Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows blockiert aus Sicherheitsgründen (https://www.trojaner-board.de/110459-windows-blockiert-sicherheitsgruenden.html)

Skorn 26.02.2012 12:53
Windows blockiert aus Sicherheitsgründen
 
Hey,
wie so viel wurde bei mir auch Windows aus Sicherheitsgründen blockiert. Habe mich etwas bei euch belesen und im abgesicherten Modus hochgefahren.
Einmal mit Malwarebytes gescannt:
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.05

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Skor :: SKOR-PC [Administrator]

Schutz: Deaktiviert

22.02.2012 22:57:22
mbam-log-2012-02-22 (22-57-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 173706
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Skor\AppData\Local\Temp\0.6982788570544017df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.7355832079494159df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.8892057720492006df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.9291195036391339df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.18762739007420326df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Skor\AppData\Local\Temp\0.24159056218010078df35.exe (Exploit.Drop.4) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ein weiter Scan hat nix gefunden
Davor und danach habe ich einen OTl Scan durchgeführt, das Log vom ersten wurde leider überschrieben aber hier sind die Logs vom zweiten Scan:
Code:
OTL logfile created on: 2/22/2012 11:27:40 PM - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 634.27 Mb Available Physical Memory | 62.54% Memory free
1.99 Gb Paging File | 1.66 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 42.54 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Skor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/10/27 20:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 10:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/14 15:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/02/20 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions
[2011/10/21 08:14:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Sunbird\Profiles\66zbxk6g.default\extensions
[2011/11/11 20:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\SKOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Z8BZ7B7.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/02/20 10:04:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/11 20:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 20:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:15:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/11 20:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/11 20:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/11 20:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SkypeM] C:\Users\Skor\AppData\Local\Skype\Skype.exe ()
O4 - Startup: C:\Users\Skor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-giessen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2661931F-C7DB-418F-A554-E4941694B50A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43886E1F-005F-40E1-9472-EDDC0F13FAC6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7B1A334-EC91-4189-97DD-2CB9B05ECF08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48E5659-E2CD-430D-B0CF-2D6AA60EA93E}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/22 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2012/02/22 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/22 22:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/22 22:55:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/22 22:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 22:52:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:36 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 18:48:41 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/22 18:48:40 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/22 18:48:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/22 18:48:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/22 18:48:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/22 18:48:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/22 18:48:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/22 18:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/22 18:48:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/22 18:48:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/22 18:48:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/22 18:48:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/22 18:48:27 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/22 18:48:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/22 18:48:25 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/22 18:48:24 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/22 18:48:24 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/22 18:48:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/22 18:48:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/22 18:48:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/22 18:48:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/22 18:48:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/22 18:48:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/22 18:48:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/22 18:48:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/22 18:48:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/22 18:48:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/22 18:48:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/22 18:48:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/22 18:48:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/22 18:48:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/22 18:48:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/22 18:48:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/22 18:48:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/22 18:48:16 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/22 18:48:16 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/22 18:48:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/20 10:25:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/16 17:59:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\timedate.cpl
[2012/02/16 17:58:24 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/02/11 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Documents\Dehnen
[2012/02/10 23:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/10 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/02/10 23:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/22 23:19:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/22 23:19:45 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 22:55:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 22:52:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:41 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 22:18:15 | 001,486,374 | ---- | M] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2012/02/22 18:48:40 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2012/02/22 18:48:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/02/22 18:48:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2012/02/22 18:48:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2012/02/22 18:48:39 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2012/02/22 18:48:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2012/02/22 18:48:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/02/22 18:48:38 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2012/02/22 18:48:38 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2012/02/22 18:48:38 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2012/02/22 18:48:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2012/02/22 18:48:27 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2012/02/22 18:48:27 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2012/02/22 18:48:25 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2012/02/22 18:48:25 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2012/02/22 18:48:24 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2012/02/22 18:48:24 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2012/02/22 18:48:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2012/02/22 18:48:23 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/02/22 18:48:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2012/02/22 18:48:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/22 18:48:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2012/02/22 18:48:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/02/22 18:48:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2012/02/22 18:48:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2012/02/22 18:48:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/02/22 18:48:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2012/02/22 18:48:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2012/02/22 18:48:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/02/22 18:48:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2012/02/22 18:48:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2012/02/22 18:48:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/02/22 18:48:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2012/02/22 18:48:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2012/02/22 18:48:16 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/02/22 18:48:16 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2012/02/22 18:48:16 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2012/02/20 10:35:20 | 000,309,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/20 10:25:34 | 000,702,372 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/20 10:25:34 | 000,656,954 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/20 10:25:34 | 000,151,076 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/20 10:25:34 | 000,123,430 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/20 10:03:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/02/10 23:28:15 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2012/02/22 22:55:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 22:18:15 | 001,486,374 | ---- | C] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/10 23:28:15 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2011/10/23 18:53:53 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011/10/23 18:47:18 | 000,107,520 | RHS- | C] () -- C:\windows\System32\TAKDSDecoder.dll
[2011/09/16 08:59:02 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/06/20 12:26:36 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2011/06/20 10:08:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 18:32:54 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/05/31 18:17:00 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/05/31 18:17:00 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/05/31 15:06:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/01/19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 17:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2011/08/24 19:29:39 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
und Extras:
Code:
OTL Extras logfile created on: 2/22/2012 11:27:40 PM - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 634.27 Mb Available Physical Memory | 62.54% Memory free
1.99 Gb Paging File | 1.66 Gb Available in Paging File | 83.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 42.54 Gb Free Space | 42.54% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69BD802-57A2-428F-9CA6-9C006E5F8DFA}" = Cisco AnyConnect Secure Mobility Client
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Eee Docking_is1" = Eee Docking 3.7.0
"EPSON Scanner" = EPSON Scan
"Foxit Reader_is1" = Foxit Reader 5.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFSExplorer" = HFSExplorer 0.21
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Oceanis Change Background Windows 7_is1" = Oceanis Change Background Windows 7
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Blender" = PDF Blender
"StarUML_is1" = StarUML 5.0.2.1570
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Leider hat sich jedoch im normalen Modus nix getan, sobald er ne InternetVerbindung kriegt, blockiert er wieder.
Was kann ich noch tun?
Vielen Dank,
Skorn

cosinus 26.02.2012 17:29
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Skorn 26.02.2012 18:09
alles weiterhin im abgesicherten Modus mit netzwerktreibern oder?
Grüße und danke schonmal!

Hier das Ergebnis des vollständigen Malwarebyte suchlaufes von heute mittag:
Code:
Datenbank Version: v2012.02.26.01

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Skor :: SKOR-PC [Administrator]

Schutz: Deaktiviert

26.02.2012 15:08:23
mbam-log-2012-02-26 (15-08-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 307408
Laufzeit: 49 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset folgt

cosinus 26.02.2012 18:33
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Skorn 26.02.2012 21:08
Hier das ESET Log:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d73ebffbac93944db02935a490a8f64a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-26 08:05:15
# local_time=2012-02-26 09:05:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 347925 66808587 416672 0
# compatibility_mode=5893 16776573 100 94 144753 81907915 0 0
# compatibility_mode=8192 67108863 100 0 3782 3782 0 0
# scanned=142312
# found=7
# cleaned=0
# scan_time=10011
C:\$Recycle.Bin\S-1-5-21-1467143805-1543317418-267732607-1000\$RDJEBGO.rar        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\AppData\Local\Skype\Skype.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\AppData\Local\Temp\ICReinstall\cnet_gardenplannersetup_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\Documents\Uni\Examensarbeit.rar        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\Documents\Uni\Examensarbeit\cnet_gardenplannersetup_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 26.02.2012 21:27
Funktioniert der normale Modus wieder?

Skorn 26.02.2012 22:22
Hey, funktioniert leider nicht.

cosinus 26.02.2012 22:38
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Skorn 26.02.2012 23:11
Code:
OTL logfile created on: 2/26/2012 10:44:49 PM - Run 3
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Skor\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.18 Mb Total Physical Memory | 670.69 Mb Available Physical Memory | 66.13% Memory free
1.99 Gb Paging File | 1.68 Gb Available in Paging File | 84.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 41.73 Gb Free Space | 41.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 50.48 Gb Free Space | 42.83% Space Free | Partition Type: NTFS
 
Computer Name: SKOR-PC | User Name: Skor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Skor\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\3084~1.161\ASUSWS~1.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsock) -- C:\Windows\System32\drivers\acsock.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/10/27 20:57:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/20 10:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/09/14 15:55:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
 
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/02/20 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions
[2011/10/21 08:14:00 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Skor\AppData\Roaming\mozilla\Firefox\Profiles\8z8bz7b7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/09/14 16:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skor\AppData\Roaming\mozilla\Sunbird\Profiles\66zbxk6g.default\extensions
[2011/11/11 20:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\USERS\SKOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8Z8BZ7B7.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/02/20 10:04:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/11 20:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 20:15:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 20:15:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/11 20:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/11 20:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/11 20:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000..\Run: [SkypeM] C:\Users\Skor\AppData\Local\Skype\Skype.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Skor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.uni-giessen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2661931F-C7DB-418F-A554-E4941694B50A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43886E1F-005F-40E1-9472-EDDC0F13FAC6}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7B1A334-EC91-4189-97DD-2CB9B05ECF08}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F48E5659-E2CD-430D-B0CF-2D6AA60EA93E}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000 Winlogon: Shell - (C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe) - C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Oceanis)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/26 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Desktop\Neuer Ordner
[2012/02/26 18:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/26 18:15:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Skor\Desktop\esetsmartinstaller_enu.exe
[2012/02/23 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Local\ElevatedDiagnostics
[2012/02/22 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2012/02/22 22:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/22 22:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/22 22:55:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/22 22:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 22:52:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:36 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/20 10:25:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/11 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Skor\Documents\Dehnen
[2012/02/10 23:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012/02/10 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/02/10 23:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.7
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/26 22:19:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/26 22:19:38 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 18:15:05 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Skor\Desktop\esetsmartinstaller_enu.exe
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 23:17:36 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 22:55:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 22:52:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Skor\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/22 22:47:41 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Skor\Desktop\OTL.exe
[2012/02/22 22:18:15 | 001,486,374 | ---- | M] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/20 10:35:20 | 000,309,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/20 10:25:34 | 000,702,372 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/20 10:25:34 | 000,656,954 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/20 10:25:34 | 000,151,076 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/20 10:25:34 | 000,123,430 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/10 23:28:15 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
 
========== Files Created - No Company Name ==========
 
[2012/02/22 22:55:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 22:18:15 | 001,486,374 | ---- | C] () -- C:\Users\Skor\Desktop\bundespolizei-trojaner_schritt-fuer-schritt-.pdf
[2012/02/22 18:48:23 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/10 23:28:15 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.7.lnk
[2011/10/23 18:53:53 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2011/10/23 18:47:18 | 000,107,520 | RHS- | C] () -- C:\windows\System32\TAKDSDecoder.dll
[2011/09/16 08:59:02 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2011/06/20 12:26:36 | 000,000,020 | ---- | C] () -- C:\windows\mafosav.INI
[2011/06/20 10:08:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/31 18:32:54 | 000,000,117 | ---- | C] () -- C:\windows\TmPfw.ini
[2011/05/31 18:17:00 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2011/05/31 18:17:00 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2011/05/31 15:06:30 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2011/01/19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011/01/19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010/06/24 17:31:21 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010/06/24 17:12:19 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/06/24 17:12:19 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/06/24 17:10:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/24 17:08:32 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/06/24 17:02:59 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/04/13 03:36:12 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010/06/24 17:31:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2011/08/24 19:29:39 | 000,032,618 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/01/02 13:07:02 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ABBYY
[2010/06/24 17:55:21 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Adobe
[2011/08/25 20:41:26 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Apple Computer
[2012/02/22 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ASUS WebStorage
[2011/10/20 17:10:29 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Avira
[2011/06/09 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/12/12 20:51:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Downloaded Installations
[2011/10/21 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoft
[2011/10/21 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/05/31 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\E-Cam
[2011/11/01 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Foxit Software
[2012/02/21 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICQ
[2012/01/17 16:34:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\ICSharpCode
[2009/07/14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Identities
[2010/06/24 17:00:39 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\InstallShield
[2011/09/21 22:18:00 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\LolClient
[2010/06/24 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Macromedia
[2012/02/22 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Malwarebytes
[2011/11/29 23:31:59 | 000,000,000 | --SD | M] -- C:\Users\Skor\AppData\Roaming\Microsoft
[2011/09/14 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Mozilla
[2012/01/02 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Nitro PDF
[2012/01/17 16:35:51 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\NuGet
[2011/06/03 23:06:50 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\OpenOffice.org
[2011/07/08 08:02:59 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Pcounter
[2012/02/21 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Skype
[2012/02/21 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\skypePM
[2012/02/20 00:42:17 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\SoftGrid Client
[2011/10/27 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\Swiss Academic Software
[2011/05/31 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\TP
[2012/02/25 13:42:41 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\vlc
[2011/05/31 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Skor\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/06/24 17:08:16 | 000,038,784 | ---- | M] () -- C:\Users\Skor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
und das log... :) Vielen Dank für deine Mühen!

cosinus 27.02.2012 10:08
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell - "" = AutoRun
O33 - MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:AB689DEA
:Files
C:\Users\Skor\AppData\Local\Temp\ICReinstall
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe
C:\Users\Skor\AppData\Local\Skype
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Skorn 27.02.2012 13:15
Hey anbei das Log des OTl-Fixes:
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}\ deleted successfully.
C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1467143805-1543317418-267732607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1467143805-1543317418-267732607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cb7-dedb-11e0-a54d-485b3990b9f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92cdd-dedb-11e0-a54d-485b3990b9f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0de92d54-dedb-11e0-a54d-485b3990b9f9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
========== FILES ==========
C:\Users\Skor\AppData\Local\Temp\ICReinstall folder moved successfully.
C:\Users\Skor\Downloads\SoftonicDownloader_fuer_super.exe moved successfully.
C:\Users\Skor\AppData\Local\Temp\0.49741756388432556fdrgs.exe moved successfully.
C:\Users\Skor\AppData\Local\Skype folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Skor
->Temp folder emptied: 188027618 bytes
->Temporary Internet Files folder emptied: 91155181 bytes
->Java cache emptied: 1075891 bytes
->FireFox cache emptied: 201764164 bytes
->Flash cache emptied: 42953 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152985182 bytes
RecycleBin emptied: 1444580584 bytes
 
Total Files Cleaned = 1,983.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02272012_125554

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 27.02.2012 14:51
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Skorn 27.02.2012 16:09
Anbei das TDSS Log, also gefunden hat er nix:
Code:
16:01:40.0346 1672        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:01:40.0424 1672        ============================================================
16:01:40.0424 1672        Current date / time: 2012/02/27 16:01:40.0424
16:01:40.0424 1672        SystemInfo:
16:01:40.0424 1672       
16:01:40.0424 1672        OS Version: 6.1.7601 ServicePack: 1.0
16:01:40.0424 1672        Product type: Workstation
16:01:40.0424 1672        ComputerName: SKOR-PC
16:01:40.0424 1672        UserName: Skor
16:01:40.0424 1672        Windows directory: C:\windows
16:01:40.0424 1672        System windows directory: C:\windows
16:01:40.0424 1672        Processor architecture: Intel x86
16:01:40.0424 1672        Number of processors: 2
16:01:40.0424 1672        Page size: 0x1000
16:01:40.0424 1672        Boot type: Normal boot
16:01:40.0424 1672        ============================================================
16:01:41.0282 1672        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:01:41.0282 1672        \Device\Harddisk0\DR0:
16:01:41.0282 1672        MBR used
16:01:41.0282 1672        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:01:41.0282 1672        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
16:01:41.0484 1672        Initialize success
16:01:41.0484 1672        ============================================================
16:01:47.0412 4000        ============================================================
16:01:47.0412 4000        Scan started
16:01:47.0412 4000        Mode: Manual; SigCheck; TDLFS;
16:01:47.0412 4000        ============================================================
16:01:48.0957 4000        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
16:01:49.0191 4000        1394ohci - ok
16:01:49.0331 4000        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
16:01:49.0378 4000        ACPI - ok
16:01:49.0503 4000        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
16:01:49.0612 4000        AcpiPmi - ok
16:01:49.0752 4000        acsock          (ae954c42547605408cddf03bb13845b8) C:\windows\system32\DRIVERS\acsock.sys
16:01:49.0846 4000        acsock - ok
16:01:49.0986 4000        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:01:50.0080 4000        adp94xx - ok
16:01:50.0252 4000        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:01:50.0298 4000        adpahci - ok
16:01:50.0361 4000        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:01:50.0408 4000        adpu320 - ok
16:01:50.0564 4000        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
16:01:50.0673 4000        AFD - ok
16:01:50.0782 4000        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
16:01:50.0813 4000        agp440 - ok
16:01:50.0876 4000        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:01:50.0907 4000        aic78xx - ok
16:01:51.0063 4000        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
16:01:51.0110 4000        aliide - ok
16:01:51.0312 4000        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
16:01:51.0359 4000        amdagp - ok
16:01:51.0609 4000        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
16:01:51.0640 4000        amdide - ok
16:01:51.0921 4000        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:01:51.0983 4000        AmdK8 - ok
16:01:52.0139 4000        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:01:52.0217 4000        AmdPPM - ok
16:01:52.0389 4000        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
16:01:52.0420 4000        amdsata - ok
16:01:52.0607 4000        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:01:52.0654 4000        amdsbs - ok
16:01:52.0794 4000        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
16:01:52.0826 4000        amdxata - ok
16:01:53.0028 4000        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
16:01:53.0262 4000        AppID - ok
16:01:53.0481 4000        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:01:53.0528 4000        arc - ok
16:01:53.0606 4000        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:01:53.0637 4000        arcsas - ok
16:01:53.0824 4000        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
16:01:53.0871 4000        AsUpIO - ok
16:01:54.0105 4000        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:01:54.0464 4000        AsyncMac - ok
16:01:54.0588 4000        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
16:01:54.0620 4000        atapi - ok
16:01:54.0744 4000        athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
16:01:54.0869 4000        athr - ok
16:01:55.0056 4000        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
16:01:55.0088 4000        avgntflt - ok
16:01:55.0244 4000        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
16:01:55.0275 4000        avipbb - ok
16:01:55.0587 4000        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:01:55.0727 4000        b06bdrv - ok
16:01:55.0883 4000        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:01:55.0961 4000        b57nd60x - ok
16:01:56.0102 4000        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:01:56.0242 4000        Beep - ok
16:01:56.0741 4000        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:01:56.0804 4000        blbdrive - ok
16:01:57.0287 4000        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
16:01:57.0350 4000        bowser - ok
16:01:57.0599 4000        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:01:57.0740 4000        BrFiltLo - ok
16:01:58.0052 4000        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:01:58.0145 4000        BrFiltUp - ok
16:01:58.0488 4000        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:01:58.0644 4000        Brserid - ok
16:01:58.0832 4000        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:01:58.0910 4000        BrSerWdm - ok
16:01:59.0081 4000        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:01:59.0144 4000        BrUsbMdm - ok
16:01:59.0253 4000        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:01:59.0346 4000        BrUsbSer - ok
16:01:59.0612 4000        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
16:01:59.0970 4000        BthEnum - ok
16:02:00.0095 4000        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:02:00.0345 4000        BTHMODEM - ok
16:02:00.0501 4000        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:02:00.0735 4000        BthPan - ok
16:02:01.0125 4000        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
16:02:01.0515 4000        BTHPORT - ok
16:02:01.0718 4000        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
16:02:01.0796 4000        BTHUSB - ok
16:02:01.0998 4000        btusbflt        (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
16:02:02.0045 4000        btusbflt - ok
16:02:02.0154 4000        btwaudio - ok
16:02:02.0232 4000        btwavdt - ok
16:02:02.0295 4000        btwl2cap - ok
16:02:02.0435 4000        btwrchid - ok
16:02:02.0544 4000        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:02:02.0669 4000        cdfs - ok
16:02:02.0841 4000        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
16:02:02.0903 4000        cdrom - ok
16:02:03.0231 4000        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:02:03.0293 4000        circlass - ok
16:02:03.0543 4000        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:02:03.0652 4000        CLFS - ok
16:02:03.0902 4000        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:02:03.0948 4000        CmBatt - ok
16:02:04.0167 4000        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
16:02:04.0214 4000        cmdide - ok
16:02:04.0432 4000        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
16:02:04.0557 4000        CNG - ok
16:02:04.0791 4000        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:02:04.0822 4000        Compbatt - ok
16:02:05.0056 4000        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
16:02:05.0134 4000        CompositeBus - ok
16:02:05.0430 4000        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:02:05.0477 4000        crcdisk - ok
16:02:05.0805 4000        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
16:02:05.0930 4000        DfsC - ok
16:02:06.0117 4000        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:02:06.0195 4000        discache - ok
16:02:06.0413 4000        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:02:06.0444 4000        Disk - ok
16:02:06.0959 4000        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:02:07.0131 4000        drmkaud - ok
16:02:08.0769 4000        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
16:02:08.0862 4000        DXGKrnl - ok
16:02:09.0440 4000        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:02:09.0658 4000        ebdrv - ok
16:02:10.0001 4000        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:02:10.0064 4000        elxstor - ok
16:02:10.0266 4000        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
16:02:10.0344 4000        ErrDev - ok
16:02:10.0703 4000        ewusbnet        (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
16:02:10.0937 4000        ewusbnet - ok
16:02:11.0124 4000        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:02:11.0296 4000        exfat - ok
16:02:11.0546 4000        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:02:11.0686 4000        fastfat - ok
16:02:11.0920 4000        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:02:11.0982 4000        fdc - ok
16:02:12.0107 4000        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:02:12.0154 4000        FileInfo - ok
16:02:12.0294 4000        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:02:12.0450 4000        Filetrace - ok
16:02:12.0778 4000        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:02:12.0840 4000        flpydisk - ok
16:02:13.0043 4000        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:02:13.0090 4000        FltMgr - ok
16:02:13.0324 4000        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:02:13.0371 4000        FsDepends - ok
16:02:13.0776 4000        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
16:02:13.0823 4000        fssfltr - ok
16:02:14.0026 4000        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
16:02:14.0057 4000        Fs_Rec - ok
16:02:14.0385 4000        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
16:02:14.0447 4000        fvevol - ok
16:02:14.0619 4000        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:02:14.0681 4000        gagp30kx - ok
16:02:14.0884 4000        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:02:14.0915 4000        GEARAspiWDM - ok
16:02:15.0243 4000        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:02:15.0430 4000        hcw85cir - ok
16:02:15.0836 4000        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
16:02:15.0992 4000        HdAudAddService - ok
16:02:16.0226 4000        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
16:02:16.0413 4000        HDAudBus - ok
16:02:16.0865 4000        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:02:16.0959 4000        HidBatt - ok
16:02:17.0271 4000        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:02:17.0364 4000        HidBth - ok
16:02:17.0598 4000        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:02:17.0708 4000        HidIr - ok
16:02:17.0864 4000        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
16:02:17.0942 4000        HidUsb - ok
16:02:18.0098 4000        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
16:02:18.0144 4000        HpSAMD - ok
16:02:18.0332 4000        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
16:02:18.0456 4000        HTTP - ok
16:02:18.0659 4000        hwdatacard      (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
16:02:18.0768 4000        hwdatacard - ok
16:02:18.0956 4000        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
16:02:19.0002 4000        hwpolicy - ok
16:02:19.0205 4000        hwusbdev        (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
16:02:19.0314 4000        hwusbdev - ok
16:02:19.0642 4000        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
16:02:19.0673 4000        i8042prt - ok
16:02:19.0985 4000        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
16:02:20.0016 4000        iaStor - ok
16:02:20.0328 4000        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
16:02:20.0375 4000        iaStorV - ok
16:02:21.0670 4000        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
16:02:21.0966 4000        igfx - ok
16:02:22.0247 4000        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:02:22.0278 4000        iirsp - ok
16:02:22.0731 4000        IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys
16:02:22.0965 4000        IntcAzAudAddService - ok
16:02:23.0292 4000        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
16:02:23.0324 4000        intelide - ok
16:02:23.0745 4000        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:02:23.0807 4000        intelppm - ok
16:02:24.0244 4000        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:02:24.0369 4000        IpFilterDriver - ok
16:02:24.0587 4000        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
16:02:24.0650 4000        IPMIDRV - ok
16:02:24.0728 4000        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:02:24.0806 4000        IPNAT - ok
16:02:24.0946 4000        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:02:25.0055 4000        IRENUM - ok
16:02:25.0196 4000        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
16:02:25.0227 4000        isapnp - ok
16:02:25.0664 4000        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
16:02:25.0726 4000        iScsiPrt - ok
16:02:25.0991 4000        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
16:02:26.0038 4000        kbdclass - ok
16:02:26.0256 4000        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
16:02:26.0319 4000        kbdhid - ok
16:02:26.0880 4000        kbfiltr        (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
16:02:26.0896 4000        kbfiltr - ok
16:02:27.0380 4000        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
16:02:27.0426 4000        KSecDD - ok
16:02:27.0863 4000        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
16:02:27.0910 4000        KSecPkg - ok
16:02:28.0643 4000        L1C            (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
16:02:28.0752 4000        L1C - ok
16:02:29.0018 4000        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:02:29.0111 4000        lltdio - ok
16:02:29.0501 4000        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:02:29.0548 4000        LSI_FC - ok
16:02:30.0063 4000        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:02:30.0110 4000        LSI_SAS - ok
16:02:30.0422 4000        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:02:30.0453 4000        LSI_SAS2 - ok
16:02:30.0749 4000        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:02:30.0812 4000        LSI_SCSI - ok
16:02:31.0061 4000        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:02:31.0186 4000        luafv - ok
16:02:31.0623 4000        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
16:02:31.0701 4000        MBAMProtector - ok
16:02:32.0902 4000        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:02:32.0933 4000        megasas - ok
16:02:33.0058 4000        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:02:33.0105 4000        MegaSR - ok
16:02:33.0432 4000        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:02:33.0526 4000        Modem - ok
16:02:33.0744 4000        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:02:33.0807 4000        monitor - ok
16:02:34.0010 4000        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
16:02:34.0041 4000        mouclass - ok
16:02:34.0275 4000        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:02:34.0353 4000        mouhid - ok
16:02:34.0431 4000        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
16:02:34.0462 4000        mountmgr - ok
16:02:34.0509 4000        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
16:02:34.0540 4000        mpio - ok
16:02:34.0790 4000        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:02:34.0883 4000        mpsdrv - ok
16:02:35.0164 4000        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
16:02:35.0289 4000        MRxDAV - ok
16:02:35.0507 4000        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
16:02:35.0585 4000        mrxsmb - ok
16:02:35.0929 4000        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:02:35.0975 4000        mrxsmb10 - ok
16:02:36.0256 4000        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:02:36.0319 4000        mrxsmb20 - ok
16:02:36.0381 4000        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
16:02:36.0412 4000        msahci - ok
16:02:36.0490 4000        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
16:02:36.0521 4000        msdsm - ok
16:02:36.0631 4000        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:02:36.0693 4000        Msfs - ok
16:02:36.0740 4000        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:02:36.0802 4000        mshidkmdf - ok
16:02:36.0865 4000        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
16:02:36.0896 4000        msisadrv - ok
16:02:37.0083 4000        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:02:37.0161 4000        MSKSSRV - ok
16:02:37.0192 4000        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:02:37.0270 4000        MSPCLOCK - ok
16:02:37.0317 4000        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:02:37.0395 4000        MSPQM - ok
16:02:37.0457 4000        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:02:37.0489 4000        MsRPC - ok
16:02:37.0551 4000        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
16:02:37.0582 4000        mssmbios - ok
16:02:37.0629 4000        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:02:37.0707 4000        MSTEE - ok
16:02:37.0910 4000        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:02:37.0972 4000        MTConfig - ok
16:02:38.0191 4000        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:02:38.0237 4000        Mup - ok
16:02:38.0393 4000        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:02:38.0456 4000        NativeWifiP - ok
16:02:38.0612 4000        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
16:02:38.0690 4000        NDIS - ok
16:02:38.0815 4000        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:02:38.0908 4000        NdisCap - ok
16:02:39.0017 4000        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:02:39.0095 4000        NdisTapi - ok
16:02:39.0236 4000        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
16:02:39.0361 4000        Ndisuio - ok
16:02:39.0407 4000        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
16:02:39.0485 4000        NdisWan - ok
16:02:39.0938 4000        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
16:02:40.0031 4000        NDProxy - ok
16:02:40.0187 4000        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:02:40.0328 4000        NetBIOS - ok
16:02:40.0390 4000        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
16:02:40.0515 4000        NetBT - ok
16:02:40.0749 4000        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:02:40.0780 4000        nfrd960 - ok
16:02:40.0874 4000        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:02:40.0952 4000        Npfs - ok
16:02:41.0139 4000        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:02:41.0248 4000        nsiproxy - ok
16:02:41.0451 4000        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
16:02:41.0560 4000        Ntfs - ok
16:02:41.0716 4000        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:02:41.0794 4000        Null - ok
16:02:41.0981 4000        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
16:02:42.0028 4000        nvraid - ok
16:02:42.0122 4000        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
16:02:42.0169 4000        nvstor - ok
16:02:42.0325 4000        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
16:02:42.0371 4000        nv_agp - ok
16:02:42.0449 4000        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
16:02:42.0512 4000        ohci1394 - ok
16:02:42.0652 4000        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:02:42.0699 4000        Parport - ok
16:02:42.0777 4000        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
16:02:42.0808 4000        partmgr - ok
16:02:42.0871 4000        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:02:42.0917 4000        Parvdm - ok
16:02:42.0980 4000        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
16:02:43.0011 4000        pci - ok
16:02:43.0089 4000        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
16:02:43.0120 4000        pciide - ok
16:02:43.0214 4000        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:02:43.0276 4000        pcmcia - ok
16:02:43.0417 4000        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:02:43.0448 4000        pcw - ok
16:02:43.0495 4000        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:02:43.0604 4000        PEAUTH - ok
16:02:43.0853 4000        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:02:43.0947 4000        PptpMiniport - ok
16:02:43.0994 4000        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:02:44.0025 4000        Processor - ok
16:02:44.0103 4000        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:02:44.0181 4000        Psched - ok
16:02:44.0368 4000        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:02:44.0509 4000        ql2300 - ok
16:02:44.0836 4000        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:02:44.0867 4000        ql40xx - ok
16:02:44.0945 4000        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:02:44.0977 4000        QWAVEdrv - ok
16:02:45.0023 4000        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:02:45.0101 4000        RasAcd - ok
16:02:45.0164 4000        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:02:45.0242 4000        RasAgileVpn - ok
16:02:45.0289 4000        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:02:45.0367 4000        Rasl2tp - ok
16:02:45.0413 4000        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:02:45.0491 4000        RasPppoe - ok
16:02:45.0554 4000        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:02:45.0647 4000        RasSstp - ok
16:02:45.0694 4000        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
16:02:45.0788 4000        rdbss - ok
16:02:45.0881 4000        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:02:45.0928 4000        rdpbus - ok
16:02:45.0991 4000        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
16:02:46.0069 4000        RDPCDD - ok
16:02:46.0115 4000        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:02:46.0209 4000        RDPENCDD - ok
16:02:46.0256 4000        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:02:46.0318 4000        RDPREFMP - ok
16:02:46.0381 4000        RDPWD          (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
16:02:46.0459 4000        RDPWD - ok
16:02:46.0537 4000        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
16:02:46.0583 4000        rdyboost - ok
16:02:46.0693 4000        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:02:46.0739 4000        RFCOMM - ok
16:02:46.0817 4000        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:02:46.0880 4000        rspndr - ok
16:02:46.0958 4000        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
16:02:46.0989 4000        sbp2port - ok
16:02:47.0051 4000        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
16:02:47.0114 4000        scfilter - ok
16:02:47.0223 4000        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:02:47.0301 4000        secdrv - ok
16:02:47.0348 4000        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:02:47.0395 4000        Serenum - ok
16:02:47.0441 4000        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:02:47.0488 4000        Serial - ok
16:02:47.0551 4000        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:02:47.0597 4000        sermouse - ok
16:02:47.0675 4000        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
16:02:47.0738 4000        sffdisk - ok
16:02:47.0769 4000        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
16:02:47.0816 4000        sffp_mmc - ok
16:02:47.0847 4000        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
16:02:47.0894 4000        sffp_sd - ok
16:02:47.0941 4000        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:02:47.0987 4000        sfloppy - ok
16:02:48.0081 4000        Sftfs          (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
16:02:48.0128 4000        Sftfs - ok
16:02:48.0190 4000        Sftplay        (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:02:48.0221 4000        Sftplay - ok
16:02:48.0253 4000        Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:02:48.0284 4000        Sftredir - ok
16:02:48.0315 4000        Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
16:02:48.0331 4000        Sftvol - ok
16:02:48.0440 4000        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
16:02:48.0471 4000        sisagp - ok
16:02:48.0518 4000        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:02:48.0549 4000        SiSRaid2 - ok
16:02:48.0596 4000        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:02:48.0627 4000        SiSRaid4 - ok
16:02:48.0674 4000        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:02:48.0752 4000        Smb - ok
16:02:48.0908 4000        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:02:48.0955 4000        spldr - ok
16:02:49.0048 4000        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
16:02:49.0111 4000        srv - ok
16:02:49.0235 4000        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
16:02:49.0313 4000        srv2 - ok
16:02:49.0376 4000        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
16:02:49.0423 4000        srvnet - ok
16:02:49.0485 4000        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
16:02:49.0501 4000        ssmdrv - ok
16:02:49.0594 4000        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:02:49.0625 4000        stexstor - ok
16:02:49.0688 4000        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
16:02:49.0703 4000        swenum - ok
16:02:49.0797 4000        SynTP          (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
16:02:49.0844 4000        SynTP - ok
16:02:50.0031 4000        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
16:02:50.0171 4000        Tcpip - ok
16:02:50.0359 4000        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
16:02:50.0437 4000        TCPIP6 - ok
16:02:50.0499 4000        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
16:02:50.0577 4000        tcpipreg - ok
16:02:50.0639 4000        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
16:02:50.0717 4000        TDPIPE - ok
16:02:50.0764 4000        TDTCP          (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
16:02:50.0827 4000        TDTCP - ok
16:02:50.0889 4000        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
16:02:50.0951 4000        tdx - ok
16:02:51.0014 4000        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
16:02:51.0045 4000        TermDD - ok
16:02:51.0154 4000        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
16:02:51.0248 4000        tssecsrv - ok
16:02:51.0373 4000        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
16:02:51.0482 4000        TsUsbFlt - ok
16:02:51.0622 4000        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
16:02:51.0700 4000        tunnel - ok
16:02:51.0763 4000        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:02:51.0794 4000        uagp35 - ok
16:02:51.0856 4000        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
16:02:51.0934 4000        udfs - ok
16:02:52.0028 4000        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
16:02:52.0059 4000        uliagpkx - ok
16:02:52.0168 4000        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
16:02:52.0231 4000        umbus - ok
16:02:52.0293 4000        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:02:52.0340 4000        UmPass - ok
16:02:52.0387 4000        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
16:02:52.0433 4000        USBAAPL - ok
16:02:52.0480 4000        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
16:02:52.0558 4000        usbccgp - ok
16:02:52.0605 4000        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
16:02:52.0667 4000        usbcir - ok
16:02:52.0730 4000        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
16:02:52.0777 4000        usbehci - ok
16:02:52.0823 4000        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
16:02:52.0886 4000        usbhub - ok
16:02:52.0948 4000        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
16:02:52.0979 4000        usbohci - ok
16:02:53.0042 4000        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:02:53.0089 4000        usbprint - ok
16:02:53.0151 4000        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
16:02:53.0198 4000        usbscan - ok
16:02:53.0260 4000        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:02:53.0354 4000        USBSTOR - ok
16:02:53.0463 4000        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
16:02:53.0494 4000        usbuhci - ok
16:02:53.0572 4000        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
16:02:53.0650 4000        usbvideo - ok
16:02:53.0697 4000        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
16:02:53.0759 4000        usb_rndisx - ok
16:02:53.0853 4000        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
16:02:53.0900 4000        vdrvroot - ok
16:02:53.0947 4000        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:02:53.0993 4000        vga - ok
16:02:54.0040 4000        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:02:54.0118 4000        VgaSave - ok
16:02:54.0181 4000        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
16:02:54.0227 4000        vhdmp - ok
16:02:54.0305 4000        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
16:02:54.0337 4000        viaagp - ok
16:02:54.0399 4000        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:02:54.0446 4000        ViaC7 - ok
16:02:54.0508 4000        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
16:02:54.0539 4000        viaide - ok
16:02:54.0602 4000        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
16:02:54.0633 4000        volmgr - ok
16:02:54.0680 4000        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:02:54.0727 4000        volmgrx - ok
16:02:54.0789 4000        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
16:02:54.0836 4000        volsnap - ok
16:02:54.0976 4000        vpnva          (0d8df4058901616a4e716ab67d472581) C:\windows\system32\DRIVERS\vpnva.sys
16:02:55.0023 4000        vpnva - ok
16:02:55.0070 4000        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:02:55.0117 4000        vsmraid - ok
16:02:55.0163 4000        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:02:55.0210 4000        vwifibus - ok
16:02:55.0273 4000        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:02:55.0335 4000        vwififlt - ok
16:02:55.0491 4000        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
16:02:55.0569 4000        vwifimp - ok
16:02:55.0678 4000        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:02:55.0725 4000        WacomPen - ok
16:02:55.0850 4000        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:02:55.0943 4000        WANARP - ok
16:02:55.0959 4000        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:02:56.0021 4000        Wanarpv6 - ok
16:02:56.0115 4000        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:02:56.0146 4000        Wd - ok
16:02:56.0193 4000        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:02:56.0240 4000        Wdf01000 - ok
16:02:56.0349 4000        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:02:56.0427 4000        WfpLwf - ok
16:02:56.0458 4000        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:02:56.0474 4000        WIMMount - ok
16:02:56.0692 4000        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
16:02:56.0755 4000        WinUsb - ok
16:02:56.0801 4000        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
16:02:56.0848 4000        WmiAcpi - ok
16:02:57.0020 4000        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:02:57.0129 4000        ws2ifsl - ok
16:02:57.0207 4000        WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
16:02:57.0254 4000        WSDPrintDevice - ok
16:02:57.0301 4000        WSDScan        (7dc0270cfd4a05b4112e3ebbf083b595) C:\windows\system32\DRIVERS\WSDScan.sys
16:02:57.0363 4000        WSDScan - ok
16:02:57.0441 4000        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
16:02:57.0503 4000        WudfPf - ok
16:02:57.0550 4000        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
16:02:57.0628 4000        WUDFRd - ok
16:02:57.0784 4000        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:02:58.0034 4000        \Device\Harddisk0\DR0 - ok
16:02:58.0049 4000        Boot (0x1200)  (4e06845f03673de167e19d7478a9eb30) \Device\Harddisk0\DR0\Partition0
16:02:58.0049 4000        \Device\Harddisk0\DR0\Partition0 - ok
16:02:58.0096 4000        Boot (0x1200)  (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1
16:02:58.0096 4000        \Device\Harddisk0\DR0\Partition1 - ok
16:02:58.0096 4000        ============================================================
16:02:58.0096 4000        Scan finished
16:02:58.0096 4000        ============================================================
16:02:58.0127 2192        Detected object count: 0
Soll ich denn mal im nrmalen Modus wieder gucken ob es geht? :D

cosinus 27.02.2012 20:59
Ja prüf den normalen Modus

Skorn 27.02.2012 21:38
Hey also derzeit geht es wieder hat jetzt seit 15 Min internet connection nicht mehr blockiert :)
VIELEN Dank! Soll ich noch irgendeinen Scan drüberlaufen lassen?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:40 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131