Windows Security Center. Auch bei mir 100 Euro

Gambler01 · 15.03.2012, 21:05

Hallo, nun denn, dann reihe ich mich in den Reigen ein. Auch ich habe mir gestern Abend den Trojaner eingefangen. Zwar hat mein AV Programm noch kurz eine "mor.exe" als infiziert gemeldet, aber zu spät. Der Trojaner hatte schon die Kontrolle übernommen und die bekannte Seite des KBAs mit den entsprechenden Angaben und Forderungen (100 Euro) eingeblendet.

Auch ich habe bereits den OTL Scan durchgeführt und die beiden Dateien angehängt.

Ich hoffe ihr könnt mir weiterhelfen und das Teil wieder von meinem PC entfernen.

cosinus · 16.03.2012, 18:21

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Gambler01 · 16.03.2012, 22:11

OK. MBAM ist durch. Hier kommt der LOG. ESET werde ich dann starten und das Log später posten.

Code:

ATTFilter

 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.04

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Ulli :: ULLI-PC [Administrator]

16.03.2012 20:04:22
mbam-log-2012-03-16 (20-04-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 706321
Laufzeit: 1 Stunde(n), 40 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Data\SW_Sammlung\Tools\PantsOff_V2.03\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Games\Downloads\Gothic3\G3TuningUtility\G3TuningUtility.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Games\Downloads\TitanQuest\Trainer\chtnitrn.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Local\Temp\0.2650551077254636h7i.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Local\Temp\0.4960761479902942.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\74a0a427-25c53e79 (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2650551077254636h7i.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4960761479902942.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe das klappt mit dem "Code".

Gambler01 · 17.03.2012, 06:10

Hier ist der ESET-Log.

Code:

ATTFilter

 
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e11f39a74b0d3d48bd31dcc694f10d6a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-17 12:15:20
# local_time=2012-03-17 01:15:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 183097 106833587 175874 0
# compatibility_mode=5892 16776573 100 56 97477 169457329 0 0
# compatibility_mode=8192 67108863 100 0 3765 3765 0 0
# scanned=496532
# found=21
# cleaned=0
# scan_time=9896
C:\Users\Ulli\AppData\Local\Temp\jar_cache7619071857140877640.tmp	a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\vlcsetup.exe	a variant of Win32/Foxferi.A trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\NERO02000056\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\NERO1005266\unit_app_75\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\Local\Temp\plugtmp-11\plugin-pdf2.php	PDF/Exploit.Pidief.PGA.Gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\650a6ecc-29547fe5	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\b77f2d2-6c941a4c	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2578ccd9-65244fa1	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\82ff49a-6caf24ff	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1db9d5e-6080cf94	Java/Agent.DW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5b56fce1-41bd8792	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\20de4ee3-6015e6c4	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4cd19764-29631125	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1edd016a-28969184	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6b544dfb-2eb00bed	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4864fe7f-18e024d2	multiple threats (unable to clean)	00000000000000000000000000000000	I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero-9.4.12.3d_free.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero_BackItUp-4.2.16.0d_update.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero_BackItUpAndBurn-1.0.5_trial.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I

cosinus · 17.03.2012, 15:02

Funktioniert der nromale Modus wieder?

Gambler01 · 17.03.2012, 15:13

Hallo,

habe gerade gebootet im Normalmode. Sowie es aussieht bin ich wieder Herr im Hause. Keiner will Geld von mir. Meine Taskleiste zeigt auch wieder alles an, der Taskmanager lässt sich starten und bleibt auch offen, was er vorher nicht getan hat. Der Windows Updater hat sich auch schon gemeldet. Avira Antivir hat sein Update durchgeführt.

So weit so gut. War´s das ?

Gruß,

Ulli

cosinus · 17.03.2012, 15:51

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Gambler01 · 17.03.2012, 16:50

Hier ist der OTL CustomScan Log. Ziemlich lang. Ich hoffe ichhabe nichts falsch gemacht.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.03.2012 16:08:51 - Run 2
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Ulli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,51% Memory free
8,19 Gb Paging File | 6,55 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 91,93 Gb Free Space | 30,84% Space Free | Partition Type: NTFS
Drive D: | 18,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 732,42 Gb Total Space | 695,23 Gb Free Space | 94,92% Space Free | Partition Type: NTFS
Drive F: | 664,84 Gb Total Space | 622,87 Gb Free Space | 93,69% Space Free | Partition Type: NTFS
 
Computer Name: ULLI-PC | User Name: Ulli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
PRC - [2012.03.13 21:42:50 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.06 21:55:18 | 000,704,512 | ---- | M] () -- C:\Program Files (x86)\LXiMediaCenter\lximcbackend.exe
PRC - [2011.07.02 10:30:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 18:53:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010.11.09 18:01:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.10.07 22:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2008.10.07 22:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2008.05.22 15:32:34 | 001,286,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe
PRC - [2008.05.14 17:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
PRC - [2008.05.09 13:45:18 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008.04.24 07:57:54 | 000,614,912 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.13 21:42:49 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.04.29 17:46:49 | 007,083,168 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008.07.17 13:32:58 | 000,144,896 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008.05.14 17:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
MOD - [2008.05.09 13:45:18 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2008.04.24 07:57:54 | 000,614,912 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
MOD - [2008.04.15 09:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2008.02.25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2008.01.17 09:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\cpuutil.dll
MOD - [2007.01.03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2006.06.09 14:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
MOD - [2006.01.10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005.06.22 10:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\PowerDll.dll
MOD - [2005.05.11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2007.10.19 04:10:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.06 21:55:18 | 000,704,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LXiMediaCenter\lximcbackend.exe -- (LXiMediaCenter Backend)
SRV - [2011.07.02 10:30:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 18:53:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 23:41:00 | 003,670,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.05.03 13:54:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.05.22 15:32:34 | 001,286,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe -- (57xx SteelVine Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.18 15:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.01.18 15:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.07.02 10:30:41 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 10:30:41 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.17 00:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.05.05 18:42:19 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.05.05 18:42:18 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.12.18 22:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.10.08 00:22:36 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008.10.08 00:22:30 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008.10.08 00:22:28 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008.10.08 00:22:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008.10.08 00:22:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008.10.08 00:22:22 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008.10.08 00:22:18 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008.10.08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008.10.08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008.10.08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008.10.08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008.10.08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008.10.08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008.07.22 09:02:26 | 000,175,656 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008.03.20 01:44:34 | 000,467,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 C9 E5 D2 DB CB C9 01  [binary data]
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.losstarten.de/"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.13 21:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.14 19:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 22:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\firejump@firejump.net
 
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.02 18:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions
[2011.12.08 19:45:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.01.19 22:19:15 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.01.17 22:07:48 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009.05.03 14:20:30 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2011.10.01 18:22:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.03.02 18:20:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.05.03 14:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions
[2009.05.03 14:19:35 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009.05.03 14:12:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.02 21:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions
[2011.12.09 09:29:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.01.20 21:42:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.01.18 19:26:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.10.09 17:43:05 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.03.02 21:43:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.23 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.17 16:28:35 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2009.07.05 09:31:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.13 21:42:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.23 13:26:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.23 13:26:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.23 13:26:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.23 13:26:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2007.01.08 13:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.12.23 13:26:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.23 13:26:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cobian Backup 10] C:\Program Files (x86)\Cobian Backup 10\Cobian.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Drive Xpert] C:\Program Files (x86)\ASUS\Drive Xpert\DriveXpert.exe (Silicon Image, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Kalender] C:\Program Files (x86)\Kalender_UK\Kalender.exe (Ulrich Krebs)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5A88A0-2873-401A-B18B-00E5AE6F6E81}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.16 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.16 22:27:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ulli\Desktop\esetsmartinstaller_enu.exe
[2012.03.16 22:27:03 | 002,322,184 | ---- | C] (ESET) -- C:\esetsmartinstaller_enu.exe
[2012.03.16 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Malwarebytes
[2012.03.16 20:01:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.16 19:59:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.15 20:46:17 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
[2012.03.15 20:44:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012.03.15 20:18:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ulli\Desktop\dds.com
[2012.03.15 20:17:46 | 000,607,260 | ---- | C] (Swearware) -- C:\dds.com
[2012.03.13 22:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.03.13 22:23:02 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.13 22:23:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.02.19 21:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LXiMediaCenter
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 15:04:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 15:04:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 15:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 09:04:13 | 000,001,356 | ---- | M] () -- C:\Users\Ulli\AppData\Local\d3d9caps.dat
[2012.03.16 20:01:19 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 19:59:40 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.16 19:13:56 | 000,256,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.15 20:37:37 | 000,086,528 | ---- | M] () -- C:\Users\Ulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.15 20:16:54 | 000,000,000 | ---- | M] () -- C:\Users\Ulli\defogger_reenable
[2012.03.14 21:59:49 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:59:49 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:59:49 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:54:48 | 000,000,128 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012.03.12 19:40:48 | 000,639,176 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.12 19:40:48 | 000,604,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.12 19:40:48 | 000,108,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.12 19:40:47 | 001,474,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.12 19:40:47 | 000,131,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 01:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.01 01:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.01 01:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 13:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.16 20:01:19 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 20:16:54 | 000,000,000 | ---- | C] () -- C:\Users\Ulli\defogger_reenable
[2012.03.15 20:16:00 | 000,050,477 | ---- | C] () -- C:\Users\Ulli\Desktop\Defogger.exe
[2012.03.15 20:15:09 | 000,050,477 | ---- | C] () -- C:\Defogger.exe
[2012.03.14 21:23:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2012.03.13 22:23:00 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.19 21:28:02 | 000,001,878 | ---- | C] () -- C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LXiMediaCenter Frontend.lnk
[2011.03.14 20:57:14 | 000,000,092 | ---- | C] () -- C:\Users\Ulli\AppData\Local\fusioncache.dat
[2011.03.14 20:53:31 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 20:30:50 | 000,001,356 | ---- | C] () -- C:\Users\Ulli\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.02.05 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Canon
[2009.05.11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FOG Downloader
[2012.02.12 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FreeCommander
[2009.05.05 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Games
[2011.08.05 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\gtk-2.0
[2011.08.14 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2012.02.05 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\KeePass
[2010.06.18 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Leadertech
[2010.01.17 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\metaspinner net GmbH
[2010.08.27 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NCH Swift Sound
[2009.05.04 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\OpenOffice.org
[2010.10.11 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PFStaticIP
[2009.05.05 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\ProtectDisc
[2009.05.05 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\The Games Company
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Thunderbird
[2011.01.14 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Timerle
[2009.05.03 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TMP
[2012.02.09 08:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TS3Client
[2009.05.09 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TwoWorldsCP
[2012.03.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\UK's Kalender
[2012.02.09 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\uTorrent
[2012.03.14 21:59:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.28 13:25:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Adobe
[2009.05.03 09:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Ahead
[2010.11.09 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Avira
[2011.02.05 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Canon
[2009.05.11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FOG Downloader
[2012.02.12 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FreeCommander
[2009.05.05 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Games
[2011.01.03 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Google
[2011.08.05 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\gtk-2.0
[2009.05.02 19:57:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Identities
[2010.02.25 07:32:30 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IGN_DLM
[2009.05.03 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\InstallShield
[2011.08.14 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2012.02.05 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\KeePass
[2010.06.18 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Leadertech
[2009.05.03 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Macromedia
[2012.03.16 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Media Center Programs
[2010.01.17 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\metaspinner net GmbH
[2012.03.08 22:14:20 | 000,000,000 | --SD | M] -- C:\Users\Ulli\AppData\Roaming\Microsoft
[2011.03.17 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Mozilla
[2010.08.27 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NCH Swift Sound
[2009.09.12 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Nero
[2012.02.05 00:09:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NVIDIA
[2009.05.04 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\OpenOffice.org
[2010.10.11 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PFStaticIP
[2009.05.05 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\ProtectDisc
[2009.05.03 22:20:39 | 000,000,000 | RH-D | M] -- C:\Users\Ulli\AppData\Roaming\SecuROM
[2010.02.05 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Talkback
[2010.01.04 16:24:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\teamspeak2
[2009.05.05 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\The Games Company
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Thunderbird
[2011.01.14 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Timerle
[2009.05.03 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TMP
[2012.02.09 08:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TS3Client
[2009.05.09 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TwoWorldsCP
[2012.03.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\UK's Kalender
[2012.02.09 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\uTorrent
[2011.10.17 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\vlc
[2012.03.12 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2009.05.09 16:09:13 | 000,165,888 | R--- | M] () -- C:\Users\Ulli\AppData\Roaming\Microsoft\Installer\{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}\IconC202CEA6.exe
[2008.04.15 13:04:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\chrome\preispiraten.exe
[2008.04.15 13:09:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\chrome\preispiraten.exe
[2008.04.15 13:04:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\chrome\preispiraten.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.02.23 16:26:25 | 000,050,477 | ---- | M] () -- C:\Defogger.exe
[2011.02.23 14:26:46 | 002,322,184 | ---- | M] (ESET) -- C:\esetsmartinstaller_enu.exe
[2012.03.16 19:59:40 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

--- --- ---

[/code]

Gruß,

Ulli

cosinus · 19.03.2012, 15:04

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.ht
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 C9 E5 D2 DB CB C9 01  [binary data]
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = http://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
[2009.05.03 14:20:30 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2009.05.03 14:12:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.09 17:43:05 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2010.01.17 16:28:35 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2009.07.05 09:31:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007.01.08 13:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gambler01 · 19.03.2012, 20:24

Mmh. Das wurde jetzt etwas seltsam beendet. Am unteren Rand von OTL waren immer wieder grüne Fortschrittsbalken zu sehen. Irgendwann kam die (Windows-)Meldung das OTL nicht mehr funktioniert und beendet wird. Ich würde benachrichtigt werden wenn eine Lösung bereitstünde. Eine Bestätigung der Meldung hat OTL dann auch beendet. Beim Neutstart von OTL hat sich dann das Log unten geöffnet. Das Verzeichnis _OTL existiert und enthält auch einige Verzeichnisse unter "Moved_Files". Ein Reboot des PCs hat nicht stattgefunden.

Code:

ATTFilter

 
Files\Folders moved on Reboot...
File move failed. C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL scheduled to be moved on reboot.
File\Folder C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found!

Registry entries deleted on Reboot...

Gruß

Ulli

cosinus · 20.03.2012, 16:06

Wiederhol den Fix im abgesicherten Modus bitte

Gambler01 · 20.03.2012, 19:39

Sehr schön. Jetzt ist durchgelaufen. Reboot wurde angefordert und durchgeführt (bin wieder im abgesicherten Mode).
Hier das Log:

Code:

ATTFilter

 
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47F43F50-68E2-4F28-B949-26EE0EC9C505}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\ not found.
Folder C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Folder C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
File C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
File C:\Program Files (x86)\Winamp\winampa.exe not found.
Registry value HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
File D:\.\Bin\Assetup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Ulli
->Temp folder emptied: 2655 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 3923955 bytes
->FireFox cache emptied: 107580769 bytes
->Flash cache emptied: 118846 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
User: UpdatusUser.Ulli-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1165412452 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.220,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.0 log created on 03202012_193250

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Gruß

Ulli

cosinus · 21.03.2012, 14:32

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Gambler01 · 21.03.2012, 19:11

Hallo,

hier der Log von tdsskiller:

Code:

ATTFilter

19:07:42.0892 3224	TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
19:07:43.0095 3224	============================================================
19:07:43.0095 3224	Current date / time: 2012/03/21 19:07:43.0095
19:07:43.0095 3224	SystemInfo:
19:07:43.0095 3224	
19:07:43.0095 3224	OS Version: 6.0.6002 ServicePack: 2.0
19:07:43.0095 3224	Product type: Workstation
19:07:43.0095 3224	ComputerName: ULLI-PC
19:07:43.0095 3224	UserName: Ulli
19:07:43.0095 3224	Windows directory: C:\Windows
19:07:43.0095 3224	System windows directory: C:\Windows
19:07:43.0095 3224	Running under WOW64
19:07:43.0095 3224	Processor architecture: Intel x64
19:07:43.0095 3224	Number of processors: 4
19:07:43.0095 3224	Page size: 0x1000
19:07:43.0095 3224	Boot type: Normal boot
19:07:43.0095 3224	============================================================
19:07:43.0906 3224	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:43.0937 3224	Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:43.0937 3224	\Device\Harddisk0\DR0:
19:07:43.0937 3224	MBR used
19:07:43.0937 3224	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
19:07:43.0937 3224	\Device\Harddisk1\DR1:
19:07:43.0937 3224	MBR used
19:07:43.0937 3224	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5B8D8000
19:07:43.0937 3224	\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5B8D8800, BlocksNum 0x531AE000
19:07:44.0062 3224	Initialize success
19:07:44.0062 3224	============================================================
19:08:35.0012 3004	============================================================
19:08:35.0012 3004	Scan started
19:08:35.0012 3004	Mode: Manual; SigCheck; TDLFS; 
19:08:35.0012 3004	============================================================
19:08:35.0807 3004	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:08:35.0885 3004	ACPI - ok
19:08:35.0932 3004	ADIHdAudAddService (4a30fa79f8253134d398251db614e3c9) C:\Windows\system32\drivers\ADIHdAud.sys
19:08:35.0994 3004	ADIHdAudAddService - ok
19:08:36.0057 3004	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:08:36.0072 3004	adp94xx - ok
19:08:36.0182 3004	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:08:36.0197 3004	adpahci - ok
19:08:36.0213 3004	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:08:36.0228 3004	adpu160m - ok
19:08:36.0244 3004	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:08:36.0260 3004	adpu320 - ok
19:08:36.0322 3004	AFD             (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:08:36.0431 3004	AFD - ok
19:08:36.0478 3004	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:08:36.0478 3004	agp440 - ok
19:08:36.0525 3004	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:08:36.0525 3004	aic78xx - ok
19:08:36.0556 3004	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:08:36.0556 3004	aliide - ok
19:08:36.0572 3004	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:08:36.0587 3004	amdide - ok
19:08:36.0603 3004	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:08:36.0759 3004	AmdK8 - ok
19:08:36.0806 3004	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:08:36.0821 3004	arc - ok
19:08:36.0852 3004	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:08:36.0852 3004	arcsas - ok
19:08:36.0868 3004	AsIO - ok
19:08:36.0915 3004	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:36.0946 3004	AsyncMac - ok
19:08:36.0993 3004	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:08:37.0008 3004	atapi - ok
19:08:37.0071 3004	atksgt          (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
19:08:37.0102 3004	atksgt - ok
19:08:37.0149 3004	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
19:08:37.0149 3004	avgntflt - ok
19:08:37.0196 3004	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
19:08:37.0211 3004	avipbb - ok
19:08:37.0242 3004	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:08:37.0289 3004	blbdrive - ok
19:08:37.0352 3004	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:08:37.0414 3004	bowser - ok
19:08:37.0445 3004	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:08:37.0523 3004	BrFiltLo - ok
19:08:37.0554 3004	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:08:37.0570 3004	BrFiltUp - ok
19:08:37.0601 3004	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:08:37.0742 3004	Brserid - ok
19:08:37.0757 3004	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:08:37.0820 3004	BrSerWdm - ok
19:08:37.0835 3004	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:08:37.0898 3004	BrUsbMdm - ok
19:08:37.0913 3004	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:08:37.0960 3004	BrUsbSer - ok
19:08:37.0991 3004	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:08:38.0038 3004	BTHMODEM - ok
19:08:38.0085 3004	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:08:38.0116 3004	cdfs - ok
19:08:38.0178 3004	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:08:38.0225 3004	cdrom - ok
19:08:38.0256 3004	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:08:38.0303 3004	circlass - ok
19:08:38.0381 3004	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:08:38.0412 3004	CLFS - ok
19:08:38.0444 3004	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:08:38.0459 3004	cmdide - ok
19:08:38.0506 3004	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:08:38.0522 3004	Compbatt - ok
19:08:38.0553 3004	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:08:38.0568 3004	crcdisk - ok
19:08:38.0631 3004	CT20XUT         (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS
19:08:38.0662 3004	CT20XUT - ok
19:08:38.0818 3004	CT20XUT.SYS     (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS
19:08:38.0818 3004	CT20XUT.SYS - ok
19:08:38.0849 3004	ctac32k         (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys
19:08:38.0865 3004	ctac32k - ok
19:08:38.0896 3004	ctaud2k         (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys
19:08:38.0912 3004	ctaud2k - ok
19:08:38.0943 3004	CTEXFIFX        (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS
19:08:38.0990 3004	CTEXFIFX - ok
19:08:39.0005 3004	CTEXFIFX.SYS    (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS
19:08:39.0036 3004	CTEXFIFX.SYS - ok
19:08:39.0068 3004	CTHWIUT         (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS
19:08:39.0068 3004	CTHWIUT - ok
19:08:39.0099 3004	CTHWIUT.SYS     (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS
19:08:39.0099 3004	CTHWIUT.SYS - ok
19:08:39.0114 3004	ctprxy2k        (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys
19:08:39.0114 3004	ctprxy2k - ok
19:08:39.0130 3004	ctsfm2k         (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys
19:08:39.0130 3004	ctsfm2k - ok
19:08:39.0208 3004	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:08:39.0239 3004	DfsC - ok
19:08:39.0302 3004	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:08:39.0317 3004	disk - ok
19:08:39.0348 3004	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:08:39.0411 3004	drmkaud - ok
19:08:39.0536 3004	dump_wmimmc - ok
19:08:39.0598 3004	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:08:39.0629 3004	DXGKrnl - ok
19:08:39.0692 3004	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:08:39.0723 3004	E1G60 - ok
19:08:39.0801 3004	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:08:39.0801 3004	Ecache - ok
19:08:39.0832 3004	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:08:39.0848 3004	elxstor - ok
19:08:39.0926 3004	emupia          (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys
19:08:39.0941 3004	emupia - ok
19:08:39.0957 3004	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:08:39.0988 3004	ErrDev - ok
19:08:40.0050 3004	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:08:40.0082 3004	exfat - ok
19:08:40.0144 3004	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:08:40.0222 3004	fastfat - ok
19:08:40.0238 3004	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:08:40.0269 3004	fdc - ok
19:08:40.0284 3004	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:08:40.0284 3004	FileInfo - ok
19:08:40.0316 3004	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:08:40.0347 3004	Filetrace - ok
19:08:40.0362 3004	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:40.0394 3004	flpydisk - ok
19:08:40.0440 3004	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:08:40.0456 3004	FltMgr - ok
19:08:40.0472 3004	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:08:40.0534 3004	Fs_Rec - ok
19:08:40.0550 3004	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:08:40.0565 3004	gagp30kx - ok
19:08:40.0612 3004	ha20x2k         (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys
19:08:40.0643 3004	ha20x2k - ok
19:08:40.0737 3004	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:08:40.0815 3004	HdAudAddService - ok
19:08:40.0877 3004	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:40.0955 3004	HDAudBus - ok
19:08:40.0986 3004	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:08:41.0049 3004	HidBth - ok
19:08:41.0080 3004	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:08:41.0142 3004	HidIr - ok
19:08:41.0205 3004	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:08:41.0236 3004	HidUsb - ok
19:08:41.0283 3004	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:08:41.0283 3004	HpCISSs - ok
19:08:41.0376 3004	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:08:41.0423 3004	HTTP - ok
19:08:41.0486 3004	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:08:41.0486 3004	i2omp - ok
19:08:41.0532 3004	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:41.0579 3004	i8042prt - ok
19:08:41.0595 3004	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:08:41.0610 3004	iaStorV - ok
19:08:41.0642 3004	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:08:41.0642 3004	iirsp - ok
19:08:41.0688 3004	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:08:41.0688 3004	intelide - ok
19:08:41.0704 3004	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:08:41.0735 3004	intelppm - ok
19:08:41.0782 3004	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:41.0813 3004	IpFilterDriver - ok
19:08:41.0829 3004	IpInIp - ok
19:08:41.0844 3004	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:08:41.0891 3004	IPMIDRV - ok
19:08:41.0907 3004	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:08:41.0954 3004	IPNAT - ok
19:08:41.0969 3004	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:08:42.0016 3004	IRENUM - ok
19:08:42.0047 3004	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:08:42.0063 3004	isapnp - ok
19:08:42.0125 3004	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:08:42.0141 3004	iScsiPrt - ok
19:08:42.0141 3004	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:08:42.0156 3004	iteatapi - ok
19:08:42.0172 3004	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:08:42.0172 3004	iteraid - ok
19:08:42.0188 3004	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:42.0188 3004	kbdclass - ok
19:08:42.0250 3004	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:42.0266 3004	kbdhid - ok
19:08:42.0328 3004	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:08:42.0359 3004	KSecDD - ok
19:08:42.0390 3004	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:08:42.0437 3004	ksthunk - ok
19:08:42.0515 3004	L8042Kbd        (c44f9121831f90b0e5385d786591b480) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:08:42.0531 3004	L8042Kbd - ok
19:08:42.0562 3004	LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:08:42.0562 3004	LHidFilt - ok
19:08:42.0609 3004	lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
19:08:42.0609 3004	lirsgt - ok
19:08:42.0640 3004	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:08:42.0671 3004	lltdio - ok
19:08:42.0687 3004	LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:08:42.0702 3004	LMouFilt - ok
19:08:42.0718 3004	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:08:42.0718 3004	LSI_FC - ok
19:08:42.0749 3004	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:08:42.0749 3004	LSI_SAS - ok
19:08:42.0780 3004	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:08:42.0796 3004	LSI_SCSI - ok
19:08:42.0812 3004	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:08:42.0843 3004	luafv - ok
19:08:42.0905 3004	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:08:42.0905 3004	megasas - ok
19:08:42.0968 3004	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:08:42.0983 3004	MegaSR - ok
19:08:43.0030 3004	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:08:43.0092 3004	Modem - ok
19:08:43.0124 3004	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:08:43.0170 3004	monitor - ok
19:08:43.0202 3004	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:08:43.0202 3004	mouclass - ok
19:08:43.0217 3004	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:43.0264 3004	mouhid - ok
19:08:43.0264 3004	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:08:43.0280 3004	MountMgr - ok
19:08:43.0311 3004	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:08:43.0311 3004	mpio - ok
19:08:43.0342 3004	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:08:43.0373 3004	mpsdrv - ok
19:08:43.0389 3004	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:08:43.0389 3004	Mraid35x - ok
19:08:43.0451 3004	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:08:43.0482 3004	MRxDAV - ok
19:08:43.0529 3004	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:43.0560 3004	mrxsmb - ok
19:08:43.0623 3004	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:43.0654 3004	mrxsmb10 - ok
19:08:43.0670 3004	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:43.0670 3004	mrxsmb20 - ok
19:08:43.0701 3004	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:08:43.0701 3004	msahci - ok
19:08:43.0732 3004	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:08:43.0748 3004	msdsm - ok
19:08:43.0779 3004	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:08:43.0810 3004	Msfs - ok
19:08:43.0857 3004	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:08:43.0857 3004	msisadrv - ok
19:08:43.0888 3004	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:43.0919 3004	MSKSSRV - ok
19:08:43.0950 3004	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:43.0966 3004	MSPCLOCK - ok
19:08:43.0997 3004	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:08:44.0028 3004	MSPQM - ok
19:08:44.0106 3004	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:08:44.0106 3004	MsRPC - ok
19:08:44.0122 3004	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:44.0122 3004	mssmbios - ok
19:08:44.0138 3004	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:08:44.0184 3004	MSTEE - ok
19:08:44.0247 3004	MTsensor        (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
19:08:44.0247 3004	MTsensor - ok
19:08:44.0262 3004	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:08:44.0262 3004	Mup - ok
19:08:44.0325 3004	mv61xx          (ddde02cf363d4a202df6b82777ee5f45) C:\Windows\system32\DRIVERS\mv61xx.sys
19:08:44.0325 3004	mv61xx - ok
19:08:44.0403 3004	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:44.0418 3004	NativeWifiP - ok
19:08:44.0496 3004	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:08:44.0543 3004	NDIS - ok
19:08:44.0559 3004	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:44.0574 3004	NdisTapi - ok
19:08:44.0637 3004	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:44.0684 3004	Ndisuio - ok
19:08:44.0746 3004	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:44.0777 3004	NdisWan - ok
19:08:44.0793 3004	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:08:44.0840 3004	NDProxy - ok
19:08:44.0840 3004	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:08:44.0902 3004	NetBIOS - ok
19:08:44.0949 3004	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:08:44.0980 3004	netbt - ok
19:08:45.0011 3004	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:08:45.0027 3004	nfrd960 - ok
19:08:45.0074 3004	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:08:45.0105 3004	Npfs - ok
19:08:45.0120 3004	NPPTNT2 - ok
19:08:45.0136 3004	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:08:45.0167 3004	nsiproxy - ok
19:08:45.0245 3004	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:08:45.0276 3004	Ntfs - ok
19:08:45.0292 3004	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:08:45.0323 3004	Null - ok
19:08:45.0604 3004	nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:46.0041 3004	nvlddmkm - ok
19:08:46.0181 3004	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:08:46.0197 3004	nvraid - ok
19:08:46.0244 3004	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:08:46.0244 3004	nvstor - ok
19:08:46.0322 3004	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:08:46.0337 3004	nv_agp - ok
19:08:46.0337 3004	NwlnkFlt - ok
19:08:46.0337 3004	NwlnkFwd - ok
19:08:46.0400 3004	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:46.0431 3004	ohci1394 - ok
19:08:46.0493 3004	ossrv           (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys
19:08:46.0509 3004	ossrv - ok
19:08:46.0524 3004	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:08:46.0571 3004	Parport - ok
19:08:46.0634 3004	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:08:46.0634 3004	partmgr - ok
19:08:46.0649 3004	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:08:46.0665 3004	pci - ok
19:08:46.0696 3004	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:08:46.0696 3004	pciide - ok
19:08:46.0712 3004	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:08:46.0727 3004	pcmcia - ok
19:08:46.0758 3004	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:08:46.0899 3004	PEAUTH - ok
19:08:46.0977 3004	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:47.0008 3004	PptpMiniport - ok
19:08:47.0039 3004	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:08:47.0086 3004	Processor - ok
19:08:47.0164 3004	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:08:47.0180 3004	PSched - ok
19:08:47.0242 3004	PSI             (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
19:08:47.0242 3004	PSI - ok
19:08:47.0273 3004	pwdrvio         (ff40216a382b30cc39372b889ae1f785) C:\Windows\system32\pwdrvio.sys
19:08:47.0289 3004	pwdrvio - ok
19:08:47.0320 3004	pwdspio         (bd08a9cdf23502b1c141d52d9d6a6648) C:\Windows\system32\pwdspio.sys
19:08:47.0336 3004	pwdspio - ok
19:08:47.0382 3004	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:08:47.0414 3004	ql2300 - ok
19:08:47.0507 3004	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:08:47.0523 3004	ql40xx - ok
19:08:47.0538 3004	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:08:47.0585 3004	QWAVEdrv - ok
19:08:47.0616 3004	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:47.0648 3004	RasAcd - ok
19:08:47.0726 3004	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:47.0772 3004	Rasl2tp - ok
19:08:47.0804 3004	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:47.0835 3004	RasPppoe - ok
19:08:47.0882 3004	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:47.0882 3004	RasSstp - ok
19:08:47.0944 3004	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:47.0975 3004	rdbss - ok
19:08:48.0006 3004	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:48.0022 3004	RDPCDD - ok
19:08:48.0053 3004	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:08:48.0084 3004	rdpdr - ok
19:08:48.0100 3004	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:08:48.0147 3004	RDPENCDD - ok
19:08:48.0209 3004	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:08:48.0240 3004	RDPWD - ok
19:08:48.0287 3004	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:48.0318 3004	rspndr - ok
19:08:48.0396 3004	SANDRA          (993380d8f17822a3c91efb71ea238ce1) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x64\Sandra.sys
19:08:48.0396 3004	SANDRA - ok
19:08:48.0443 3004	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:08:48.0443 3004	sbp2port - ok
19:08:48.0474 3004	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:08:48.0506 3004	secdrv - ok
19:08:48.0552 3004	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:08:48.0599 3004	Serenum - ok
19:08:48.0630 3004	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:08:48.0662 3004	Serial - ok
19:08:48.0693 3004	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:08:48.0740 3004	sermouse - ok
19:08:48.0755 3004	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:08:48.0802 3004	sffdisk - ok
19:08:48.0802 3004	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:08:48.0849 3004	sffp_mmc - ok
19:08:48.0989 3004	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:08:49.0067 3004	sffp_sd - ok
19:08:49.0098 3004	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:08:49.0130 3004	sfloppy - ok
19:08:49.0161 3004	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:08:49.0161 3004	SiSRaid2 - ok
19:08:49.0192 3004	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:08:49.0208 3004	SiSRaid4 - ok
19:08:49.0270 3004	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:08:49.0301 3004	Smb - ok
19:08:49.0348 3004	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:08:49.0364 3004	spldr - ok
19:08:49.0442 3004	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:08:49.0520 3004	srv - ok
19:08:49.0582 3004	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:08:49.0598 3004	srv2 - ok
19:08:49.0598 3004	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:08:49.0629 3004	srvnet - ok
19:08:49.0660 3004	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:08:49.0676 3004	swenum - ok
19:08:49.0691 3004	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:08:49.0707 3004	Symc8xx - ok
19:08:49.0738 3004	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:08:49.0738 3004	Sym_hi - ok
19:08:49.0769 3004	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:08:49.0769 3004	Sym_u3 - ok
19:08:49.0878 3004	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:08:49.0910 3004	Tcpip - ok
19:08:49.0941 3004	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:08:50.0081 3004	Tcpip6 - ok
19:08:50.0128 3004	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:08:50.0159 3004	tcpipreg - ok
19:08:50.0190 3004	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:08:50.0222 3004	TDPIPE - ok
19:08:50.0284 3004	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:08:50.0315 3004	TDTCP - ok
19:08:50.0378 3004	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:08:50.0409 3004	tdx - ok
19:08:50.0471 3004	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:08:50.0471 3004	TermDD - ok
19:08:50.0502 3004	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:50.0534 3004	tssecsrv - ok
19:08:50.0580 3004	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:08:50.0612 3004	tunmp - ok
19:08:50.0705 3004	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:08:50.0736 3004	tunnel - ok
19:08:50.0752 3004	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:08:50.0752 3004	uagp35 - ok
19:08:50.0783 3004	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:08:50.0799 3004	udfs - ok
19:08:50.0830 3004	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:08:50.0830 3004	uliagpkx - ok
19:08:50.0877 3004	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:08:50.0892 3004	uliahci - ok
19:08:50.0924 3004	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:08:50.0924 3004	UlSata - ok
19:08:50.0955 3004	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:08:50.0970 3004	ulsata2 - ok
19:08:50.0986 3004	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:08:51.0017 3004	umbus - ok
19:08:51.0095 3004	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:51.0142 3004	usbccgp - ok
19:08:51.0173 3004	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:08:51.0220 3004	usbcir - ok
19:08:51.0298 3004	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:08:51.0329 3004	usbehci - ok
19:08:51.0345 3004	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:08:51.0376 3004	usbhub - ok
19:08:51.0407 3004	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:08:51.0470 3004	usbohci - ok
19:08:51.0485 3004	usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:08:51.0548 3004	usbprint - ok
19:08:51.0610 3004	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:51.0641 3004	USBSTOR - ok
19:08:51.0672 3004	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:08:51.0704 3004	usbuhci - ok
19:08:51.0735 3004	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:51.0782 3004	vga - ok
19:08:51.0797 3004	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:08:51.0813 3004	VgaSave - ok
19:08:51.0844 3004	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:08:51.0844 3004	viaide - ok
19:08:51.0906 3004	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:08:51.0906 3004	volmgr - ok
19:08:52.0000 3004	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:08:52.0016 3004	volmgrx - ok
19:08:52.0062 3004	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:08:52.0062 3004	volsnap - ok
19:08:52.0094 3004	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:08:52.0109 3004	vsmraid - ok
19:08:52.0140 3004	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:08:52.0187 3004	WacomPen - ok
19:08:52.0234 3004	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:52.0281 3004	Wanarp - ok
19:08:52.0281 3004	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:52.0296 3004	Wanarpv6 - ok
19:08:52.0328 3004	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:08:52.0343 3004	Wd - ok
19:08:52.0374 3004	WDC_SAM         (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:08:52.0406 3004	WDC_SAM - ok
19:08:52.0452 3004	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:08:52.0484 3004	Wdf01000 - ok
19:08:52.0515 3004	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:08:52.0562 3004	WmiAcpi - ok
19:08:52.0671 3004	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:08:52.0733 3004	WpdUsb - ok
19:08:52.0764 3004	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:08:52.0796 3004	ws2ifsl - ok
19:08:52.0874 3004	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:52.0889 3004	WUDFRd - ok
19:08:52.0967 3004	yukonx64        (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
19:08:52.0998 3004	yukonx64 - ok
19:08:53.0030 3004	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:08:53.0139 3004	\Device\Harddisk0\DR0 - ok
19:08:53.0170 3004	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:08:53.0279 3004	\Device\Harddisk1\DR1 - ok
19:08:53.0279 3004	Boot (0x1200)   (4a573ce1140577f909eec5f18b0506be) \Device\Harddisk0\DR0\Partition0
19:08:53.0279 3004	\Device\Harddisk0\DR0\Partition0 - ok
19:08:53.0310 3004	Boot (0x1200)   (c8211d6c9818ae40b125b477fc44c6b7) \Device\Harddisk1\DR1\Partition0
19:08:53.0310 3004	\Device\Harddisk1\DR1\Partition0 - ok
19:08:53.0342 3004	Boot (0x1200)   (c398672e6239de0fe5823f057a4ea5c8) \Device\Harddisk1\DR1\Partition1
19:08:53.0342 3004	\Device\Harddisk1\DR1\Partition1 - ok
19:08:53.0342 3004	============================================================
19:08:53.0342 3004	Scan finished
19:08:53.0342 3004	============================================================
19:08:53.0342 3740	Detected object count: 0
19:08:53.0342 3740	Actual detected object count: 0

Gruß,

Ulli

cosinus · 22.03.2012, 11:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

17.03.2012, 15:02	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Security Center. Auch bei mir 100 Euro Funktioniert der nromale Modus wieder? __________________ Logfiles bitte immer in CODE-Tags posten

20.03.2012, 16:06	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Security Center. Auch bei mir 100 Euro Wiederhol den Fix im abgesicherten Modus bitte __________________ Logfiles bitte immer in CODE-Tags posten

Windows Security Center. Auch bei mir 100 Euro

Log-Analyse und Auswertung: Windows Security Center. Auch bei mir 100 Euro