Windows blockiert aus Sicherheitsgründen

Skorn · 26.02.2012, 12:53

Hey,
wie so viel wurde bei mir auch Windows aus Sicherheitsgründen blockiert. Habe mich etwas bei euch belesen und im abgesicherten Modus hochgefahren.
Einmal mit Malwarebytes gescannt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Skor :: SKOR-PC [Administrator]

Schutz: Deaktiviert

22.02.2012 22:57:22
mbam-log-2012-02-22 (22-57-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 173706
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Skor\AppData\Local\Temp\0.6982788570544017df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.7355832079494159df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.8892057720492006df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.9291195036391339df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.18762739007420326df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.24159056218010078df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ein weiter Scan hat nix gefunden
Davor und danach habe ich einen OTl Scan durchgeführt, das Log vom ersten wurde leider überschrieben aber hier sind die Logs vom zweiten Scan:

Code:

ATTFilter

OTL logfile created on: 2/22/2012 11:27:40 PM - Run 2
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 634.27 Mb Available Physical Memory | 62.54% Memory free
1.99 Gb Paging File | 1.66 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 42.54 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Skor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/10/27 20:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 10:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/14 15:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/02/20 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions
[2011/10/21 08:14:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Sunbird\Profiles\66zbxk6g.default\extensions
[2011/11/11 20:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\SKOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Z8BZ7B7.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/02/20 10:04:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/11 20:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 20:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:15:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/11 20:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/11 20:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/11 20:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SkypeM] C:\Users\Skor\AppData\Local\Skype\Skype.exe ()
O4 - Startup: C:\Users\Skor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-giessen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2661931F-C7DB-418F-A554-E4941694B50A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43886E1F-005F-40E1-9472-EDDC0F13FAC6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7B1A334-EC91-4189-97DD-2CB9B05ECF08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48E5659-E2CD-430D-B0CF-2D6AA60EA93E}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/22 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2012/02/22 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/22 22:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/22 22:55:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/22 22:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 22:52:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:36 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 18:48:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/22 18:48:40 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/22 18:48:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/22 18:48:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/22 18:48:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/22 18:48:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/22 18:48:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/22 18:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/22 18:48:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/22 18:48:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/22 18:48:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/22 18:48:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/22 18:48:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/22 18:48:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/22 18:48:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/22 18:48:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/22 18:48:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/22 18:48:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/22 18:48:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/22 18:48:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/22 18:48:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/22 18:48:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/22 18:48:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/22 18:48:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/22 18:48:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/22 18:48:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/22 18:48:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/22 18:48:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/22 18:48:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/22 18:48:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/22 18:48:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/22 18:48:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/22 18:48:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/22 18:48:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/22 18:48:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/22 18:48:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/22 18:48:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/20 10:25:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/16 17:59:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/16 17:58:24 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/11 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Documents\Dehnen
[2012/02/10 23:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/10 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/02/10 23:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/22 23:19:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/22 23:19:45 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 22:55:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/22 22:52:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:41 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 22:18:15 | 001,486,374 | ---- | M] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/22 18:48:40 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/22 18:48:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/22 18:48:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/22 18:48:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/22 18:48:39 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/22 18:48:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/22 18:48:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/22 18:48:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/22 18:48:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/22 18:48:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/22 18:48:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/22 18:48:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/22 18:48:27 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/22 18:48:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/22 18:48:25 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/22 18:48:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/22 18:48:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/22 18:48:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/22 18:48:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/22 18:48:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/22 18:48:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/22 18:48:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/22 18:48:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/22 18:48:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/22 18:48:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/22 18:48:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/22 18:48:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/22 18:48:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/22 18:48:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/22 18:48:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/22 18:48:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/22 18:48:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/22 18:48:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/22 18:48:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/22 18:48:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/22 18:48:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/22 18:48:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/20 10:35:20 | 000,309,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/20 10:25:34 | 000,702,372 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/20 10:25:34 | 000,656,954 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/20 10:25:34 | 000,151,076 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/20 10:25:34 | 000,123,430 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/20 10:03:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/02/10 23:28:15 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2012/02/22 22:55:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/22 22:18:15 | 001,486,374 | ---- | C] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/10 23:28:15 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2011/10/23 18:53:53 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011/10/23 18:47:18 | 000,107,520 | RHS- | C] () -- C:\windows\System32\TAKDSDecoder.dll
[2011/09/16 08:59:02 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/06/20 12:26:36 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2011/06/20 10:08:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 18:32:54 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/05/31 18:17:00 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/05/31 18:17:00 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/05/31 15:06:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/01/19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 17:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2011/08/24 19:29:39 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

und Extras:

Code:

ATTFilter

OTL Extras logfile created on: 2/22/2012 11:27:40 PM - Run 2
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 634.27 Mb Available Physical Memory | 62.54% Memory free
1.99 Gb Paging File | 1.66 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 42.54 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69BD802-57A2-428F-9CA6-9C006E5F8DFA}" = Cisco AnyConnect Secure Mobility Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.7.0
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader 5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Blender" = PDF Blender
"StarUML_is1" = StarUML 5.0.2.1570
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Leider hat sich jedoch im normalen Modus nix getan, sobald er ne InternetVerbindung kriegt, blockiert er wieder.
Was kann ich noch tun?
Vielen Dank,
Skorn

cosinus · 26.02.2012, 17:29

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Skorn · 26.02.2012, 18:09

alles weiterhin im abgesicherten Modus mit netzwerktreibern oder?
Grüße und danke schonmal!

Hier das Ergebnis des vollständigen Malwarebyte suchlaufes von heute mittag:

Code:

ATTFilter

Datenbank Version: v2012.02.26.01

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Skor :: SKOR-PC [Administrator]

Schutz: Deaktiviert

26.02.2012 15:08:23
mbam-log-2012-02-26 (15-08-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307408
Laufzeit: 49 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset folgt

cosinus · 26.02.2012, 18:33

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Skorn · 26.02.2012, 21:08

Hier das ESET Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d73ebffbac93944db02935a490a8f64a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 08:05:15
# local_time=2012-02-26 09:05:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 347925 66808587 416672 0
# compatibility_mode=5893 16776573 100 94 144753 81907915 0 0
# compatibility_mode=8192 67108863 100 0 3782 3782 0 0
# scanned=142312
# found=7
# cleaned=0
# scan_time=10011
C:\$Recycle.Bin\S-1-5-21-1467143805-1543317418-267732607-1000\$RDJEBGO.rar	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\AppData\Local\Skype\Skype.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\AppData\Local\Temp\ICReinstall\cnet_gardenplannersetup_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\Documents\Uni\Examensarbeit.rar	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\Documents\Uni\Examensarbeit\cnet_gardenplannersetup_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

cosinus · 26.02.2012, 21:27

Funktioniert der normale Modus wieder?

Skorn · 26.02.2012, 22:22

Hey, funktioniert leider nicht.

cosinus · 26.02.2012, 22:38

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Skorn · 26.02.2012, 23:11

Code:

ATTFilter

OTL logfile created on: 2/26/2012 10:44:49 PM - Run 3
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 670.69 Mb Available Physical Memory | 66.13% Memory free
1.99 Gb Paging File | 1.68 Gb Available in Paging File | 84.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 41.73 Gb Free Space | 41.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Skor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/10/27 20:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 10:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/14 15:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/02/20 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions
[2011/10/21 08:14:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Sunbird\Profiles\66zbxk6g.default\extensions
[2011/11/11 20:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\SKOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Z8BZ7B7.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/02/20 10:04:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/11 20:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 20:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:15:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/11 20:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/11 20:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/11 20:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000..\Run: [SkypeM] C:\Users\Skor\AppData\Local\Skype\Skype.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Skor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-giessen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2661931F-C7DB-418F-A554-E4941694B50A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43886E1F-005F-40E1-9472-EDDC0F13FAC6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7B1A334-EC91-4189-97DD-2CB9B05ECF08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48E5659-E2CD-430D-B0CF-2D6AA60EA93E}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/26 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Desktop\Neuer Ordner
[2012/02/26 18:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/26 18:15:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Skor\Desktop\esetsmartinstaller_enu.exe
[2012/02/23 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Local\ElevatedDiagnostics
[2012/02/22 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2012/02/22 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/22 22:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/22 22:55:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/22 22:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 22:52:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:36 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/20 10:25:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/11 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Documents\Dehnen
[2012/02/10 23:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/10 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/02/10 23:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/26 22:19:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/26 22:19:38 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 18:15:05 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Skor\Desktop\esetsmartinstaller_enu.exe
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 22:55:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/22 22:52:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:41 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 22:18:15 | 001,486,374 | ---- | M] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/20 10:35:20 | 000,309,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/20 10:25:34 | 000,702,372 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/20 10:25:34 | 000,656,954 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/20 10:25:34 | 000,151,076 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/20 10:25:34 | 000,123,430 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/10 23:28:15 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
 
========== Files Created - No Company Name ==========
 
[2012/02/22 22:55:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/02/22 22:18:15 | 001,486,374 | ---- | C] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/10 23:28:15 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2011/10/23 18:53:53 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011/10/23 18:47:18 | 000,107,520 | RHS- | C] () -- C:\windows\System32\TAKDSDecoder.dll
[2011/09/16 08:59:02 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/06/20 12:26:36 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2011/06/20 10:08:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 18:32:54 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/05/31 18:17:00 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/05/31 18:17:00 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/05/31 15:06:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/01/19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 17:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2011/08/24 19:29:39 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/01/02 13:07:02 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ABBYY
[2010/06/24 17:55:21 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Adobe
[2011/08/25 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Apple Computer
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/10/20 17:10:29 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Avira
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2009/07/14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Identities
[2010/06/24 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\InstallShield
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2010/06/24 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Macromedia
[2012/02/22 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2011/11/29 23:31:59 | 000,000,000 | --SD | M] -- C:\Users\Skor\AppData\Roaming\Microsoft
[2011/09/14 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Mozilla
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/21 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Skype
[2012/02/21 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\skypePM
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2012/02/25 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\vlc
[2011/05/31 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/06/24 17:08:16 | 000,038,784 | ---- | M] () -- C:\Users\Skor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

und das log...

Vielen Dank für deine Mühen!

cosinus · 27.02.2012, 10:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA
:Files
C:\Users\Skor\AppData\Local\Temp\ICReinstall
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe
C:\Users\Skor\AppData\Local\Skype
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Skorn · 27.02.2012, 13:15

Hey anbei das Log des OTl-Fixes:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}\ deleted successfully.
C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
========== FILES ==========
C:\Users\Skor\AppData\Local\Temp\ICReinstall folder moved successfully.
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe moved successfully.
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe moved successfully.
C:\Users\Skor\AppData\Local\Skype folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Skor
->Temp folder emptied: 188027618 bytes
->Temporary Internet Files folder emptied: 91155181 bytes
->Java cache emptied: 1075891 bytes
->FireFox cache emptied: 201764164 bytes
->Flash cache emptied: 42953 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152985182 bytes
RecycleBin emptied: 1444580584 bytes
 
Total Files Cleaned = 1,983.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02272012_125554

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 27.02.2012, 14:51

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Skorn · 27.02.2012, 16:09

Anbei das TDSS Log, also gefunden hat er nix:

Code:

ATTFilter

16:01:40.0346 1672	TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:01:40.0424 1672	============================================================
16:01:40.0424 1672	Current date / time: 2012/02/27 16:01:40.0424
16:01:40.0424 1672	SystemInfo:
16:01:40.0424 1672	
16:01:40.0424 1672	OS Version: 6.1.7601 ServicePack: 1.0
16:01:40.0424 1672	Product type: Workstation
16:01:40.0424 1672	ComputerName: SKOR-PC
16:01:40.0424 1672	UserName: Skor
16:01:40.0424 1672	Windows directory: C:\windows
16:01:40.0424 1672	System windows directory: C:\windows
16:01:40.0424 1672	Processor architecture: Intel x86
16:01:40.0424 1672	Number of processors: 2
16:01:40.0424 1672	Page size: 0x1000
16:01:40.0424 1672	Boot type: Normal boot
16:01:40.0424 1672	============================================================
16:01:41.0282 1672	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:01:41.0282 1672	\Device\Harddisk0\DR0:
16:01:41.0282 1672	MBR used
16:01:41.0282 1672	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:01:41.0282 1672	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
16:01:41.0484 1672	Initialize success
16:01:41.0484 1672	============================================================
16:01:47.0412 4000	============================================================
16:01:47.0412 4000	Scan started
16:01:47.0412 4000	Mode: Manual; SigCheck; TDLFS; 
16:01:47.0412 4000	============================================================
16:01:48.0957 4000	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
16:01:49.0191 4000	1394ohci - ok
16:01:49.0331 4000	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
16:01:49.0378 4000	ACPI - ok
16:01:49.0503 4000	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
16:01:49.0612 4000	AcpiPmi - ok
16:01:49.0752 4000	acsock          (ae954c42547605408cddf03bb13845b8) C:\windows\system32\DRIVERS\acsock.sys
16:01:49.0846 4000	acsock - ok
16:01:49.0986 4000	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:01:50.0080 4000	adp94xx - ok
16:01:50.0252 4000	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:01:50.0298 4000	adpahci - ok
16:01:50.0361 4000	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:01:50.0408 4000	adpu320 - ok
16:01:50.0564 4000	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
16:01:50.0673 4000	AFD - ok
16:01:50.0782 4000	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
16:01:50.0813 4000	agp440 - ok
16:01:50.0876 4000	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:01:50.0907 4000	aic78xx - ok
16:01:51.0063 4000	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
16:01:51.0110 4000	aliide - ok
16:01:51.0312 4000	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
16:01:51.0359 4000	amdagp - ok
16:01:51.0609 4000	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
16:01:51.0640 4000	amdide - ok
16:01:51.0921 4000	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:01:51.0983 4000	AmdK8 - ok
16:01:52.0139 4000	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:01:52.0217 4000	AmdPPM - ok
16:01:52.0389 4000	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
16:01:52.0420 4000	amdsata - ok
16:01:52.0607 4000	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:01:52.0654 4000	amdsbs - ok
16:01:52.0794 4000	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
16:01:52.0826 4000	amdxata - ok
16:01:53.0028 4000	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
16:01:53.0262 4000	AppID - ok
16:01:53.0481 4000	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:01:53.0528 4000	arc - ok
16:01:53.0606 4000	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:01:53.0637 4000	arcsas - ok
16:01:53.0824 4000	AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
16:01:53.0871 4000	AsUpIO - ok
16:01:54.0105 4000	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:01:54.0464 4000	AsyncMac - ok
16:01:54.0588 4000	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
16:01:54.0620 4000	atapi - ok
16:01:54.0744 4000	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
16:01:54.0869 4000	athr - ok
16:01:55.0056 4000	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
16:01:55.0088 4000	avgntflt - ok
16:01:55.0244 4000	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
16:01:55.0275 4000	avipbb - ok
16:01:55.0587 4000	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:01:55.0727 4000	b06bdrv - ok
16:01:55.0883 4000	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:01:55.0961 4000	b57nd60x - ok
16:01:56.0102 4000	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:01:56.0242 4000	Beep - ok
16:01:56.0741 4000	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:01:56.0804 4000	blbdrive - ok
16:01:57.0287 4000	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
16:01:57.0350 4000	bowser - ok
16:01:57.0599 4000	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:01:57.0740 4000	BrFiltLo - ok
16:01:58.0052 4000	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:01:58.0145 4000	BrFiltUp - ok
16:01:58.0488 4000	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:01:58.0644 4000	Brserid - ok
16:01:58.0832 4000	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:01:58.0910 4000	BrSerWdm - ok
16:01:59.0081 4000	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:01:59.0144 4000	BrUsbMdm - ok
16:01:59.0253 4000	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:01:59.0346 4000	BrUsbSer - ok
16:01:59.0612 4000	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
16:01:59.0970 4000	BthEnum - ok
16:02:00.0095 4000	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:02:00.0345 4000	BTHMODEM - ok
16:02:00.0501 4000	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:02:00.0735 4000	BthPan - ok
16:02:01.0125 4000	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
16:02:01.0515 4000	BTHPORT - ok
16:02:01.0718 4000	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
16:02:01.0796 4000	BTHUSB - ok
16:02:01.0998 4000	btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
16:02:02.0045 4000	btusbflt - ok
16:02:02.0154 4000	btwaudio - ok
16:02:02.0232 4000	btwavdt - ok
16:02:02.0295 4000	btwl2cap - ok
16:02:02.0435 4000	btwrchid - ok
16:02:02.0544 4000	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:02:02.0669 4000	cdfs - ok
16:02:02.0841 4000	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
16:02:02.0903 4000	cdrom - ok
16:02:03.0231 4000	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:02:03.0293 4000	circlass - ok
16:02:03.0543 4000	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:02:03.0652 4000	CLFS - ok
16:02:03.0902 4000	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:02:03.0948 4000	CmBatt - ok
16:02:04.0167 4000	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
16:02:04.0214 4000	cmdide - ok
16:02:04.0432 4000	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
16:02:04.0557 4000	CNG - ok
16:02:04.0791 4000	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:02:04.0822 4000	Compbatt - ok
16:02:05.0056 4000	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
16:02:05.0134 4000	CompositeBus - ok
16:02:05.0430 4000	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:02:05.0477 4000	crcdisk - ok
16:02:05.0805 4000	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
16:02:05.0930 4000	DfsC - ok
16:02:06.0117 4000	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:02:06.0195 4000	discache - ok
16:02:06.0413 4000	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:02:06.0444 4000	Disk - ok
16:02:06.0959 4000	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:02:07.0131 4000	drmkaud - ok
16:02:08.0769 4000	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
16:02:08.0862 4000	DXGKrnl - ok
16:02:09.0440 4000	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:02:09.0658 4000	ebdrv - ok
16:02:10.0001 4000	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:02:10.0064 4000	elxstor - ok
16:02:10.0266 4000	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
16:02:10.0344 4000	ErrDev - ok
16:02:10.0703 4000	ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
16:02:10.0937 4000	ewusbnet - ok
16:02:11.0124 4000	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:02:11.0296 4000	exfat - ok
16:02:11.0546 4000	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:02:11.0686 4000	fastfat - ok
16:02:11.0920 4000	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:02:11.0982 4000	fdc - ok
16:02:12.0107 4000	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:02:12.0154 4000	FileInfo - ok
16:02:12.0294 4000	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:02:12.0450 4000	Filetrace - ok
16:02:12.0778 4000	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:02:12.0840 4000	flpydisk - ok
16:02:13.0043 4000	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:02:13.0090 4000	FltMgr - ok
16:02:13.0324 4000	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:02:13.0371 4000	FsDepends - ok
16:02:13.0776 4000	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
16:02:13.0823 4000	fssfltr - ok
16:02:14.0026 4000	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
16:02:14.0057 4000	Fs_Rec - ok
16:02:14.0385 4000	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
16:02:14.0447 4000	fvevol - ok
16:02:14.0619 4000	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:02:14.0681 4000	gagp30kx - ok
16:02:14.0884 4000	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:02:14.0915 4000	GEARAspiWDM - ok
16:02:15.0243 4000	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:02:15.0430 4000	hcw85cir - ok
16:02:15.0836 4000	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
16:02:15.0992 4000	HdAudAddService - ok
16:02:16.0226 4000	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
16:02:16.0413 4000	HDAudBus - ok
16:02:16.0865 4000	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:02:16.0959 4000	HidBatt - ok
16:02:17.0271 4000	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:02:17.0364 4000	HidBth - ok
16:02:17.0598 4000	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:02:17.0708 4000	HidIr - ok
16:02:17.0864 4000	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
16:02:17.0942 4000	HidUsb - ok
16:02:18.0098 4000	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
16:02:18.0144 4000	HpSAMD - ok
16:02:18.0332 4000	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
16:02:18.0456 4000	HTTP - ok
16:02:18.0659 4000	hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
16:02:18.0768 4000	hwdatacard - ok
16:02:18.0956 4000	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
16:02:19.0002 4000	hwpolicy - ok
16:02:19.0205 4000	hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
16:02:19.0314 4000	hwusbdev - ok
16:02:19.0642 4000	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
16:02:19.0673 4000	i8042prt - ok
16:02:19.0985 4000	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
16:02:20.0016 4000	iaStor - ok
16:02:20.0328 4000	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
16:02:20.0375 4000	iaStorV - ok
16:02:21.0670 4000	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
16:02:21.0966 4000	igfx - ok
16:02:22.0247 4000	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:02:22.0278 4000	iirsp - ok
16:02:22.0731 4000	IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys
16:02:22.0965 4000	IntcAzAudAddService - ok
16:02:23.0292 4000	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
16:02:23.0324 4000	intelide - ok
16:02:23.0745 4000	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:02:23.0807 4000	intelppm - ok
16:02:24.0244 4000	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:02:24.0369 4000	IpFilterDriver - ok
16:02:24.0587 4000	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
16:02:24.0650 4000	IPMIDRV - ok
16:02:24.0728 4000	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:02:24.0806 4000	IPNAT - ok
16:02:24.0946 4000	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:02:25.0055 4000	IRENUM - ok
16:02:25.0196 4000	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
16:02:25.0227 4000	isapnp - ok
16:02:25.0664 4000	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
16:02:25.0726 4000	iScsiPrt - ok
16:02:25.0991 4000	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
16:02:26.0038 4000	kbdclass - ok
16:02:26.0256 4000	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
16:02:26.0319 4000	kbdhid - ok
16:02:26.0880 4000	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
16:02:26.0896 4000	kbfiltr - ok
16:02:27.0380 4000	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
16:02:27.0426 4000	KSecDD - ok
16:02:27.0863 4000	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
16:02:27.0910 4000	KSecPkg - ok
16:02:28.0643 4000	L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
16:02:28.0752 4000	L1C - ok
16:02:29.0018 4000	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:02:29.0111 4000	lltdio - ok
16:02:29.0501 4000	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:02:29.0548 4000	LSI_FC - ok
16:02:30.0063 4000	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:02:30.0110 4000	LSI_SAS - ok
16:02:30.0422 4000	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:02:30.0453 4000	LSI_SAS2 - ok
16:02:30.0749 4000	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:02:30.0812 4000	LSI_SCSI - ok
16:02:31.0061 4000	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:02:31.0186 4000	luafv - ok
16:02:31.0623 4000	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
16:02:31.0701 4000	MBAMProtector - ok
16:02:32.0902 4000	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:02:32.0933 4000	megasas - ok
16:02:33.0058 4000	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:02:33.0105 4000	MegaSR - ok
16:02:33.0432 4000	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:02:33.0526 4000	Modem - ok
16:02:33.0744 4000	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:02:33.0807 4000	monitor - ok
16:02:34.0010 4000	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
16:02:34.0041 4000	mouclass - ok
16:02:34.0275 4000	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:02:34.0353 4000	mouhid - ok
16:02:34.0431 4000	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
16:02:34.0462 4000	mountmgr - ok
16:02:34.0509 4000	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
16:02:34.0540 4000	mpio - ok
16:02:34.0790 4000	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:02:34.0883 4000	mpsdrv - ok
16:02:35.0164 4000	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
16:02:35.0289 4000	MRxDAV - ok
16:02:35.0507 4000	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
16:02:35.0585 4000	mrxsmb - ok
16:02:35.0929 4000	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:02:35.0975 4000	mrxsmb10 - ok
16:02:36.0256 4000	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:02:36.0319 4000	mrxsmb20 - ok
16:02:36.0381 4000	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
16:02:36.0412 4000	msahci - ok
16:02:36.0490 4000	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
16:02:36.0521 4000	msdsm - ok
16:02:36.0631 4000	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:02:36.0693 4000	Msfs - ok
16:02:36.0740 4000	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:02:36.0802 4000	mshidkmdf - ok
16:02:36.0865 4000	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
16:02:36.0896 4000	msisadrv - ok
16:02:37.0083 4000	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:02:37.0161 4000	MSKSSRV - ok
16:02:37.0192 4000	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:02:37.0270 4000	MSPCLOCK - ok
16:02:37.0317 4000	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:02:37.0395 4000	MSPQM - ok
16:02:37.0457 4000	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:02:37.0489 4000	MsRPC - ok
16:02:37.0551 4000	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
16:02:37.0582 4000	mssmbios - ok
16:02:37.0629 4000	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:02:37.0707 4000	MSTEE - ok
16:02:37.0910 4000	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:02:37.0972 4000	MTConfig - ok
16:02:38.0191 4000	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:02:38.0237 4000	Mup - ok
16:02:38.0393 4000	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:02:38.0456 4000	NativeWifiP - ok
16:02:38.0612 4000	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
16:02:38.0690 4000	NDIS - ok
16:02:38.0815 4000	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:02:38.0908 4000	NdisCap - ok
16:02:39.0017 4000	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:02:39.0095 4000	NdisTapi - ok
16:02:39.0236 4000	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
16:02:39.0361 4000	Ndisuio - ok
16:02:39.0407 4000	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
16:02:39.0485 4000	NdisWan - ok
16:02:39.0938 4000	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
16:02:40.0031 4000	NDProxy - ok
16:02:40.0187 4000	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:02:40.0328 4000	NetBIOS - ok
16:02:40.0390 4000	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
16:02:40.0515 4000	NetBT - ok
16:02:40.0749 4000	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:02:40.0780 4000	nfrd960 - ok
16:02:40.0874 4000	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:02:40.0952 4000	Npfs - ok
16:02:41.0139 4000	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:02:41.0248 4000	nsiproxy - ok
16:02:41.0451 4000	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
16:02:41.0560 4000	Ntfs - ok
16:02:41.0716 4000	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:02:41.0794 4000	Null - ok
16:02:41.0981 4000	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
16:02:42.0028 4000	nvraid - ok
16:02:42.0122 4000	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
16:02:42.0169 4000	nvstor - ok
16:02:42.0325 4000	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
16:02:42.0371 4000	nv_agp - ok
16:02:42.0449 4000	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
16:02:42.0512 4000	ohci1394 - ok
16:02:42.0652 4000	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:02:42.0699 4000	Parport - ok
16:02:42.0777 4000	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
16:02:42.0808 4000	partmgr - ok
16:02:42.0871 4000	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:02:42.0917 4000	Parvdm - ok
16:02:42.0980 4000	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
16:02:43.0011 4000	pci - ok
16:02:43.0089 4000	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
16:02:43.0120 4000	pciide - ok
16:02:43.0214 4000	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:02:43.0276 4000	pcmcia - ok
16:02:43.0417 4000	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:02:43.0448 4000	pcw - ok
16:02:43.0495 4000	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:02:43.0604 4000	PEAUTH - ok
16:02:43.0853 4000	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:02:43.0947 4000	PptpMiniport - ok
16:02:43.0994 4000	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:02:44.0025 4000	Processor - ok
16:02:44.0103 4000	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:02:44.0181 4000	Psched - ok
16:02:44.0368 4000	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:02:44.0509 4000	ql2300 - ok
16:02:44.0836 4000	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:02:44.0867 4000	ql40xx - ok
16:02:44.0945 4000	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:02:44.0977 4000	QWAVEdrv - ok
16:02:45.0023 4000	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:02:45.0101 4000	RasAcd - ok
16:02:45.0164 4000	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:02:45.0242 4000	RasAgileVpn - ok
16:02:45.0289 4000	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:02:45.0367 4000	Rasl2tp - ok
16:02:45.0413 4000	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:02:45.0491 4000	RasPppoe - ok
16:02:45.0554 4000	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:02:45.0647 4000	RasSstp - ok
16:02:45.0694 4000	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
16:02:45.0788 4000	rdbss - ok
16:02:45.0881 4000	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:02:45.0928 4000	rdpbus - ok
16:02:45.0991 4000	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
16:02:46.0069 4000	RDPCDD - ok
16:02:46.0115 4000	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:02:46.0209 4000	RDPENCDD - ok
16:02:46.0256 4000	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:02:46.0318 4000	RDPREFMP - ok
16:02:46.0381 4000	RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
16:02:46.0459 4000	RDPWD - ok
16:02:46.0537 4000	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
16:02:46.0583 4000	rdyboost - ok
16:02:46.0693 4000	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:02:46.0739 4000	RFCOMM - ok
16:02:46.0817 4000	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:02:46.0880 4000	rspndr - ok
16:02:46.0958 4000	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
16:02:46.0989 4000	sbp2port - ok
16:02:47.0051 4000	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
16:02:47.0114 4000	scfilter - ok
16:02:47.0223 4000	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:02:47.0301 4000	secdrv - ok
16:02:47.0348 4000	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:02:47.0395 4000	Serenum - ok
16:02:47.0441 4000	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:02:47.0488 4000	Serial - ok
16:02:47.0551 4000	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:02:47.0597 4000	sermouse - ok
16:02:47.0675 4000	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
16:02:47.0738 4000	sffdisk - ok
16:02:47.0769 4000	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
16:02:47.0816 4000	sffp_mmc - ok
16:02:47.0847 4000	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
16:02:47.0894 4000	sffp_sd - ok
16:02:47.0941 4000	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:02:47.0987 4000	sfloppy - ok
16:02:48.0081 4000	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
16:02:48.0128 4000	Sftfs - ok
16:02:48.0190 4000	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:02:48.0221 4000	Sftplay - ok
16:02:48.0253 4000	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:02:48.0284 4000	Sftredir - ok
16:02:48.0315 4000	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
16:02:48.0331 4000	Sftvol - ok
16:02:48.0440 4000	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
16:02:48.0471 4000	sisagp - ok
16:02:48.0518 4000	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:02:48.0549 4000	SiSRaid2 - ok
16:02:48.0596 4000	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:02:48.0627 4000	SiSRaid4 - ok
16:02:48.0674 4000	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:02:48.0752 4000	Smb - ok
16:02:48.0908 4000	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:02:48.0955 4000	spldr - ok
16:02:49.0048 4000	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
16:02:49.0111 4000	srv - ok
16:02:49.0235 4000	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
16:02:49.0313 4000	srv2 - ok
16:02:49.0376 4000	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
16:02:49.0423 4000	srvnet - ok
16:02:49.0485 4000	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
16:02:49.0501 4000	ssmdrv - ok
16:02:49.0594 4000	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:02:49.0625 4000	stexstor - ok
16:02:49.0688 4000	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
16:02:49.0703 4000	swenum - ok
16:02:49.0797 4000	SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
16:02:49.0844 4000	SynTP - ok
16:02:50.0031 4000	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
16:02:50.0171 4000	Tcpip - ok
16:02:50.0359 4000	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
16:02:50.0437 4000	TCPIP6 - ok
16:02:50.0499 4000	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
16:02:50.0577 4000	tcpipreg - ok
16:02:50.0639 4000	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
16:02:50.0717 4000	TDPIPE - ok
16:02:50.0764 4000	TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
16:02:50.0827 4000	TDTCP - ok
16:02:50.0889 4000	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
16:02:50.0951 4000	tdx - ok
16:02:51.0014 4000	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
16:02:51.0045 4000	TermDD - ok
16:02:51.0154 4000	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
16:02:51.0248 4000	tssecsrv - ok
16:02:51.0373 4000	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
16:02:51.0482 4000	TsUsbFlt - ok
16:02:51.0622 4000	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
16:02:51.0700 4000	tunnel - ok
16:02:51.0763 4000	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:02:51.0794 4000	uagp35 - ok
16:02:51.0856 4000	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
16:02:51.0934 4000	udfs - ok
16:02:52.0028 4000	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
16:02:52.0059 4000	uliagpkx - ok
16:02:52.0168 4000	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
16:02:52.0231 4000	umbus - ok
16:02:52.0293 4000	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:02:52.0340 4000	UmPass - ok
16:02:52.0387 4000	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
16:02:52.0433 4000	USBAAPL - ok
16:02:52.0480 4000	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
16:02:52.0558 4000	usbccgp - ok
16:02:52.0605 4000	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
16:02:52.0667 4000	usbcir - ok
16:02:52.0730 4000	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
16:02:52.0777 4000	usbehci - ok
16:02:52.0823 4000	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
16:02:52.0886 4000	usbhub - ok
16:02:52.0948 4000	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
16:02:52.0979 4000	usbohci - ok
16:02:53.0042 4000	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:02:53.0089 4000	usbprint - ok
16:02:53.0151 4000	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
16:02:53.0198 4000	usbscan - ok
16:02:53.0260 4000	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:02:53.0354 4000	USBSTOR - ok
16:02:53.0463 4000	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
16:02:53.0494 4000	usbuhci - ok
16:02:53.0572 4000	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
16:02:53.0650 4000	usbvideo - ok
16:02:53.0697 4000	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
16:02:53.0759 4000	usb_rndisx - ok
16:02:53.0853 4000	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
16:02:53.0900 4000	vdrvroot - ok
16:02:53.0947 4000	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:02:53.0993 4000	vga - ok
16:02:54.0040 4000	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:02:54.0118 4000	VgaSave - ok
16:02:54.0181 4000	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
16:02:54.0227 4000	vhdmp - ok
16:02:54.0305 4000	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
16:02:54.0337 4000	viaagp - ok
16:02:54.0399 4000	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:02:54.0446 4000	ViaC7 - ok
16:02:54.0508 4000	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
16:02:54.0539 4000	viaide - ok
16:02:54.0602 4000	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
16:02:54.0633 4000	volmgr - ok
16:02:54.0680 4000	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:02:54.0727 4000	volmgrx - ok
16:02:54.0789 4000	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
16:02:54.0836 4000	volsnap - ok
16:02:54.0976 4000	vpnva           (0d8df4058901616a4e716ab67d472581) C:\windows\system32\DRIVERS\vpnva.sys
16:02:55.0023 4000	vpnva - ok
16:02:55.0070 4000	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:02:55.0117 4000	vsmraid - ok
16:02:55.0163 4000	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:02:55.0210 4000	vwifibus - ok
16:02:55.0273 4000	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:02:55.0335 4000	vwififlt - ok
16:02:55.0491 4000	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
16:02:55.0569 4000	vwifimp - ok
16:02:55.0678 4000	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:02:55.0725 4000	WacomPen - ok
16:02:55.0850 4000	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:02:55.0943 4000	WANARP - ok
16:02:55.0959 4000	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:02:56.0021 4000	Wanarpv6 - ok
16:02:56.0115 4000	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:02:56.0146 4000	Wd - ok
16:02:56.0193 4000	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:02:56.0240 4000	Wdf01000 - ok
16:02:56.0349 4000	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:02:56.0427 4000	WfpLwf - ok
16:02:56.0458 4000	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:02:56.0474 4000	WIMMount - ok
16:02:56.0692 4000	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
16:02:56.0755 4000	WinUsb - ok
16:02:56.0801 4000	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
16:02:56.0848 4000	WmiAcpi - ok
16:02:57.0020 4000	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:02:57.0129 4000	ws2ifsl - ok
16:02:57.0207 4000	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
16:02:57.0254 4000	WSDPrintDevice - ok
16:02:57.0301 4000	WSDScan         (7dc0270cfd4a05b4112e3ebbf083b595) C:\windows\system32\DRIVERS\WSDScan.sys
16:02:57.0363 4000	WSDScan - ok
16:02:57.0441 4000	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
16:02:57.0503 4000	WudfPf - ok
16:02:57.0550 4000	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
16:02:57.0628 4000	WUDFRd - ok
16:02:57.0784 4000	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:02:58.0034 4000	\Device\Harddisk0\DR0 - ok
16:02:58.0049 4000	Boot (0x1200)   (4e06845f03673de167e19d7478a9eb30) \Device\Harddisk0\DR0\Partition0
16:02:58.0049 4000	\Device\Harddisk0\DR0\Partition0 - ok
16:02:58.0096 4000	Boot (0x1200)   (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1
16:02:58.0096 4000	\Device\Harddisk0\DR0\Partition1 - ok
16:02:58.0096 4000	============================================================
16:02:58.0096 4000	Scan finished
16:02:58.0096 4000	============================================================
16:02:58.0127 2192	Detected object count: 0

Soll ich denn mal im nrmalen Modus wieder gucken ob es geht?

cosinus · 27.02.2012, 20:59

Ja prüf den normalen Modus

Skorn · 27.02.2012, 21:38

Hey also derzeit geht es wieder hat jetzt seit 15 Min internet connection nicht mehr blockiert

VIELEN Dank! Soll ich noch irgendeinen Scan drüberlaufen lassen?

26.02.2012, 18:33	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows blockiert aus Sicherheitsgründen Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

26.02.2012, 21:27	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows blockiert aus Sicherheitsgründen Funktioniert der normale Modus wieder? __________________ --> Windows blockiert aus Sicherheitsgründen

27.02.2012, 20:59	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows blockiert aus Sicherheitsgründen Ja prüf den normalen Modus __________________ Logfiles bitte immer in CODE-Tags posten

Windows blockiert aus Sicherheitsgründen

Log-Analyse und Auswertung: Windows blockiert aus Sicherheitsgründen