Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Security Center: Computer gesperrt! Virus, Trojaner ? (https://www.trojaner-board.de/109234-windows-security-center-computer-gesperrt-virus-trojaner.html)

creatix 06.02.2012 17:31
Windows Security Center: Computer gesperrt! Virus, Trojaner ?
 
Hallo,
als ich mich heute mittels Gastaccount einloggte, wurde plötzlich der Bildschirm weiß und ich bekam eine offensichtlich gefakte Meldung vom Windows Security Center. Ich solle 100 € bezahlen, ansonsten würden meine Daten gelöscht werden. Dies konnte ich weder schließen noch umgehen, deshalb habe ich auf der suche nach einer Lösung dieses Forum gefunden und ich hoffe ihr könnt mir helfen. Ich habe den OTL scan mittels eines anderen Account durchgeführt (ich hoffe das funktioniert auch), der seltsamer weise nicht betroffen ist. Ich hoffe ihr könnt mir helfen.

OTL Extras logfile created on: 06.02.2012 17:16:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

8,00 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 74,85% Memory free
15,99 Gb Paging File | 14,04 Gb Available in Paging File | 87,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 655,38 Gb Free Space | 71,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive E: | 5,01 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 100,00 Mb Total Space | 71,82 Mb Free Space | 71,82% Space Free | Partition Type: NTFS

Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"Fraps" = Fraps (remove only)
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"OnLive" = OnLive
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Steam App 113400" = APB Reloaded
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 99700" = NightSky
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05.02.2012 09:29:53 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8018

Error - 05.02.2012 09:29:54 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8018

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9016

Error - 05.02.2012 09:29:55 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9016

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10015

Error - 05.02.2012 09:29:56 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10015

[ System Events ]
Error - 29.11.2011 09:56:35 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 29.11.2011 17:56:57 | Computer Name = creatix-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"G:" können nicht gelesen werden.

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =

Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053


< End of report >

cosinus 06.02.2012 20:28
Mit dem anderen Konto ist das suboptimal, weil der u.U. nicht alle Pfade mitscannt, die vom betroffenen User sind.
Funktioniert der betroffene User noch im abgesicherten Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

creatix 06.02.2012 20:54
Wenn ich versuche das Gast Konto im Abgesicherten Modus zu starten bekomme ich folgende Meldung:

Es konnte keine Verbindung mit dem Dienst "Sens" hergestellt werden.

cosinus 06.02.2012 20:58
Log dich mit dem Admin-User ein. Wenn der im normalen Modus funktioniert, dann kannst es auch da machen.

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

creatix 07.02.2012 06:43
Das scannen durch Malwarebytes hat 2 Trojaner gefunden die jetzt beide entfernt sind, was scheinbar das Problem gelöst hat. Ich werde Eset nochmal zur sicherheit durchlaufen lassen aber ich denke das Problem ist beseitigt.

Vielen Dank für die schnelle und kompetente Hilfe!

creatix 07.02.2012 18:01
Hier nochmal die Ergebnisse von ESET

Code:
ETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0a1e15d9e9b0ea4c9cbc24e336d1cce6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 04:45:48
# local_time=2012-02-07 05:45:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 178074 65125577 50671 0
# compatibility_mode=5893 16776574 100 94 40130 80999385 0 0
# compatibility_mode=8192 67108863 100 0 34701 34701 0 0
# scanned=461841
# found=7
# cleaned=0
# scan_time=39434
C:\Users\creatix\AppData\Local\Temp\ICReinstall\cnet_OrbitDownloaderSetup_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\creatix\AppData\Local\Temp\is1598539481\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\creatix\Downloads\cnet_OrbitDownloaderSetup_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Gast.creatix-PC\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\2c4810be-71d25570        a variant of Java/Exploit.CVE-2011-3544.AK trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows.old\Documents and Settings\cr3at1x\Downloads\VeohWebPlayerSetup_eng.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
C:\Windows.old\Program Files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I
C:\Windows.old\Users\cr3at1x\Downloads\VeohWebPlayerSetup_eng.exe        Win32/Toolbar.Zugo application (unable to clean)        00000000000000000000000000000000        I

cosinus 07.02.2012 20:23
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

creatix 09.02.2012 06:56
Ich habe jetzt 2 mal den Scan durchgeführt und bekomme beim Schritt 'Manual File Scan - Getting folder structure' immer folgende Meldung:

Out of memory.

cosinus 09.02.2012 15:42
Dann probier es so, auch dab den Haken bei Scanne alle Benutzer setzen!

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

creatix 09.02.2012 22:09
OTL Logfile:
Code:
OTL Extras logfile created on: 09.02.2012 21:33:34 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,43% Memory free
15,99 Gb Paging File | 13,84 Gb Available in Paging File | 86,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 653,63 Gb Free Space | 71,79% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,81% Space Free | Partition Type: NTFS
 
Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}" = Epson Event Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series Useg" = Benutzerhandbuch EPSON SX130 Series
"ESET Online Scanner" = ESET Online Scanner v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"OnLive" = OnLive
"Orbit_is1" = Orbit Downloader
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"Steam App 113400" = APB Reloaded
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 99700" = NightSky
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2012 18:24:08 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12028
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026
 
Error - 06.02.2012 18:24:09 | Computer Name = creatix-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error - 07.02.2012 01:44:28 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 07.02.2012 01:44:29 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 07.02.2012 01:44:31 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 08.02.2012 17:27:25 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 08.02.2012 17:28:42 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 09.02.2012 13:37:55 | Computer Name = creatix-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
[ System Events ]
Error - 29.11.2011 09:56:35 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 29.11.2011 17:56:57 | Computer Name = creatix-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "G:" können nicht gelesen werden.
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.12.2011 13:40:58 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 07.12.2011 13:40:59 | Computer Name = creatix-PC | Source = DCOM | ID = 10016
Description =
 
Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 08.12.2011 06:19:02 | Computer Name = creatix-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 09.02.2012 21:33:34 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\creatix\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,43% Memory free
15,99 Gb Paging File | 13,84 Gb Available in Paging File | 86,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 910,41 Gb Total Space | 653,63 Gb Free Space | 71,79% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,02 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,81 Mb Free Space | 71,81% Space Free | Partition Type: NTFS
 
Computer Name: CREATIX-PC | User Name: creatix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\creatix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_04) EPSON V5 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) EPSON V3 Service4(04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 5E 83 D7 38 84 CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D7 23 A0 26 6E CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.04 13:18:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.08 14:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\creatix\AppData\Roaming\mozilla\Extensions
[2011.10.06 16:01:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\creatix\AppData\Roaming\mozilla\Firefox\Profiles\lr8zugrf.default\extensions
[2011.11.11 22:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.04 13:18:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 15:56:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:56:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:56:40 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:56:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 15:56:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:56:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_S31DA.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\creatix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Gast.creatix-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D208CFA5-2EB0-4D57-9733-83F3ADFA250D}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E0A44877-3CE7-4502-BCDB-36B5D69B54C2}
[2012.02.09 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{24A3F7F8-26A0-4B4C-B477-1AB959C2B6EA}
[2012.02.07 06:40:27 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{7145AF6F-FE08-4A92-93AB-A50007658286}
[2012.02.07 06:40:15 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{B445F6EB-B404-4E98-8390-81B2737DB6AA}
[2012.02.06 22:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.06 22:09:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 21:05:24 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\Malwarebytes
[2012.02.06 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 21:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 21:05:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.06 21:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.06 17:14:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\creatix\Desktop\OTL.exe
[2012.02.06 17:02:55 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{94218428-21FA-4D81-A335-117EABF1B8D3}
[2012.02.06 17:02:44 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{2E4A4A28-FACE-4BCB-B6DB-D908F1B4FA86}
[2012.02.06 13:31:20 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{D15C47E5-596D-4A86-AE32-991A1BA9FA75}
[2012.02.05 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{6384F5CA-D395-4814-83BA-C1387916B221}
[2012.02.03 13:14:25 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{43B528F8-C1AA-489F-9214-B2B75494475B}
[2012.02.01 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{53614C15-BEE5-4BBA-A47A-FFE59D2ADA85}
[2012.01.31 09:45:28 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{D69C39CC-9629-4C1A-866A-3BF220F06CC7}
[2012.01.30 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{677320F3-8C63-443F-A9E6-51F29D233746}
[2012.01.28 08:58:41 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.01.28 08:58:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.01.28 08:55:25 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{100B3DED-5F91-4FFA-BF3F-870F9729BC6B}
[2012.01.25 18:42:06 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.25 18:42:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.25 18:42:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.25 18:42:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.25 18:42:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.25 18:42:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.24 15:57:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{7954B0DF-B1BE-486A-8FCE-B627B0DAAC37}
[2012.01.22 09:01:01 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{2859FF77-2C7F-4941-B251-47C7BEB6AD63}
[2012.01.21 09:18:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E9FC332F-2E8E-4536-AC9C-71921624AA45}
[2012.01.20 12:49:46 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{F7581ED9-DE0E-4F60-8265-C57F150ECF61}
[2012.01.20 12:49:33 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{E069E557-0C0E-4205-BBC7-312E7F6F4BA6}
[2012.01.19 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{4AD5F416-8DBC-4A69-9D6B-42BB01AEA4FB}
[2012.01.19 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{229152C4-869D-4BDC-AD92-896AD1441029}
[2012.01.18 21:41:50 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{4AA8ECF3-257E-404B-B474-F8C32AB08351}
[2012.01.18 21:41:39 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{52B7B41F-02C9-4914-A2AF-384359D86A47}
[2012.01.18 21:24:23 | 000,000,000 | ---D | C] -- C:\Users\creatix\Desktop\Videos
[2012.01.18 21:01:42 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32qt.exe
[2012.01.18 21:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.18 21:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012.01.18 21:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.18 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Orb
[2012.01.18 21:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Myst Masterpiece Edition
[2012.01.18 21:01:14 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012.01.18 19:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012.01.18 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\SplitMediaLabs
[2012.01.17 15:28:58 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{FE07F29C-5CEE-4FF6-BFB8-FA96ED2AA74E}
[2012.01.16 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{33C952C1-9C82-4FA1-8926-C66CD687B30D}
[2012.01.15 09:24:30 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{1838372E-AE0E-476B-B9DB-575D1D8AB2AC}
[2012.01.13 13:12:31 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{C130B20E-4A35-47F7-B1F2-B95A76173613}
[2012.01.13 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{57A29237-650A-49BD-AC82-9B4FCB5F8787}
[2012.01.12 15:04:35 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{12471B52-F1CE-42FD-B04C-A1013E190DFD}
[2012.01.11 14:18:43 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{B780772C-EC75-4053-B197-62B7D176BA22}
[2012.01.11 14:18:32 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Local\{63C312D0-3DF9-4A15-89CF-1E90548A3428}
[2012.01.11 13:48:57 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.11 13:48:57 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.11 13:48:56 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.11 13:48:55 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.11 13:48:52 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.11 13:48:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.11 13:48:50 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.11 13:48:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.11 13:48:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.10 21:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.01.10 21:44:02 | 000,739,472 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20O.ocx
[2012.01.10 21:44:02 | 000,208,896 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbPrinter.dll
[2012.01.10 21:44:02 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012.01.10 21:44:02 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012.01.10 21:44:02 | 000,122,880 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbNet.dll
[2012.01.10 21:44:02 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012.01.10 21:44:02 | 000,000,000 | ---D | C] -- C:\Users\creatix\AppData\Roaming\cbuenger
[2012.01.10 21:44:01 | 000,065,536 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBXML.dll
[2012.01.10 21:44:01 | 000,057,344 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbSysHTrck.dll
[2012.01.10 21:44:01 | 000,053,248 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbvCalendar.dll
[2012.01.10 21:44:01 | 000,040,960 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBDTPicker.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 21:09:10 | 001,898,823 | ---- | M] () -- C:\Users\creatix\Desktop\2012-02-09_21.09.09.png
[2012.02.09 13:55:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 13:55:18 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 13:51:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.09 13:51:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.09 13:51:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.09 13:51:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.09 13:51:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.09 13:47:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 13:47:27 | 2146,148,351 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.06 22:09:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\creatix\Desktop\esetsmartinstaller_enu.exe
[2012.02.06 21:05:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.06 17:14:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\creatix\Desktop\OTL.exe
[2012.01.18 21:02:09 | 000,001,237 | ---- | M] () -- C:\Users\creatix\Desktop\Myst Masterpiece Edition.lnk
[2012.01.18 21:01:41 | 000,000,278 | ---- | M] () -- C:\Windows\SysWow64\QuickTime.qtp
[2012.01.18 21:01:38 | 000,001,049 | ---- | M] () -- C:\Users\creatix\Desktop\QuickTime Player.lnk
[2012.01.13 18:48:51 | 000,004,143 | ---- | M] () -- C:\Users\creatix\.recently-used.xbel
[2012.01.11 07:51:12 | 000,294,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.09 21:11:37 | 001,898,823 | ---- | C] () -- C:\Users\creatix\Desktop\2012-02-09_21.09.09.png
[2012.02.06 21:05:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.18 21:02:09 | 000,001,237 | ---- | C] () -- C:\Users\creatix\Desktop\Myst Masterpiece Edition.lnk
[2012.01.18 21:01:39 | 000,000,278 | ---- | C] () -- C:\Windows\SysWow64\QuickTime.qtp
[2012.01.18 21:01:38 | 000,001,049 | ---- | C] () -- C:\Users\creatix\Desktop\QuickTime Player.lnk
[2012.01.13 18:48:51 | 000,004,143 | ---- | C] () -- C:\Users\creatix\.recently-used.xbel
[2012.01.10 21:44:01 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2011.12.17 17:38:51 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.17 17:38:49 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.09 18:25:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
--- --- ---

cosinus 10.02.2012 12:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 5E 83 D7 38 84 CC 01  [binary data]
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 D7 23 A0 26 6E CC 01  [binary data]
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1645258259-1736602693-395471261-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\Users\creatix\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

creatix 10.02.2012 19:41
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1645258259-1736602693-395471261-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1645258259-1736602693-395471261-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Users\creatix\AppData\Local\{00943E21-B826-4A52-86E5-79A9E81BFC3A} folder moved successfully.
C:\Users\creatix\AppData\Local\{00A804F6-B591-4EC1-8F09-E4BB90A6E972} folder moved successfully.
C:\Users\creatix\AppData\Local\{05110ABF-D326-434E-8199-875A4A6F357D} folder moved successfully.
C:\Users\creatix\AppData\Local\{06D2E189-F18E-4E8B-ABD5-E0E291FA07E7} folder moved successfully.
C:\Users\creatix\AppData\Local\{08E56057-096F-496B-A00C-67693F4BEEAC} folder moved successfully.
C:\Users\creatix\AppData\Local\{08F23992-444E-4798-8FC7-296E28366BC5} folder moved successfully.
C:\Users\creatix\AppData\Local\{0C65E1F9-951E-4150-B4AE-F99901975643} folder moved successfully.
C:\Users\creatix\AppData\Local\{100B3DED-5F91-4FFA-BF3F-870F9729BC6B} folder moved successfully.
C:\Users\creatix\AppData\Local\{12471B52-F1CE-42FD-B04C-A1013E190DFD} folder moved successfully.
C:\Users\creatix\AppData\Local\{14173185-6532-4B1C-9D14-DCB8C90ACE8B} folder moved successfully.
C:\Users\creatix\AppData\Local\{1502C102-0350-4B9B-A8A9-60ED26412299} folder moved successfully.
C:\Users\creatix\AppData\Local\{1707D541-D508-486E-A999-2628F9D3A912} folder moved successfully.
C:\Users\creatix\AppData\Local\{1838372E-AE0E-476B-B9DB-575D1D8AB2AC} folder moved successfully.
C:\Users\creatix\AppData\Local\{1AFE00B7-322D-413E-A660-150D895F8741} folder moved successfully.
C:\Users\creatix\AppData\Local\{1AFE4B32-74B7-4844-92E3-A2C145CBEB03} folder moved successfully.
C:\Users\creatix\AppData\Local\{2060B1B9-1CAD-48F4-9159-314CB5F8D769} folder moved successfully.
C:\Users\creatix\AppData\Local\{20E66BDB-2688-42F5-8B59-494478E1ECFE} folder moved successfully.
C:\Users\creatix\AppData\Local\{229152C4-869D-4BDC-AD92-896AD1441029} folder moved successfully.
C:\Users\creatix\AppData\Local\{22F7DF6E-A818-4795-914D-9E0134C5B5DB} folder moved successfully.
C:\Users\creatix\AppData\Local\{2320793E-1B6B-4D52-B4E1-B6B88BD6BFEF} folder moved successfully.
C:\Users\creatix\AppData\Local\{24A3F7F8-26A0-4B4C-B477-1AB959C2B6EA} folder moved successfully.
C:\Users\creatix\AppData\Local\{264060EA-C28E-4A65-9ABB-26E7698FF2B3} folder moved successfully.
C:\Users\creatix\AppData\Local\{2859FF77-2C7F-4941-B251-47C7BEB6AD63} folder moved successfully.
C:\Users\creatix\AppData\Local\{2887D3B0-01B6-4A4C-A6C4-D62BCA1BD424} folder moved successfully.
C:\Users\creatix\AppData\Local\{2E4A4A28-FACE-4BCB-B6DB-D908F1B4FA86} folder moved successfully.
C:\Users\creatix\AppData\Local\{33C952C1-9C82-4FA1-8926-C66CD687B30D} folder moved successfully.
C:\Users\creatix\AppData\Local\{3FAA1BD5-183A-4BE6-9CC2-5EE9396A8C71} folder moved successfully.
C:\Users\creatix\AppData\Local\{400A3A20-9D3C-4E6C-883B-2CE99E418B68} folder moved successfully.
C:\Users\creatix\AppData\Local\{411C523E-E152-49E1-809A-59604AA15F39} folder moved successfully.
C:\Users\creatix\AppData\Local\{41C5068E-AD53-438C-A399-72C8C0D24CED} folder moved successfully.
C:\Users\creatix\AppData\Local\{43B528F8-C1AA-489F-9214-B2B75494475B} folder moved successfully.
C:\Users\creatix\AppData\Local\{4AA8ECF3-257E-404B-B474-F8C32AB08351} folder moved successfully.
C:\Users\creatix\AppData\Local\{4AD5F416-8DBC-4A69-9D6B-42BB01AEA4FB} folder moved successfully.
C:\Users\creatix\AppData\Local\{4B599F98-5518-4393-8402-A2DFE929824D} folder moved successfully.
C:\Users\creatix\AppData\Local\{4E83DA14-8393-4ECE-BE83-26DE7D037D1F} folder moved successfully.
C:\Users\creatix\AppData\Local\{52B7B41F-02C9-4914-A2AF-384359D86A47} folder moved successfully.
C:\Users\creatix\AppData\Local\{53614C15-BEE5-4BBA-A47A-FFE59D2ADA85} folder moved successfully.
C:\Users\creatix\AppData\Local\{553208F1-DF2D-480F-BB96-C609C36641D8} folder moved successfully.
C:\Users\creatix\AppData\Local\{57A29237-650A-49BD-AC82-9B4FCB5F8787} folder moved successfully.
C:\Users\creatix\AppData\Local\{59FCFB98-7348-4311-8364-1BF582F895A9} folder moved successfully.
C:\Users\creatix\AppData\Local\{61162087-97A2-41F5-8254-6D4CE23D7626} folder moved successfully.
C:\Users\creatix\AppData\Local\{6384F5CA-D395-4814-83BA-C1387916B221} folder moved successfully.
C:\Users\creatix\AppData\Local\{63C312D0-3DF9-4A15-89CF-1E90548A3428} folder moved successfully.
C:\Users\creatix\AppData\Local\{677320F3-8C63-443F-A9E6-51F29D233746} folder moved successfully.
C:\Users\creatix\AppData\Local\{68E35570-A169-4147-AC39-9C920B6DAA1D} folder moved successfully.
C:\Users\creatix\AppData\Local\{6C232157-D69F-42F3-BE68-E9C34288E7C7} folder moved successfully.
C:\Users\creatix\AppData\Local\{6E3E7ADD-D588-4209-89DF-9B6FB3F4FF4F} folder moved successfully.
C:\Users\creatix\AppData\Local\{701C028C-95F7-41F8-9B92-D917CB05B9C4} folder moved successfully.
C:\Users\creatix\AppData\Local\{701D45E3-6A5F-42B2-96A8-1B7627DE31C5} folder moved successfully.
C:\Users\creatix\AppData\Local\{707DCDE3-52BB-4DF5-8CAC-C28264EC43F3} folder moved successfully.
C:\Users\creatix\AppData\Local\{708EE532-B455-41FF-A0F4-A2CEBD86FB52} folder moved successfully.
C:\Users\creatix\AppData\Local\{70CE039C-77A0-4728-BFAA-E53193E023EA} folder moved successfully.
C:\Users\creatix\AppData\Local\{7145AF6F-FE08-4A92-93AB-A50007658286} folder moved successfully.
C:\Users\creatix\AppData\Local\{72B73A08-C6F9-4638-B72B-45FD084B5139} folder moved successfully.
C:\Users\creatix\AppData\Local\{76A53B54-32C2-45C9-8ADE-AA3617029A49} folder moved successfully.
C:\Users\creatix\AppData\Local\{77012282-04EB-45B4-A948-6F7CC36DC633} folder moved successfully.
C:\Users\creatix\AppData\Local\{789C5B03-C455-4559-9599-5673B0184DEF} folder moved successfully.
C:\Users\creatix\AppData\Local\{7954B0DF-B1BE-486A-8FCE-B627B0DAAC37} folder moved successfully.
C:\Users\creatix\AppData\Local\{7969BE10-82EE-43E4-849F-ABE590A9C51A} folder moved successfully.
C:\Users\creatix\AppData\Local\{7A33A178-1C72-4422-B1BD-F069B6F9058D} folder moved successfully.
C:\Users\creatix\AppData\Local\{800C24AF-BEF5-4473-BFE0-07659601FB19} folder moved successfully.
C:\Users\creatix\AppData\Local\{837EC0E9-E86C-48F5-8109-6F864DB85FBB} folder moved successfully.
C:\Users\creatix\AppData\Local\{87CF4678-C132-4891-9BA1-B6AC8C37F718} folder moved successfully.
C:\Users\creatix\AppData\Local\{8DB1F2E9-25DF-4D93-8E91-8207A31BA0D4} folder moved successfully.
C:\Users\creatix\AppData\Local\{939B84F8-A6AB-430E-9343-5BA1CA9361D2} folder moved successfully.
C:\Users\creatix\AppData\Local\{94218428-21FA-4D81-A335-117EABF1B8D3} folder moved successfully.
C:\Users\creatix\AppData\Local\{948F2BCC-C1C5-4139-98BE-A576CABF4183} folder moved successfully.
C:\Users\creatix\AppData\Local\{96093BB8-4EDC-4F19-BFFE-17F770DA4B36} folder moved successfully.
C:\Users\creatix\AppData\Local\{9690E473-E520-4CF6-BBB0-0E87ECD22517} folder moved successfully.
C:\Users\creatix\AppData\Local\{9AF7B16A-4DAC-4A10-838D-B8BF4B304750} folder moved successfully.
C:\Users\creatix\AppData\Local\{9C154220-ABF8-4801-A9BF-FB9BDE69FF5F} folder moved successfully.
C:\Users\creatix\AppData\Local\{9CC6CBBA-AFCB-43AB-B746-FE98257EDFAF} folder moved successfully.
C:\Users\creatix\AppData\Local\{A40E1950-AF86-4D2E-8512-57140A627DA8} folder moved successfully.
C:\Users\creatix\AppData\Local\{A664D67B-C7CD-44D1-9607-D8615EC3B870} folder moved successfully.
C:\Users\creatix\AppData\Local\{AAA7576E-5937-407B-9494-6A17FB18A45D} folder moved successfully.
C:\Users\creatix\AppData\Local\{B3124EB2-2DDA-436B-B04B-CBA41969806A} folder moved successfully.
C:\Users\creatix\AppData\Local\{B445F6EB-B404-4E98-8390-81B2737DB6AA} folder moved successfully.
C:\Users\creatix\AppData\Local\{B459A776-F37C-4D8F-83CF-B5D83CB3BB86} folder moved successfully.
C:\Users\creatix\AppData\Local\{B5B9ED1D-B10F-4204-A0AA-BF027A13AED9} folder moved successfully.
C:\Users\creatix\AppData\Local\{B780772C-EC75-4053-B197-62B7D176BA22} folder moved successfully.
C:\Users\creatix\AppData\Local\{BD6F83DA-CE58-411D-A16A-CDEAC847B267} folder moved successfully.
C:\Users\creatix\AppData\Local\{C130B20E-4A35-47F7-B1F2-B95A76173613} folder moved successfully.
C:\Users\creatix\AppData\Local\{C97AF713-322F-43EF-9005-5A89CA27BF99} folder moved successfully.
C:\Users\creatix\AppData\Local\{D15C47E5-596D-4A86-AE32-991A1BA9FA75} folder moved successfully.
C:\Users\creatix\AppData\Local\{D69C39CC-9629-4C1A-866A-3BF220F06CC7} folder moved successfully.
C:\Users\creatix\AppData\Local\{D8742108-FCCE-4395-AAE1-FD6347075D39} folder moved successfully.
C:\Users\creatix\AppData\Local\{D8B7D6EF-FF6A-4F78-8FFA-9260376CE7C2} folder moved successfully.
C:\Users\creatix\AppData\Local\{DCF9D9FC-2CE9-46FB-BB5C-84BB90D190C4} folder moved successfully.
C:\Users\creatix\AppData\Local\{E069E557-0C0E-4205-BBC7-312E7F6F4BA6} folder moved successfully.
C:\Users\creatix\AppData\Local\{E0A44877-3CE7-4502-BCDB-36B5D69B54C2} folder moved successfully.
C:\Users\creatix\AppData\Local\{E100FF7B-53C1-46C5-9074-FA65DDD1EC7F} folder moved successfully.
C:\Users\creatix\AppData\Local\{E1A1B7C8-8802-404C-93ED-BFC550C24A1B} folder moved successfully.
C:\Users\creatix\AppData\Local\{E6947D0B-600A-469F-B9A2-9EFF1A258D5D} folder moved successfully.
C:\Users\creatix\AppData\Local\{E9FC332F-2E8E-4536-AC9C-71921624AA45} folder moved successfully.
C:\Users\creatix\AppData\Local\{EEB7D3C9-7423-4C5B-8606-16D645AA5B94} folder moved successfully.
C:\Users\creatix\AppData\Local\{F7581ED9-DE0E-4F60-8265-C57F150ECF61} folder moved successfully.
C:\Users\creatix\AppData\Local\{F8896CFE-3E2F-4518-808A-816CC81CEC4E} folder moved successfully.
C:\Users\creatix\AppData\Local\{F9B20F96-55E8-4DAA-B83A-4746D103A756} folder moved successfully.
C:\Users\creatix\AppData\Local\{FE07F29C-5CEE-4FF6-BFB8-FA96ED2AA74E} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: creatix
->Temp folder emptied: 499612473 bytes
->Temporary Internet Files folder emptied: 79258553 bytes
->Java cache emptied: 1734890 bytes
->FireFox cache emptied: 1151229248 bytes
->Flash cache emptied: 81184 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gaeste
->Temp folder emptied: 784109 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 10437 bytes
->FireFox cache emptied: 745943298 bytes
->Flash cache emptied: 1713 bytes
 
User: Gast
->Temp folder emptied: 34279508 bytes
->Temporary Internet Files folder emptied: 279208 bytes
->FireFox cache emptied: 35941650 bytes
->Flash cache emptied: 765 bytes
 
User: Gast.creatix-PC
->Temp folder emptied: 60180769 bytes
->Temporary Internet Files folder emptied: 2098459 bytes
->Java cache emptied: 49601856 bytes
->FireFox cache emptied: 476725551 bytes
->Flash cache emptied: 47716 bytes
 
User: Mcx1-CREATIX-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 181973 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 246975146 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.228,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02102012_192400

Files\Folders moved on Reboot...
C:\Users\creatix\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 10.02.2012 20:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

creatix 11.02.2012 08:13
Code:
08:11:14.0083 4100        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57
08:11:14.0240 4100        ============================================================
08:11:14.0240 4100        Current date / time: 2012/02/11 08:11:14.0240
08:11:14.0240 4100        SystemInfo:
08:11:14.0240 4100       
08:11:14.0240 4100        OS Version: 6.1.7600 ServicePack: 0.0
08:11:14.0240 4100        Product type: Workstation
08:11:14.0240 4100        ComputerName: CREATIX-PC
08:11:14.0241 4100        UserName: creatix
08:11:14.0241 4100        Windows directory: C:\Windows
08:11:14.0241 4100        System windows directory: C:\Windows
08:11:14.0241 4100        Running under WOW64
08:11:14.0241 4100        Processor architecture: Intel x64
08:11:14.0241 4100        Number of processors: 4
08:11:14.0241 4100        Page size: 0x1000
08:11:14.0241 4100        Boot type: Normal boot
08:11:14.0241 4100        ============================================================
08:11:15.0385 4100        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:11:15.0408 4100        \Device\Harddisk0\DR0:
08:11:15.0408 4100        MBR used
08:11:15.0408 4100        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:11:15.0408 4100        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
08:11:15.0408 4100        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
08:11:15.0528 4100        Initialize success
08:11:15.0528 4100        ============================================================
08:11:43.0732 2168        ============================================================
08:11:43.0732 2168        Scan started
08:11:43.0732 2168        Mode: Manual; SigCheck; TDLFS;
08:11:43.0732 2168        ============================================================
08:11:44.0500 2168        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
08:11:44.0647 2168        1394ohci - ok
08:11:44.0692 2168        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
08:11:44.0720 2168        ACPI - ok
08:11:44.0741 2168        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
08:11:44.0811 2168        AcpiPmi - ok
08:11:44.0862 2168        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:11:44.0917 2168        adp94xx - ok
08:11:44.0946 2168        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:11:44.0971 2168        adpahci - ok
08:11:44.0994 2168        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:11:45.0025 2168        adpu320 - ok
08:11:45.0092 2168        AFD            (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
08:11:45.0156 2168        AFD - ok
08:11:45.0176 2168        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
08:11:45.0204 2168        agp440 - ok
08:11:45.0251 2168        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
08:11:45.0275 2168        aliide - ok
08:11:45.0289 2168        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
08:11:45.0312 2168        amdide - ok
08:11:45.0335 2168        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:11:45.0387 2168        AmdK8 - ok
08:11:45.0415 2168        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:11:45.0452 2168        AmdPPM - ok
08:11:45.0491 2168        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
08:11:45.0520 2168        amdsata - ok
08:11:45.0544 2168        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:11:45.0576 2168        amdsbs - ok
08:11:45.0600 2168        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
08:11:45.0622 2168        amdxata - ok
08:11:45.0666 2168        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
08:11:45.0787 2168        AppID - ok
08:11:45.0836 2168        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:11:45.0866 2168        arc - ok
08:11:45.0888 2168        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:11:45.0917 2168        arcsas - ok
08:11:45.0939 2168        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:11:46.0073 2168        AsyncMac - ok
08:11:46.0099 2168        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
08:11:46.0108 2168        atapi - ok
08:11:46.0183 2168        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
08:11:46.0497 2168        avgntflt - ok
08:11:46.0518 2168        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
08:11:46.0546 2168        avipbb - ok
08:11:46.0563 2168        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:11:46.0584 2168        avkmgr - ok
08:11:46.0644 2168        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:11:46.0718 2168        b06bdrv - ok
08:11:46.0761 2168        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:11:46.0816 2168        b57nd60a - ok
08:11:46.0854 2168        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:11:46.0939 2168        Beep - ok
08:11:47.0106 2168        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:11:47.0148 2168        blbdrive - ok
08:11:47.0209 2168        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
08:11:47.0271 2168        bowser - ok
08:11:47.0289 2168        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:11:47.0322 2168        BrFiltLo - ok
08:11:47.0347 2168        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:11:47.0378 2168        BrFiltUp - ok
08:11:47.0413 2168        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:11:47.0463 2168        Brserid - ok
08:11:47.0486 2168        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:11:47.0536 2168        BrSerWdm - ok
08:11:47.0558 2168        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:11:47.0600 2168        BrUsbMdm - ok
08:11:47.0620 2168        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:11:47.0660 2168        BrUsbSer - ok
08:11:47.0677 2168        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:11:47.0721 2168        BTHMODEM - ok
08:11:47.0752 2168        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:11:47.0817 2168        cdfs - ok
08:11:47.0841 2168        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
08:11:47.0877 2168        cdrom - ok
08:11:47.0909 2168        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:11:47.0946 2168        circlass - ok
08:11:47.0993 2168        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:11:48.0021 2168        CLFS - ok
08:11:48.0077 2168        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:11:48.0110 2168        CmBatt - ok
08:11:48.0135 2168        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
08:11:48.0157 2168        cmdide - ok
08:11:48.0196 2168        CNG            (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
08:11:48.0234 2168        CNG - ok
08:11:48.0257 2168        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:11:48.0272 2168        Compbatt - ok
08:11:48.0307 2168        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:11:48.0361 2168        CompositeBus - ok
08:11:48.0381 2168        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:11:48.0406 2168        crcdisk - ok
08:11:48.0487 2168        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
08:11:48.0541 2168        DfsC - ok
08:11:48.0587 2168        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:11:48.0649 2168        discache - ok
08:11:48.0671 2168        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:11:48.0699 2168        Disk - ok
08:11:48.0759 2168        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:11:48.0797 2168        drmkaud - ok
08:11:48.0850 2168        DXGKrnl        (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
08:11:48.0901 2168        DXGKrnl - ok
08:11:48.0989 2168        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:11:49.0134 2168        ebdrv - ok
08:11:49.0171 2168        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:11:49.0212 2168        elxstor - ok
08:11:49.0254 2168        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
08:11:49.0290 2168        ErrDev - ok
08:11:49.0342 2168        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:11:49.0409 2168        exfat - ok
08:11:49.0435 2168        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:11:49.0499 2168        fastfat - ok
08:11:49.0521 2168        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:11:49.0559 2168        fdc - ok
08:11:49.0589 2168        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:11:49.0616 2168        FileInfo - ok
08:11:49.0637 2168        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:11:49.0709 2168        Filetrace - ok
08:11:49.0719 2168        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:11:49.0743 2168        flpydisk - ok
08:11:49.0776 2168        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
08:11:49.0815 2168        FltMgr - ok
08:11:49.0863 2168        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:11:49.0890 2168        FsDepends - ok
08:11:49.0909 2168        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:11:49.0924 2168        Fs_Rec - ok
08:11:49.0970 2168        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:11:49.0993 2168        fvevol - ok
08:11:50.0019 2168        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:11:50.0045 2168        gagp30kx - ok
08:11:50.0095 2168        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:11:50.0108 2168        GEARAspiWDM - ok
08:11:50.0141 2168        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:11:50.0199 2168        hcw85cir - ok
08:11:50.0241 2168        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
08:11:50.0299 2168        HdAudAddService - ok
08:11:50.0331 2168        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:11:50.0383 2168        HDAudBus - ok
08:11:50.0403 2168        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:11:50.0450 2168        HidBatt - ok
08:11:50.0473 2168        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:11:50.0529 2168        HidBth - ok
08:11:50.0549 2168        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:11:50.0582 2168        HidIr - ok
08:11:50.0623 2168        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
08:11:50.0651 2168        HidUsb - ok
08:11:50.0689 2168        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
08:11:50.0717 2168        HpSAMD - ok
08:11:50.0758 2168        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
08:11:50.0845 2168        HTTP - ok
08:11:50.0865 2168        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
08:11:50.0882 2168        hwpolicy - ok
08:11:50.0906 2168        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:11:50.0926 2168        i8042prt - ok
08:11:50.0980 2168        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
08:11:51.0015 2168        iaStorV - ok
08:11:51.0055 2168        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:11:51.0072 2168        iirsp - ok
08:11:51.0190 2168        IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
08:11:51.0259 2168        IntcAzAudAddService - ok
08:11:51.0286 2168        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
08:11:51.0302 2168        intelide - ok
08:11:51.0346 2168        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:11:51.0387 2168        intelppm - ok
08:11:51.0410 2168        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:11:51.0477 2168        IpFilterDriver - ok
08:11:51.0499 2168        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
08:11:51.0531 2168        IPMIDRV - ok
08:11:51.0555 2168        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:11:51.0615 2168        IPNAT - ok
08:11:51.0653 2168        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:11:51.0721 2168        IRENUM - ok
08:11:51.0760 2168        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
08:11:51.0784 2168        isapnp - ok
08:11:51.0824 2168        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
08:11:51.0860 2168        iScsiPrt - ok
08:11:51.0883 2168        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:11:51.0908 2168        kbdclass - ok
08:11:51.0924 2168        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
08:11:51.0953 2168        kbdhid - ok
08:11:52.0000 2168        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
08:11:52.0021 2168        KSecDD - ok
08:11:52.0062 2168        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
08:11:52.0096 2168        KSecPkg - ok
08:11:52.0211 2168        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:11:52.0287 2168        ksthunk - ok
08:11:52.0342 2168        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:11:52.0430 2168        lltdio - ok
08:11:52.0478 2168        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:11:52.0506 2168        LSI_FC - ok
08:11:52.0526 2168        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:11:52.0543 2168        LSI_SAS - ok
08:11:52.0580 2168        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:11:52.0598 2168        LSI_SAS2 - ok
08:11:52.0621 2168        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:11:52.0640 2168        LSI_SCSI - ok
08:11:52.0667 2168        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:11:52.0740 2168        luafv - ok
08:11:52.0797 2168        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:11:52.0817 2168        MBAMProtector - ok
08:11:52.0860 2168        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:11:52.0887 2168        megasas - ok
08:11:52.0925 2168        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:11:52.0960 2168        MegaSR - ok
08:11:52.0985 2168        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:11:53.0042 2168        Modem - ok
08:11:53.0067 2168        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:11:53.0105 2168        monitor - ok
08:11:53.0129 2168        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:11:53.0154 2168        mouclass - ok
08:11:53.0177 2168        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:11:53.0214 2168        mouhid - ok
08:11:53.0241 2168        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
08:11:53.0260 2168        mountmgr - ok
08:11:53.0349 2168        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
08:11:53.0383 2168        mpio - ok
08:11:53.0409 2168        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:11:53.0463 2168        mpsdrv - ok
08:11:53.0495 2168        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
08:11:53.0551 2168        MRxDAV - ok
08:11:53.0588 2168        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:11:53.0636 2168        mrxsmb - ok
08:11:53.0686 2168        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:11:53.0738 2168        mrxsmb10 - ok
08:11:53.0770 2168        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:11:53.0817 2168        mrxsmb20 - ok
08:11:53.0837 2168        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
08:11:53.0860 2168        msahci - ok
08:11:53.0888 2168        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
08:11:53.0919 2168        msdsm - ok
08:11:53.0955 2168        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:11:53.0998 2168        Msfs - ok
08:11:54.0017 2168        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:11:54.0094 2168        mshidkmdf - ok
08:11:54.0116 2168        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
08:11:54.0139 2168        msisadrv - ok
08:11:54.0177 2168        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:11:54.0257 2168        MSKSSRV - ok
08:11:54.0301 2168        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:11:54.0359 2168        MSPCLOCK - ok
08:11:54.0430 2168        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:11:54.0502 2168        MSPQM - ok
08:11:54.0534 2168        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
08:11:54.0573 2168        MsRPC - ok
08:11:54.0597 2168        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:11:54.0606 2168        mssmbios - ok
08:11:54.0627 2168        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:11:54.0693 2168        MSTEE - ok
08:11:54.0717 2168        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:11:54.0759 2168        MTConfig - ok
08:11:54.0780 2168        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:11:54.0805 2168        Mup - ok
08:11:54.0867 2168        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:11:54.0928 2168        NativeWifiP - ok
08:11:54.0993 2168        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
08:11:55.0040 2168        NDIS - ok
08:11:55.0072 2168        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:11:55.0132 2168        NdisCap - ok
08:11:55.0170 2168        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:11:55.0231 2168        NdisTapi - ok
08:11:55.0273 2168        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
08:11:55.0342 2168        Ndisuio - ok
08:11:55.0370 2168        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:11:55.0460 2168        NdisWan - ok
08:11:55.0481 2168        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
08:11:55.0594 2168        NDProxy - ok
08:11:55.0615 2168        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:11:55.0698 2168        NetBIOS - ok
08:11:55.0726 2168        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
08:11:55.0775 2168        NetBT - ok
08:11:55.0830 2168        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:11:55.0856 2168        nfrd960 - ok
08:11:55.0890 2168        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:11:55.0951 2168        Npfs - ok
08:11:55.0971 2168        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:11:56.0041 2168        nsiproxy - ok
08:11:56.0120 2168        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
08:11:56.0216 2168        Ntfs - ok
08:11:56.0228 2168        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:11:56.0304 2168        Null - ok
08:11:56.0570 2168        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:11:56.0792 2168        nvlddmkm - ok
08:11:56.0848 2168        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
08:11:56.0879 2168        nvraid - ok
08:11:56.0898 2168        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
08:11:56.0919 2168        nvstor - ok
08:11:56.0985 2168        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
08:11:57.0015 2168        nv_agp - ok
08:11:57.0034 2168        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
08:11:57.0088 2168        ohci1394 - ok
08:11:57.0120 2168        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:11:57.0152 2168        Parport - ok
08:11:57.0173 2168        partmgr        (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
08:11:57.0198 2168        partmgr - ok
08:11:57.0230 2168        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
08:11:57.0265 2168        pci - ok
08:11:57.0276 2168        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
08:11:57.0290 2168        pciide - ok
08:11:57.0320 2168        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:11:57.0354 2168        pcmcia - ok
08:11:57.0378 2168        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:11:57.0402 2168        pcw - ok
08:11:57.0427 2168        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:11:57.0531 2168        PEAUTH - ok
08:11:57.0652 2168        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
08:11:57.0718 2168        PptpMiniport - ok
08:11:57.0750 2168        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:11:57.0790 2168        Processor - ok
08:11:57.0848 2168        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
08:11:57.0921 2168        Psched - ok
08:11:57.0973 2168        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:11:58.0071 2168        ql2300 - ok
08:11:58.0091 2168        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:11:58.0113 2168        ql40xx - ok
08:11:58.0134 2168        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:11:58.0186 2168        QWAVEdrv - ok
08:11:58.0205 2168        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:11:58.0283 2168        RasAcd - ok
08:11:58.0317 2168        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:11:58.0377 2168        RasAgileVpn - ok
08:11:58.0399 2168        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:11:58.0451 2168        Rasl2tp - ok
08:11:58.0471 2168        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:11:58.0553 2168        RasPppoe - ok
08:11:58.0581 2168        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:11:58.0650 2168        RasSstp - ok
08:11:58.0683 2168        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
08:11:58.0759 2168        rdbss - ok
08:11:58.0784 2168        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:11:58.0812 2168        rdpbus - ok
08:11:58.0823 2168        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:11:58.0892 2168        RDPCDD - ok
08:11:58.0920 2168        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:11:58.0981 2168        RDPENCDD - ok
08:11:58.0996 2168        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:11:59.0043 2168        RDPREFMP - ok
08:11:59.0069 2168        RDPWD          (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
08:11:59.0134 2168        RDPWD - ok
08:11:59.0155 2168        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
08:11:59.0190 2168        rdyboost - ok
08:11:59.0227 2168        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:11:59.0306 2168        rspndr - ok
08:11:59.0367 2168        RTL8167        (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:11:59.0400 2168        RTL8167 - ok
08:11:59.0427 2168        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
08:11:59.0455 2168        sbp2port - ok
08:11:59.0497 2168        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
08:11:59.0555 2168        scfilter - ok
08:11:59.0583 2168        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:11:59.0639 2168        secdrv - ok
08:11:59.0681 2168        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:11:59.0710 2168        Serenum - ok
08:11:59.0727 2168        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:11:59.0757 2168        Serial - ok
08:11:59.0788 2168        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:11:59.0817 2168        sermouse - ok
08:11:59.0853 2168        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
08:11:59.0896 2168        sffdisk - ok
08:11:59.0919 2168        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
08:11:59.0951 2168        sffp_mmc - ok
08:11:59.0969 2168        sffp_sd        (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
08:12:00.0011 2168        sffp_sd - ok
08:12:00.0029 2168        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:12:00.0063 2168        sfloppy - ok
08:12:00.0102 2168        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:12:00.0124 2168        SiSRaid2 - ok
08:12:00.0144 2168        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:12:00.0168 2168        SiSRaid4 - ok
08:12:00.0192 2168        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:12:00.0266 2168        Smb - ok
08:12:00.0301 2168        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:12:00.0324 2168        spldr - ok
08:12:00.0382 2168        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
08:12:00.0450 2168        srv - ok
08:12:00.0496 2168        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
08:12:00.0569 2168        srv2 - ok
08:12:00.0614 2168        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
08:12:00.0659 2168        srvnet - ok
08:12:00.0699 2168        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:12:00.0723 2168        stexstor - ok
08:12:00.0736 2168        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:12:00.0751 2168        swenum - ok
08:12:00.0846 2168        Tcpip          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
08:12:00.0957 2168        Tcpip - ok
08:12:01.0020 2168        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
08:12:01.0059 2168        TCPIP6 - ok
08:12:01.0107 2168        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
08:12:01.0166 2168        tcpipreg - ok
08:12:01.0193 2168        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:12:01.0236 2168        TDPIPE - ok
08:12:01.0265 2168        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:12:01.0343 2168        TDTCP - ok
08:12:01.0365 2168        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
08:12:01.0415 2168        tdx - ok
08:12:01.0437 2168        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
08:12:01.0463 2168        TermDD - ok
08:12:01.0504 2168        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:12:01.0584 2168        tssecsrv - ok
08:12:01.0619 2168        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
08:12:01.0705 2168        tunnel - ok
08:12:01.0724 2168        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:12:01.0749 2168        uagp35 - ok
08:12:01.0786 2168        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
08:12:01.0858 2168        udfs - ok
08:12:01.0895 2168        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
08:12:01.0922 2168        uliagpkx - ok
08:12:01.0954 2168        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
08:12:01.0996 2168        umbus - ok
08:12:02.0041 2168        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:12:02.0079 2168        UmPass - ok
08:12:02.0123 2168        usbccgp        (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
08:12:02.0178 2168        usbccgp - ok
08:12:02.0221 2168        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
08:12:02.0316 2168        usbcir - ok
08:12:02.0456 2168        usbehci        (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
08:12:02.0495 2168        usbehci - ok
08:12:02.0525 2168        usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
08:12:02.0583 2168        usbhub - ok
08:12:02.0594 2168        usbohci        (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
08:12:02.0621 2168        usbohci - ok
08:12:02.0673 2168        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:12:02.0706 2168        usbprint - ok
08:12:02.0748 2168        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:12:02.0782 2168        usbscan - ok
08:12:02.0831 2168        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:12:02.0872 2168        USBSTOR - ok
08:12:02.0895 2168        usbuhci        (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
08:12:02.0933 2168        usbuhci - ok
08:12:02.0965 2168        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
08:12:02.0990 2168        vdrvroot - ok
08:12:03.0017 2168        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:12:03.0038 2168        vga - ok
08:12:03.0057 2168        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:12:03.0142 2168        VgaSave - ok
08:12:03.0171 2168        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
08:12:03.0208 2168        vhdmp - ok
08:12:03.0230 2168        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
08:12:03.0245 2168        viaide - ok
08:12:03.0270 2168        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
08:12:03.0297 2168        volmgr - ok
08:12:03.0316 2168        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
08:12:03.0332 2168        volmgrx - ok
08:12:03.0356 2168        volsnap        (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
08:12:03.0395 2168        volsnap - ok
08:12:03.0417 2168        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:12:03.0438 2168        vsmraid - ok
08:12:03.0483 2168        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:12:03.0507 2168        vwifibus - ok
08:12:03.0534 2168        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:12:03.0562 2168        WacomPen - ok
08:12:03.0598 2168        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:03.0682 2168        WANARP - ok
08:12:03.0696 2168        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
08:12:03.0748 2168        Wanarpv6 - ok
08:12:03.0784 2168        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:12:03.0800 2168        Wd - ok
08:12:03.0831 2168        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:12:03.0882 2168        Wdf01000 - ok
08:12:03.0925 2168        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:12:03.0984 2168        WfpLwf - ok
08:12:04.0012 2168        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:12:04.0036 2168        WIMMount - ok
08:12:04.0104 2168        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:12:04.0141 2168        WmiAcpi - ok
08:12:04.0188 2168        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:12:04.0260 2168        ws2ifsl - ok
08:12:04.0299 2168        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
08:12:04.0376 2168        WudfPf - ok
08:12:04.0407 2168        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:12:04.0491 2168        WUDFRd - ok
08:12:04.0581 2168        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
08:12:04.0635 2168        xusb21 - ok
08:12:04.0657 2168        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:12:04.0807 2168        \Device\Harddisk0\DR0 - ok
08:12:04.0812 2168        Boot (0x1200)  (3692a4254e0167979af73c9e01f592ad) \Device\Harddisk0\DR0\Partition0
08:12:04.0813 2168        \Device\Harddisk0\DR0\Partition0 - ok
08:12:04.0842 2168        Boot (0x1200)  (c02824fbc36882b6fabe03ba8aab70c9) \Device\Harddisk0\DR0\Partition1
08:12:04.0845 2168        \Device\Harddisk0\DR0\Partition1 - ok
08:12:04.0874 2168        Boot (0x1200)  (23ec1a721b736c79226bdc55cf59c1af) \Device\Harddisk0\DR0\Partition2
08:12:04.0877 2168        \Device\Harddisk0\DR0\Partition2 - ok
08:12:04.0877 2168        ============================================================
08:12:04.0877 2168        Scan finished
08:12:04.0877 2168        ============================================================
08:12:04.0900 3840        Detected object count: 0
08:12:04.0900 3840        Actual detected object count: 0

cosinus 12.02.2012 13:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:51 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131