312D0-3DF9-4A15-89CF-1E90548A3428} folder moved successfully.
C:\Users\creatix\AppData\Local\{677320F3-8C63-443F-A9E6-51F29D233746} folder moved successfully.
C:\Users\creatix\AppData\Local\{68E35570-A169-4147-AC39-9C920B6DAA1D} folder moved successfully.
C:\Users\creatix\AppData\Local\{6C232157-D69F-42F3-BE68-E9C34288E7C7} folder moved successfully.
C:\Users\creatix\AppData\Local\{6E3E7ADD-D588-4209-89DF-9B6FB3F4FF4F} folder moved successfully.
C:\Users\creatix\AppData\Local\{701C028C-95F7-41F8-9B92-D917CB05B9C4} folder moved successfully.
C:\Users\creatix\AppData\Local\{701D45E3-6A5F-42B2-96A8-1B7627DE31C5} folder moved successfully.
C:\Users\creatix\AppData\Local\{707DCDE3-52BB-4DF5-8CAC-C28264EC43F3} folder moved successfully.
C:\Users\creatix\AppData\Local\{708EE532-B455-41FF-A0F4-A2CEBD86FB52} folder moved successfully.
C:\Users\creatix\AppData\Local\{70CE039C-77A0-4728-BFAA-E53193E023EA} folder moved successfully.
C:\Users\creatix\AppData\Local\{7145AF6F-FE08-4A92-93AB-A50007658286} folder moved successfully.
C:\Users\creatix\AppData\Local\{72B73A08-C6F9-4638-B72B-45FD084B5139} folder moved successfully.
C:\Users\creatix\AppData\Local\{76A53B54-32C2-45C9-8ADE-AA3617029A49} folder moved successfully.
C:\Users\creatix\AppData\Local\{77012282-04EB-45B4-A948-6F7CC36DC633} folder moved successfully.
C:\Users\creatix\AppData\Local\{789C5B03-C455-4559-9599-5673B0184DEF} folder moved successfully.
C:\Users\creatix\AppData\Local\{7954B0DF-B1BE-486A-8FCE-B627B0DAAC37} folder moved successfully.
C:\Users\creatix\AppData\Local\{7969BE10-82EE-43E4-849F-ABE590A9C51A} folder moved successfully.
C:\Users\creatix\AppData\Local\{7A33A178-1C72-4422-B1BD-F069B6F9058D} folder moved successfully.
C:\Users\creatix\AppData\Local\{800C24AF-BEF5-4473-BFE0-07659601FB19} folder moved successfully.
C:\Users\creatix\AppData\Local\{837EC0E9-E86C-48F5-8109-6F864DB85FBB} folder moved successfully.
C:\Users\creatix\AppData\Local\{87CF4678-C132-4891-9BA1-B6AC8C37F718} folder moved successfully.
C:\Users\creatix\AppData\Local\{8DB1F2E9-25DF-4D93-8E91-8207A31BA0D4} folder moved successfully.
C:\Users\creatix\AppData\Local\{939B84F8-A6AB-430E-9343-5BA1CA9361D2} folder moved successfully.
C:\Users\creatix\AppData\Local\{94218428-21FA-4D81-A335-117EABF1B8D3} folder moved successfully.
C:\Users\creatix\AppData\Local\{948F2BCC-C1C5-4139-98BE-A576CABF4183} folder moved successfully.
C:\Users\creatix\AppData\Local\{96093BB8-4EDC-4F19-BFFE-17F770DA4B36} folder moved successfully.
C:\Users\creatix\AppData\Local\{9690E473-E520-4CF6-BBB0-0E87ECD22517} folder moved successfully.
C:\Users\creatix\AppData\Local\{9AF7B16A-4DAC-4A10-838D-B8BF4B304750} folder moved successfully.
C:\Users\creatix\AppData\Local\{9C154220-ABF8-4801-A9BF-FB9BDE69FF5F} folder moved successfully.
C:\Users\creatix\AppData\Local\{9CC6CBBA-AFCB-43AB-B746-FE98257EDFAF} folder moved successfully.
C:\Users\creatix\AppData\Local\{A40E1950-AF86-4D2E-8512-57140A627DA8} folder moved successfully.
C:\Users\creatix\AppData\Local\{A664D67B-C7CD-44D1-9607-D8615EC3B870} folder moved successfully.
C:\Users\creatix\AppData\Local\{AAA7576E-5937-407B-9494-6A17FB18A45D} folder moved successfully.
C:\Users\creatix\AppData\Local\{B3124EB2-2DDA-436B-B04B-CBA41969806A} folder moved successfully.
C:\Users\creatix\AppData\Local\{B445F6EB-B404-4E98-8390-81B2737DB6AA} folder moved successfully.
C:\Users\creatix\AppData\Local\{B459A776-F37C-4D8F-83CF-B5D83CB3BB86} folder moved successfully.
C:\Users\creatix\AppData\Local\{B5B9ED1D-B10F-4204-A0AA-BF027A13AED9} folder moved successfully.
C:\Users\creatix\AppData\Local\{B780772C-EC75-4053-B197-62B7D176BA22} folder moved successfully.
C:\Users\creatix\AppData\Local\{BD6F83DA-CE58-411D-A16A-CDEAC847B267} folder moved successfully.
C:\Users\creatix\AppData\Local\{C130B20E-4A35-47F7-B1F2-B95A76173613} folder moved successfully.
C:\Users\creatix\AppData\Local\{C97AF713-322F-43EF-9005-5A89CA27BF99} folder moved successfully.
C:\Users\creatix\AppData\Local\{D15C47E5-596D-4A86-AE32-991A1BA9FA75} folder moved successfully.
C:\Users\creatix\AppData\Local\{D69C39CC-9629-4C1A-866A-3BF220F06CC7} folder moved successfully.
C:\Users\creatix\AppData\Local\{D8742108-FCCE-4395-AAE1-FD6347075D39} folder moved successfully.
C:\Users\creatix\AppData\Local\{D8B7D6EF-FF6A-4F78-8FFA-9260376CE7C2} folder moved successfully.
C:\Users\creatix\AppData\Local\{DCF9D9FC-2CE9-46FB-BB5C-84BB90D190C4} folder moved successfully.
C:\Users\creatix\AppData\Local\{E069E557-0C0E-4205-BBC7-312E7F6F4BA6} folder moved successfully.
C:\Users\creatix\AppData\Local\{E0A44877-3CE7-4502-BCDB-36B5D69B54C2} folder moved successfully.
C:\Users\creatix\AppData\Local\{E100FF7B-53C1-46C5-9074-FA65DDD1EC7F} folder moved successfully.
C:\Users\creatix\AppData\Local\{E1A1B7C8-8802-404C-93ED-BFC550C24A1B} folder moved successfully.
C:\Users\creatix\AppData\Local\{E6947D0B-600A-469F-B9A2-9EFF1A258D5D} folder moved successfully.
C:\Users\creatix\AppData\Local\{E9FC332F-2E8E-4536-AC9C-71921624AA45} folder moved successfully.
C:\Users\creatix\AppData\Local\{EEB7D3C9-7423-4C5B-8606-16D645AA5B94} folder moved successfully.
C:\Users\creatix\AppData\Local\{F7581ED9-DE0E-4F60-8265-C57F150ECF61} folder moved successfully.
C:\Users\creatix\AppData\Local\{F8896CFE-3E2F-4518-808A-816CC81CEC4E} folder moved successfully.
C:\Users\creatix\AppData\Local\{F9B20F96-55E8-4DAA-B83A-4746D103A756} folder moved successfully.
C:\Users\creatix\AppData\Local\{FE07F29C-5CEE-4FF6-BFB8-FA96ED2AA74E} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: creatix
->Temp folder emptied: 499612473 bytes
->Temporary Internet Files folder emptied: 79258553 bytes
->Java cache emptied: 1734890 bytes
->FireFox cache emptied: 1151229248 bytes
->Flash cache emptied: 81184 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gaeste
->Temp folder emptied: 784109 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 10437 bytes
->FireFox cache emptied: 745943298 bytes
->Flash cache emptied: 1713 bytes
 
User: Gast
->Temp folder emptied: 34279508 bytes
->Temporary Internet Files folder emptied: 279208 bytes
->FireFox cache emptied: 35941650 bytes
->Flash cache emptied: 765 bytes
 
User: Gast.creatix-PC
->Temp folder emptied: 60180769 bytes
->Temporary Internet Files folder emptied: 2098459 bytes
->Java cache emptied: 49601856 bytes
->FireFox cache emptied: 476725551 bytes
->Flash cache emptied: 47716 bytes
 
User: Mcx1-CREATIX-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 181973 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246975146 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.228,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02102012_192400

Files\Folders moved on Reboot...
C:\Users\creatix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 10.02.2012, 20:58

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

creatix · 11.02.2012, 08:13

Code:

ATTFilter

 08:11:14.0083 4100	TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
08:11:14.0240 4100	============================================================
08:11:14.0240 4100	Current date / time: 2012/02/11 08:11:14.0240
08:11:14.0240 4100	SystemInfo:
08:11:14.0240 4100	
08:11:14.0240 4100	OS Version: 6.1.7600 ServicePack: 0.0
08:11:14.0240 4100	Product type: Workstation
08:11:14.0240 4100	ComputerName: CREATIX-PC
08:11:14.0241 4100	UserName: creatix
08:11:14.0241 4100	Windows directory: C:\Windows
08:11:14.0241 4100	System windows directory: C:\Windows
08:11:14.0241 4100	Running under WOW64
08:11:14.0241 4100	Processor architecture: Intel x64
08:11:14.0241 4100	Number of processors: 4
08:11:14.0241 4100	Page size: 0x1000
08:11:14.0241 4100	Boot type: Normal boot
08:11:14.0241 4100	============================================================
08:11:15.0385 4100	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:11:15.0408 4100	\Device\Harddisk0\DR0:
08:11:15.0408 4100	MBR used
08:11:15.0408 4100	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:11:15.0408 4100	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
08:11:15.0408 4100	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
08:11:15.0528 4100	Initialize success
08:11:15.0528 4100	============================================================
08:11:43.0732 2168	============================================================
08:11:43.0732 2168	Scan started
08:11:43.0732 2168	Mode: Manual; SigCheck; TDLFS; 
08:11:43.0732 2168	============================================================
08:11:44.0500 2168	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:11:44.0647 2168	1394ohci - ok
08:11:44.0692 2168	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:11:44.0720 2168	ACPI - ok
08:11:44.0741 2168	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:11:44.0811 2168	AcpiPmi - ok
08:11:44.0862 2168	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:11:44.0917 2168	adp94xx - ok
08:11:44.0946 2168	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:11:44.0971 2168	adpahci - ok
08:11:44.0994 2168	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:11:45.0025 2168	adpu320 - ok
08:11:45.0092 2168	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
08:11:45.0156 2168	AFD - ok
08:11:45.0176 2168	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:11:45.0204 2168	agp440 - ok
08:11:45.0251 2168	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:11:45.0275 2168	aliide - ok
08:11:45.0289 2168	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:11:45.0312 2168	amdide - ok
08:11:45.0335 2168	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:11:45.0387 2168	AmdK8 - ok
08:11:45.0415 2168	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:11:45.0452 2168	AmdPPM - ok
08:11:45.0491 2168	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
08:11:45.0520 2168	amdsata - ok
08:11:45.0544 2168	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:11:45.0576 2168	amdsbs - ok
08:11:45.0600 2168	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
08:11:45.0622 2168	amdxata - ok
08:11:45.0666 2168	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:11:45.0787 2168	AppID - ok
08:11:45.0836 2168	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:11:45.0866 2168	arc - ok
08:11:45.0888 2168	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:11:45.0917 2168	arcsas - ok
08:11:45.0939 2168	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:11:46.0073 2168	AsyncMac - ok
08:11:46.0099 2168	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:11:46.0108 2168	atapi - ok
08:11:46.0183 2168	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
08:11:46.0497 2168	avgntflt - ok
08:11:46.0518 2168	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
08:11:46.0546 2168	avipbb - ok
08:11:46.0563 2168	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:11:46.0584 2168	avkmgr - ok
08:11:46.0644 2168	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:11:46.0718 2168	b06bdrv - ok
08:11:46.0761 2168	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:11:46.0816 2168	b57nd60a - ok
08:11:46.0854 2168	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:11:46.0939 2168	Beep - ok
08:11:47.0106 2168	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:11:47.0148 2168	blbdrive - ok
08:11:47.0209 2168	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:11:47.0271 2168	bowser - ok
08:11:47.0289 2168	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:11:47.0322 2168	BrFiltLo - ok
08:11:47.0347 2168	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:11:47.0378 2168	BrFiltUp - ok
08:11:47.0413 2168	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:11:47.0463 2168	Brserid - ok
08:11:47.0486 2168	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:11:47.0536 2168	BrSerWdm - ok
08:11:47.0558 2168	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:11:47.0600 2168	BrUsbMdm - ok
08:11:47.0620 2168	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:11:47.0660 2168	BrUsbSer - ok
08:11:47.0677 2168	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:11:47.0721 2168	BTHMODEM - ok
08:11:47.0752 2168	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:11:47.0817 2168	cdfs - ok
08:11:47.0841 2168	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:11:47.0877 2168	cdrom - ok
08:11:47.0909 2168	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:11:47.0946 2168	circlass - ok
08:11:47.0993 2168	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:11:48.0021 2168	CLFS - ok
08:11:48.0077 2168	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:11:48.0110 2168	CmBatt - ok
08:11:48.0135 2168	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:11:48.0157 2168	cmdide - ok
08:11:48.0196 2168	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:11:48.0234 2168	CNG - ok
08:11:48.0257 2168	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:11:48.0272 2168	Compbatt - ok
08:11:48.0307 2168	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:11:48.0361 2168	CompositeBus - ok
08:11:48.0381 2168	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:11:48.0406 2168	crcdisk - ok
08:11:48.0487 2168	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:11:48.0541 2168	DfsC - ok
08:11:48.0587 2168	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:11:48.0649 2168	discache - ok
08:11:48.0671 2168	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:11:48.0699 2168	Disk - ok
08:11:48.0759 2168	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:11:48.0797 2168	drmkaud - ok
08:11:48.0850 2168	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:11:48.0901 2168	DXGKrnl - ok
08:11:48.0989 2168	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:11:49.0134 2168	ebdrv - ok
08:11:49.0171 2168	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:11:49.0212 2168	elxstor - ok
08:11:49.0254 2168	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:11:49.0290 2168	ErrDev - ok
08:11:49.0342 2168	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:11:49.0409 2168	exfat - ok
08:11:49.0435 2168	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:11:49.0499 2168	fastfat - ok
08:11:49.0521 2168	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:11:49.0559 2168	fdc - ok
08:11:49.0589 2168	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:11:49.0616 2168	FileInfo - ok
08:11:49.0637 2168	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:11:49.0709 2168	Filetrace - ok
08:11:49.0719 2168	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:11:49.0743 2168	flpydisk - ok
08:11:49.0776 2168	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:11:49.0815 2168	FltMgr - ok
08:11:49.0863 2168	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:11:49.0890 2168	FsDepends - ok
08:11:49.0909 2168	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:11:49.0924 2168	Fs_Rec - ok
08:11:49.0970 2168	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:11:49.0993 2168	fvevol - ok
08:11:50.0019 2168	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:11:50.0045 2168	gagp30kx - ok
08:11:50.0095 2168	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:11:50.0108 2168	GEARAspiWDM - ok
08:11:50.0141 2168	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:11:50.0199 2168	hcw85cir - ok
08:11:50.0241 2168	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:11:50.0299 2168	HdAudAddService - ok
08:11:50.0331 2168	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:11:50.0383 2168	HDAudBus - ok
08:11:50.0403 2168	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:11:50.0450 2168	HidBatt - ok
08:11:50.0473 2168	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:11:50.0529 2168	HidBth - ok
08:11:50.0549 2168	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:11:50.0582 2168	HidIr - ok
08:11:50.0623 2168	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:11:50.0651 2168	HidUsb - ok
08:11:50.0689 2168	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:11:50.0717 2168	HpSAMD - ok
08:11:50.0758 2168	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:11:50.0845 2168	HTTP - ok
08:11:50.0865 2168	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:11:50.0882 2168	hwpolicy - ok
08:11:50.0906 2168	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:11:50.0926 2168	i8042prt - ok
08:11:50.0980 2168	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
08:11:51.0015 2168	iaStorV - ok
08:11:51.0055 2168	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:11:51.0072 2168	iirsp - ok
08:11:51.0190 2168	IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
08:11:51.0259 2168	IntcAzAudAddService - ok
08:11:51.0286 2168	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:11:51.0302 2168	intelide - ok
08:11:51.0346 2168	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:11:51.0387 2168	intelppm - ok
08:11:51.0410 2168	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:51.0477 2168	IpFilterDriver - ok
08:11:51.0499 2168	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:11:51.0531 2168	IPMIDRV - ok
08:11:51.0555 2168	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:11:51.0615 2168	IPNAT - ok
08:11:51.0653 2168	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:11:51.0721 2168	IRENUM - ok
08:11:51.0760 2168	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:11:51.0784 2168	isapnp - ok
08:11:51.0824 2168	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:11:51.0860 2168	iScsiPrt - ok
08:11:51.0883 2168	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:11:51.0908 2168	kbdclass - ok
08:11:51.0924 2168	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:11:51.0953 2168	kbdhid - ok
08:11:52.0000 2168	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:11:52.0021 2168	KSecDD - ok
08:11:52.0062 2168	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:11:52.0096 2168	KSecPkg - ok
08:11:52.0211 2168	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:11:52.0287 2168	ksthunk - ok
08:11:52.0342 2168	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:11:52.0430 2168	lltdio - ok
08:11:52.0478 2168	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:11:52.0506 2168	LSI_FC - ok
08:11:52.0526 2168	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:11:52.0543 2168	LSI_SAS - ok
08:11:52.0580 2168	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:11:52.0598 2168	LSI_SAS2 - ok
08:11:52.0621 2168	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:11:52.0640 2168	LSI_SCSI - ok
08:11:52.0667 2168	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:11:52.0740 2168	luafv - ok
08:11:52.0797 2168	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:11:52.0817 2168	MBAMProtector - ok
08:11:52.0860 2168	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:11:52.0887 2168	megasas - ok
08:11:52.0925 2168	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:11:52.0960 2168	MegaSR - ok
08:11:52.0985 2168	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:11:53.0042 2168	Modem - ok
08:11:53.0067 2168	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:11:53.0105 2168	monitor - ok
08:11:53.0129 2168	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:11:53.0154 2168	mouclass - ok
08:11:53.0177 2168	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:11:53.0214 2168	mouhid - ok
08:11:53.0241 2168	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:11:53.0260 2168	mountmgr - ok
08:11:53.0349 2168	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:11:53.0383 2168	mpio - ok
08:11:53.0409 2168	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:11:53.0463 2168	mpsdrv - ok
08:11:53.0495 2168	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:11:53.0551 2168	MRxDAV - ok
08:11:53.0588 2168	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:53.0636 2168	mrxsmb - ok
08:11:53.0686 2168	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:53.0738 2168	mrxsmb10 - ok
08:11:53.0770 2168	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:53.0817 2168	mrxsmb20 - ok
08:11:53.0837 2168	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:11:53.0860 2168	msahci - ok
08:11:53.0888 2168	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:11:53.0919 2168	msdsm - ok
08:11:53.0955 2168	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:11:53.0998 2168	Msfs - ok
08:11:54.0017 2168	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:11:54.0094 2168	mshidkmdf - ok
08:11:54.0116 2168	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:11:54.0139 2168	msisadrv - ok
08:11:54.0177 2168	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:11:54.0257 2168	MSKSSRV - ok
08:11:54.0301 2168	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:54.0359 2168	MSPCLOCK - ok
08:11:54.0430 2168	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:11:54.0502 2168	MSPQM - ok
08:11:54.0534 2168	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:11:54.0573 2168	MsRPC - ok
08:11:54.0597 2168	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:11:54.0606 2168	mssmbios - ok
08:11:54.0627 2168	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:11:54.0693 2168	MSTEE - ok
08:11:54.0717 2168	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:11:54.0759 2168	MTConfig - ok
08:11:54.0780 2168	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:11:54.0805 2168	Mup - ok
08:11:54.0867 2168	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:11:54.0928 2168	NativeWifiP - ok
08:11:54.0993 2168	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:11:55.0040 2168	NDIS - ok
08:11:55.0072 2168	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:11:55.0132 2168	NdisCap - ok
08:11:55.0170 2168	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:55.0231 2168	NdisTapi - ok
08:11:55.0273 2168	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:55.0342 2168	Ndisuio - ok
08:11:55.0370 2168	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:55.0460 2168	NdisWan - ok
08:11:55.0481 2168	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:11:55.0594 2168	NDProxy - ok
08:11:55.0615 2168	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:11:55.0698 2168	NetBIOS - ok
08:11:55.0726 2168	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:11:55.0775 2168	NetBT - ok
08:11:55.0830 2168	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:11:55.0856 2168	nfrd960 - ok
08:11:55.0890 2168	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:11:55.0951 2168	Npfs - ok
08:11:55.0971 2168	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:11:56.0041 2168	nsiproxy - ok
08:11:56.0120 2168	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
08:11:56.0216 2168	Ntfs - ok
08:11:56.0228 2168	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:11:56.0304 2168	Null - ok
08:11:56.0570 2168	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:11:56.0792 2168	nvlddmkm - ok
08:11:56.0848 2168	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
08:11:56.0879 2168	nvraid - ok
08:11:56.0898 2168	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
08:11:56.0919 2168	nvstor - ok
08:11:56.0985 2168	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:11:57.0015 2168	nv_agp - ok
08:11:57.0034 2168	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:11:57.0088 2168	ohci1394 - ok
08:11:57.0120 2168	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:11:57.0152 2168	Parport - ok
08:11:57.0173 2168	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:11:57.0198 2168	partmgr - ok
08:11:57.0230 2168	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:11:57.0265 2168	pci - ok
08:11:57.0276 2168	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:11:57.0290 2168	pciide - ok
08:11:57.0320 2168	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:11:57.0354 2168	pcmcia - ok
08:11:57.0378 2168	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:11:57.0402 2168	pcw - ok
08:11:57.0427 2168	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:11:57.0531 2168	PEAUTH - ok
08:11:57.0652 2168	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:11:57.0718 2168	PptpMiniport - ok
08:11:57.0750 2168	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:11:57.0790 2168	Processor - ok
08:11:57.0848 2168	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:11:57.0921 2168	Psched - ok
08:11:57.0973 2168	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:11:58.0071 2168	ql2300 - ok
08:11:58.0091 2168	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:11:58.0113 2168	ql40xx - ok
08:11:58.0134 2168	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:11:58.0186 2168	QWAVEdrv - ok
08:11:58.0205 2168	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:11:58.0283 2168	RasAcd - ok
08:11:58.0317 2168	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:11:58.0377 2168	RasAgileVpn - ok
08:11:58.0399 2168	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:58.0451 2168	Rasl2tp - ok
08:11:58.0471 2168	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:58.0553 2168	RasPppoe - ok
08:11:58.0581 2168	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:11:58.0650 2168	RasSstp - ok
08:11:58.0683 2168	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:11:58.0759 2168	rdbss - ok
08:11:58.0784 2168	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:11:58.0812 2168	rdpbus - ok
08:11:58.0823 2168	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:58.0892 2168	RDPCDD - ok
08:11:58.0920 2168	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:11:58.0981 2168	RDPENCDD - ok
08:11:58.0996 2168	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:11:59.0043 2168	RDPREFMP - ok
08:11:59.0069 2168	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:11:59.0134 2168	RDPWD - ok
08:11:59.0155 2168	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:11:59.0190 2168	rdyboost - ok
08:11:59.0227 2168	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:11:59.0306 2168	rspndr - ok
08:11:59.0367 2168	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:11:59.0400 2168	RTL8167 - ok
08:11:59.0427 2168	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:11:59.0455 2168	sbp2port - ok
08:11:59.0497 2168	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:11:59.0555 2168	scfilter - ok
08:11:59.0583 2168	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:11:59.0639 2168	secdrv - ok
08:11:59.0681 2168	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:11:59.0710 2168	Serenum - ok
08:11:59.0727 2168	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:11:59.0757 2168	Serial - ok
08:11:59.0788 2168	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:11:59.0817 2168	sermouse - ok
08:11:59.0853 2168	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:11:59.0896 2168	sffdisk - ok
08:11:59.0919 2168	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:11:59.0951 2168	sffp_mmc - ok
08:11:59.0969 2168	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:12:00.0011 2168	sffp_sd - ok
08:12:00.0029 2168	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:12:00.0063 2168	sfloppy - ok
08:12:00.0102 2168	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:12:00.0124 2168	SiSRaid2 - ok
08:12:00.0144 2168	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:12:00.0168 2168	SiSRaid4 - ok
08:12:00.0192 2168	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:12:00.0266 2168	Smb - ok
08:12:00.0301 2168	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:12:00.0324 2168	spldr - ok
08:12:00.0382 2168	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:12:00.0450 2168	srv - ok
08:12:00.0496 2168	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:12:00.0569 2168	srv2 - ok
08:12:00.0614 2168	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:12:00.0659 2168	srvnet - ok
08:12:00.0699 2168	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:12:00.0723 2168	stexstor - ok
08:12:00.0736 2168	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:12:00.0751 2168	swenum - ok
08:12:00.0846 2168	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
08:12:00.0957 2168	Tcpip - ok
08:12:01.0020 2168	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
08:12:01.0059 2168	TCPIP6 - ok
08:12:01.0107 2168	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:12:01.0166 2168	tcpipreg - ok
08:12:01.0193 2168	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:12:01.0236 2168	TDPIPE - ok
08:12:01.0265 2168	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:12:01.0343 2168	TDTCP - ok
08:12:01.0365 2168	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:12:01.0415 2168	tdx - ok
08:12:01.0437 2168	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:12:01.0463 2168	TermDD - ok
08:12:01.0504 2168	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:12:01.0584 2168	tssecsrv - ok
08:12:01.0619 2168	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:12:01.0705 2168	tunnel - ok
08:12:01.0724 2168	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:12:01.0749 2168	uagp35 - ok
08:12:01.0786 2168	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:12:01.0858 2168	udfs - ok
08:12:01.0895 2168	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:12:01.0922 2168	uliagpkx - ok
08:12:01.0954 2168	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:12:01.0996 2168	umbus - ok
08:12:02.0041 2168	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:12:02.0079 2168	UmPass - ok
08:12:02.0123 2168	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:12:02.0178 2168	usbccgp - ok
08:12:02.0221 2168	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:12:02.0316 2168	usbcir - ok
08:12:02.0456 2168	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:12:02.0495 2168	usbehci - ok
08:12:02.0525 2168	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:12:02.0583 2168	usbhub - ok
08:12:02.0594 2168	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
08:12:02.0621 2168	usbohci - ok
08:12:02.0673 2168	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:12:02.0706 2168	usbprint - ok
08:12:02.0748 2168	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:12:02.0782 2168	usbscan - ok
08:12:02.0831 2168	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:12:02.0872 2168	USBSTOR - ok
08:12:02.0895 2168	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
08:12:02.0933 2168	usbuhci - ok
08:12:02.0965 2168	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:12:02.0990 2168	vdrvroot - ok
08:12:03.0017 2168	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:12:03.0038 2168	vga - ok
08:12:03.0057 2168	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:12:03.0142 2168	VgaSave - ok
08:12:03.0171 2168	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:12:03.0208 2168	vhdmp - ok
08:12:03.0230 2168	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:12:03.0245 2168	viaide - ok
08:12:03.0270 2168	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:12:03.0297 2168	volmgr - ok
08:12:03.0316 2168	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:12:03.0332 2168	volmgrx - ok
08:12:03.0356 2168	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:12:03.0395 2168	volsnap - ok
08:12:03.0417 2168	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:12:03.0438 2168	vsmraid - ok
08:12:03.0483 2168	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:12:03.0507 2168	vwifibus - ok
08:12:03.0534 2168	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:12:03.0562 2168	WacomPen - ok
08:12:03.0598 2168	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:03.0682 2168	WANARP - ok
08:12:03.0696 2168	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:03.0748 2168	Wanarpv6 - ok
08:12:03.0784 2168	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:12:03.0800 2168	Wd - ok
08:12:03.0831 2168	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:12:03.0882 2168	Wdf01000 - ok
08:12:03.0925 2168	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:12:03.0984 2168	WfpLwf - ok
08:12:04.0012 2168	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:12:04.0036 2168	WIMMount - ok
08:12:04.0104 2168	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:12:04.0141 2168	WmiAcpi - ok
08:12:04.0188 2168	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:12:04.0260 2168	ws2ifsl - ok
08:12:04.0299 2168	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:12:04.0376 2168	WudfPf - ok
08:12:04.0407 2168	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:12:04.0491 2168	WUDFRd - ok
08:12:04.0581 2168	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
08:12:04.0635 2168	xusb21 - ok
08:12:04.0657 2168	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:12:04.0807 2168	\Device\Harddisk0\DR0 - ok
08:12:04.0812 2168	Boot (0x1200)   (3692a4254e0167979af73c9e01f592ad) \Device\Harddisk0\DR0\Partition0
08:12:04.0813 2168	\Device\Harddisk0\DR0\Partition0 - ok
08:12:04.0842 2168	Boot (0x1200)   (c02824fbc36882b6fabe03ba8aab70c9) \Device\Harddisk0\DR0\Partition1
08:12:04.0845 2168	\Device\Harddisk0\DR0\Partition1 - ok
08:12:04.0874 2168	Boot (0x1200)   (23ec1a721b736c79226bdc55cf59c1af) \Device\Harddisk0\DR0\Partition2
08:12:04.0877 2168	\Device\Harddisk0\DR0\Partition2 - ok
08:12:04.0877 2168	============================================================
08:12:04.0877 2168	Scan finished
08:12:04.0877 2168	============================================================
08:12:04.0900 3840	Detected object count: 0
08:12:04.0900 3840	Actual detected object count: 0

cosinus · 12.02.2012, 13:16

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Windows Security Center: Computer gesperrt! Virus, Trojaner ?

Log-Analyse und Auswertung: Windows Security Center: Computer gesperrt! Virus, Trojaner ?