Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.09.2011, 22:54   #1
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Hallo Leute,
Habe folgendes Problem:
Habe vorhin eine meiner Wöchentlichen Avast! Virenprüfungen gemacht und habe dabei auf meinem Speicher mehrmals den Trojaner : Win32:Cycbot-KI gefunden. Das Komische daran war die angegeben anwendungen hatten zu 90% was mit Gaming und Gaming-Hardware zu tun (Steam.exe,pnkbstra.exe,...) ebenfalls was mich auch verdammt gewundert hat war das dort eine :" avastui.exe und eine avastsvc.exe zu finden waren. Hinter allen ergebnissen fand sich ein "(Kernel32.dll)". Ich weis aber auch nicht was das zu bedeuten hat. Hab natürlich erstmal n bisschen rum gegoogelt und da hieß es dann, nachdem ich :"virus im Ram" eingegeben hab, (glaubich sogar bei euch im Forum) das die meisten "vieren" sich beim booten mit starten oder beim Herunterfahren "verloren" gehen. Also hab ich eben n ReBoot gemacht und nochmal Avast! über den Speicher laufen lassen, immer noch die selben ergebnisse, zu finden waren immer noch avastui.exe und von den vorher gefunden Anwendungen eben nur die die Mitgestartet sind. Nun meine Frage, wie solll ich Vorgehen oder ist das ganze nur ein Fehler von Avast ?

(Zusatz: Meine Hardware: ("Eigenbau")
AMD Phenom II X4 955/Black Edition (3,2Ghz)
Corsair DIMM 8GB DDR3-1333 Kit
XFX Readon HD6870
Gigabyte 880GA-UD3H
Aerocool E85M 550W
Seagate 2 TB)

Bedanke mich schonmal fürs Durchlesen.

Mfg Benni



*EDIT* Sollte noch dazu sagen das ich morgen (Montag : 17.09.11) frühestens ab 18Uhr wieder an den PC wende Also nich wundern wenn kein post von mir kommt...

Geändert von BenniDE (25.09.2011 um 23:03 Uhr)

Alt 26.09.2011, 12:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Zitat:
Habe vorhin eine meiner Wöchentlichen Avast! Virenprüfungen gemacht und habe dabei auf meinem Speicher mehrmals den Trojaner : Win32:Cycbot-KI gefunden.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________

__________________

Alt 26.09.2011, 17:48   #3
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



[IMG]<script src='hxxp://img33.imageshack.us/shareable/?i=avastprotokoll.png&p=tl' type='text/javascript'></script><noscript></noscript>/[/IMG]


Das ist das Avast! Protokoll von gestern abend. Habe eben nochmal eine Überprüfung gemacht (von Systemlaufwerk und Speicher) dieses mal aber zu meiner Überaschung, kein Fund! Mich verwundert das ganze einbisschen. Hoffe mal das Avast Protokoll reicht zur Fehleranalyse


Mfg Benni
__________________

Alt 26.09.2011, 19:41   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.09.2011, 21:44   #5
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Log Datei von Malewarebytes :
Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7802

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26.09.2011 22:41:22
mbam-log-2011-09-26 (22-40-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|)
Durchsuchte Objekte: 600360
Laufzeit: 1 Stunde(n), 46 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
b:\Games\random stuff\cod4 level hack\easyaccount.exe (RiskWare.Tool.CK) -> No action taken.

werde jetzt noch den ESET online scanner benutzen und den COD 4 Level hack Löschen weil ich den sowieso nicht mehr brauch

Mfg Benni


Alt 27.09.2011, 11:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Zitat:
b:\Games\random stuff\cod4 level hack\easyaccount.exe (RiskWare.Tool.CK) -> No action taken.


Du weiß schon, dass du mit diesen Hacks ein dauerhaftes Banning riskierst?
__________________
--> Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!

Alt 27.09.2011, 12:38   #7
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Benutz das ding eh nichtmehr seitdem ichs mir in Steam gekauft hab.

Und wie siehts jetzt aus , denkt ihr/du das das wirklich nur ein Fehler von Avast war? (ESET läuft noch im hintergrund)

Alt 27.09.2011, 14:15   #8
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



ESET sagt das es nichts gefunden hat , deswegen geh ich mal davon aus das ich den log auch nicht mehr posten muss ...

Danke für die Hilfe ...

Mfg Benni

Alt 27.09.2011, 14:55   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2011, 16:18   #10
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Der angeforderte OTl.txt inhalt :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.09.2011 16:37:22 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Benjamin\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,45% Memory free
15,99 Gb Paging File | 14,00 Gb Available in Paging File | 87,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 129,16 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,47 Gb Free Space | 93,15% Space Free | Partition Type: FAT32
 
Computer Name: BENNIPC | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.27 16:35:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Downloads\OTL.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Avast\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Avast\AvastSvc.exe
PRC - [2011.08.31 01:19:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.21 11:14:38 | 000,207,872 | ---- | M] () -- B:\Games\Random Stuff\G15-Applets\LCRSirReal\LCDSirReal\LCDSirReal.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.29 21:16:08 | 001,677,096 | ---- | M] (ClanServers Hosting LLC) -- B:\Games\GameTracker\GSInGameService.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.04.14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- B:\Programme\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
PRC - [2010.04.14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.21 11:14:38 | 000,207,872 | ---- | M] () -- B:\Games\Random Stuff\G15-Applets\LCRSirReal\LCDSirReal\LCDSirReal.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.09.22 13:06:40 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.31 01:19:28 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.08 12:37:10 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.08.04 14:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- B:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.07.28 17:43:58 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.29 21:16:08 | 001,677,096 | ---- | M] (ClanServers Hosting LLC) [Auto | Running] -- B:\Games\GameTracker\GSInGameService.exe -- (GS In-Game Service)
SRV - [2010.04.14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- B:\Programme\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010.04.14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.08.15 14:32:10 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.08.09 23:59:07 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.08 12:37:02 | 000,161,184 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.05.28 00:34:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.28 00:34:19 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.05.18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.05.18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.05.18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.04.18 12:11:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011.01.13 13:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,027,136 | R--- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010.05.25 05:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.02.23 11:18:50 | 000,038,912 | ---- | M] (AMD, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.05.26 03:20:58 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 D8 E9 19 45 1B CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: B:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF [2011.09.14 22:31:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.07 00:09:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: B:\Programme\Mozilla Thunderbird\components [2011.08.18 14:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: B:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.08.26 20:04:33 | 000,000,000 | ---D | M]
 
[2011.05.26 21:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions
[2011.05.26 21:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.02 16:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\ogt3nigd.default\extensions
[2011.05.28 14:24:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Benjamin\AppData\Roaming\mozilla\Firefox\Profiles\ogt3nigd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.05 16:54:10 | 000,004,140 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\ogt3nigd.default\searchplugins\youtube.xml
[2011.08.22 00:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.21 12:58:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.03 12:07:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.13 14:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.25 13:15:04 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2011.09.14 22:31:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OGT3NIGD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.09.07 00:09:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe (PreRun)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.254 10.10.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54FF7843-3361-4EF4-B766-E70B23685877}: DhcpNameServer = 10.10.10.254 10.10.10.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^Benjamin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - B:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - B:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ESL Wire - hkey= - key= - B:\Games\EslWire\wire.exe (Turtle Entertainment GmbH)
MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - B:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - B:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - B:\Games\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - B:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.HFYU - huffyuv.dll (Disappearing Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.26 22:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.26 20:51:19 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes
[2011.09.26 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.26 20:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.26 20:51:05 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.26 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.15 13:36:04 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Documents\FIFA 12
[2011.09.15 12:25:58 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\VirtualBox VMs
[2011.09.15 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\.VirtualBox
[2011.09.15 12:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2011.09.09 12:46:42 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.09.07 14:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011.09.07 14:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2011.09.07 14:35:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.09.07 14:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.09.07 14:34:56 | 000,369,864 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2011.09.07 14:34:56 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2011.09.07 14:34:56 | 000,095,432 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2011.09.07 14:34:56 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2011.09.07 14:34:55 | 000,307,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2011.09.07 14:34:55 | 000,307,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2011.09.07 14:34:51 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.09.07 14:34:50 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.09.07 14:34:50 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.09.07 14:34:50 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.09.07 14:34:50 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.09.07 14:34:43 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.09.07 14:34:43 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.09.07 14:34:43 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.09.07 14:34:43 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.09.07 14:34:42 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.09.07 14:34:42 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.09.07 14:34:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.09.07 14:34:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.09.07 14:34:27 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.09.07 14:34:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.08.30 17:19:17 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011.08.29 19:45:31 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Roaming\Kalypso Media
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.27 13:34:16 | 000,030,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 13:34:15 | 000,030,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.27 13:31:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.26 22:45:31 | 2145,546,239 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.26 21:15:36 | 000,018,216 | ---- | M] () -- C:\Users\Benjamin\Desktop\Nachrichten Präsentation.odt
[2011.09.26 20:51:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.26 18:45:07 | 000,087,615 | ---- | M] () -- C:\Users\Benjamin\Desktop\Avast - Protokoll.png
[2011.09.25 17:57:46 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.09.25 17:57:46 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.25 15:01:45 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.21 12:28:37 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.09.21 12:28:36 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.09.18 22:06:50 | 001,612,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.18 22:06:50 | 000,696,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.18 22:06:50 | 000,651,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.18 22:06:50 | 000,147,924 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.18 22:06:50 | 000,120,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.14 22:31:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.09.09 20:12:39 | 034,720,926 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 4 - 1.wav
[2011.09.09 20:12:39 | 000,135,688 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 4 - 1.sfk
[2011.09.09 20:09:19 | 001,392,018 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 3 - 2.wav
[2011.09.09 20:09:19 | 000,005,496 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 3 - 2.sfk
[2011.09.09 20:08:31 | 018,931,446 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 3 - 1.wav
[2011.09.09 20:08:31 | 000,074,008 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 3 - 1.sfk
[2011.09.08 23:04:00 | 103,298,810 | ---- | M] () -- C:\Users\Benjamin\Documents\Commtry.wav
[2011.09.08 23:04:00 | 000,403,568 | ---- | M] () -- C:\Users\Benjamin\Documents\Commtry.sfk
[2011.09.08 22:42:45 | 000,385,198 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 13.wav
[2011.09.08 22:42:45 | 000,001,560 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 13.sfk
[2011.09.08 22:42:35 | 000,363,162 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 12.wav
[2011.09.08 22:42:35 | 000,001,480 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 12.sfk
[2011.09.08 22:39:55 | 001,157,718 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 11.wav
[2011.09.08 22:39:55 | 000,004,576 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 11.sfk
[2011.09.08 22:38:10 | 000,865,658 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 10.wav
[2011.09.08 22:38:10 | 000,003,440 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 10.sfk
[2011.09.08 22:37:43 | 000,836,254 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 9.wav
[2011.09.08 22:37:43 | 000,003,328 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 9.sfk
[2011.09.08 22:37:19 | 001,244,702 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 8.wav
[2011.09.08 22:37:19 | 000,004,920 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 8.sfk
[2011.09.07 18:23:42 | 003,382,558 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 5 - 1.wav
[2011.09.07 18:23:42 | 000,013,272 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 5 - 1.sfk
[2011.09.07 14:43:41 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011.09.07 01:28:15 | 000,614,154 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 7.wav
[2011.09.07 01:28:15 | 000,002,456 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 7.sfk
[2011.09.07 01:26:04 | 001,068,326 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 2 - 1.wav
[2011.09.07 01:26:04 | 000,004,232 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 2 - 1.sfk
[2011.09.07 01:23:31 | 000,649,594 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 6.wav
[2011.09.07 01:23:31 | 000,002,592 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 6.sfk
[2011.09.07 01:22:48 | 000,460,050 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 5.wav
[2011.09.07 01:22:48 | 000,001,856 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 5.sfk
[2011.09.07 01:22:28 | 000,962,574 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 4.wav
[2011.09.07 01:22:28 | 000,003,816 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 4.sfk
[2011.09.07 01:21:56 | 003,307,806 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 3.wav
[2011.09.07 01:21:56 | 000,012,976 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 3.sfk
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.09.06 22:45:17 | 000,254,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.09.06 13:08:04 | 003,629,434 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 2.wav
[2011.09.06 13:08:04 | 000,014,232 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 2.sfk
[2011.09.05 20:22:31 | 022,729,294 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 1.wav
[2011.09.05 20:22:31 | 000,088,840 | ---- | M] () -- C:\Users\Benjamin\Documents\Track 1 - 1.sfk
[2011.09.04 21:42:10 | 000,062,556 | ---- | M] () -- C:\Users\Benjamin\Documents\ts3_clientui-win32-14642-2011-09-04 21_42_09.818939.dmp
[2011.09.02 01:39:47 | 000,012,574 | ---- | M] () -- C:\Users\Benjamin\.recently-used.xbel
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.31 01:19:28 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.30 17:36:05 | 000,682,280 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.26 20:51:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.26 20:01:24 | 000,018,216 | ---- | C] () -- C:\Users\Benjamin\Desktop\Nachrichten Präsentation.odt
[2011.09.26 18:45:07 | 000,087,615 | ---- | C] () -- C:\Users\Benjamin\Desktop\Avast - Protokoll.png
[2011.09.09 20:12:39 | 000,135,688 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 4 - 1.sfk
[2011.09.09 20:09:22 | 034,720,926 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 4 - 1.wav
[2011.09.09 20:09:19 | 000,005,496 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 3 - 2.sfk
[2011.09.09 20:08:31 | 001,392,018 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 3 - 2.wav
[2011.09.09 20:08:31 | 000,074,008 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 3 - 1.sfk
[2011.09.09 20:06:43 | 018,931,446 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 3 - 1.wav
[2011.09.08 23:04:00 | 000,403,568 | ---- | C] () -- C:\Users\Benjamin\Documents\Commtry.sfk
[2011.09.08 22:42:45 | 103,298,810 | ---- | C] () -- C:\Users\Benjamin\Documents\Commtry.wav
[2011.09.08 22:42:45 | 000,001,560 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 13.sfk
[2011.09.08 22:42:35 | 000,385,198 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 13.wav
[2011.09.08 22:42:35 | 000,001,480 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 12.sfk
[2011.09.08 22:39:55 | 000,363,162 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 12.wav
[2011.09.08 22:39:55 | 000,004,576 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 11.sfk
[2011.09.08 22:38:10 | 001,157,718 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 11.wav
[2011.09.08 22:38:10 | 000,003,440 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 10.sfk
[2011.09.08 22:37:43 | 000,865,658 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 10.wav
[2011.09.08 22:37:43 | 000,003,328 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 9.sfk
[2011.09.08 22:37:19 | 000,836,254 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 9.wav
[2011.09.08 22:37:19 | 000,004,920 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 8.sfk
[2011.09.08 22:37:11 | 001,244,702 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 8.wav
[2011.09.07 18:23:42 | 000,013,272 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 5 - 1.sfk
[2011.09.07 18:23:21 | 003,382,558 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 5 - 1.wav
[2011.09.07 14:33:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.07 01:28:15 | 000,002,456 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 7.sfk
[2011.09.07 01:28:10 | 000,614,154 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 7.wav
[2011.09.07 01:26:04 | 000,004,232 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 2 - 1.sfk
[2011.09.07 01:25:56 | 001,068,326 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 2 - 1.wav
[2011.09.07 01:23:31 | 000,002,592 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 6.sfk
[2011.09.07 01:22:48 | 000,649,594 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 6.wav
[2011.09.07 01:22:48 | 000,001,856 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 5.sfk
[2011.09.07 01:22:28 | 000,460,050 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 5.wav
[2011.09.07 01:22:28 | 000,003,816 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 4.sfk
[2011.09.07 01:21:56 | 000,962,574 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 4.wav
[2011.09.07 01:21:56 | 000,012,976 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 3.sfk
[2011.09.07 01:21:36 | 003,307,806 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 3.wav
[2011.09.06 13:08:04 | 000,014,232 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 2.sfk
[2011.09.06 13:07:42 | 003,629,434 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 2.wav
[2011.09.05 20:22:31 | 000,088,840 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 1.sfk
[2011.09.05 20:20:20 | 022,729,294 | ---- | C] () -- C:\Users\Benjamin\Documents\Track 1 - 1.wav
[2011.09.04 21:42:09 | 000,062,556 | ---- | C] () -- C:\Users\Benjamin\Documents\ts3_clientui-win32-14642-2011-09-04 21_42_09.818939.dmp
[2011.09.02 01:39:47 | 000,012,574 | ---- | C] () -- C:\Users\Benjamin\.recently-used.xbel
[2011.07.17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.10 12:54:44 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.10 12:54:43 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.07.10 12:54:43 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.05 16:29:12 | 001,574,468 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.05 13:33:47 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.05.28 09:59:27 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini
[2011.05.27 05:03:13 | 000,007,596 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\Resmon.ResmonCfg
[2011.05.26 21:45:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.26 03:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.26 03:20:58 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.05.27 00:30:15 | 000,528,896 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009.08.27 09:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.09.18 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.minecraft
[2011.06.14 12:28:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.05.27 23:01:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2011.09.18 02:09:57 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoft
[2011.05.28 14:24:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 12:08:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GameRanger
[2011.07.06 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GameTracker
[2011.09.02 01:39:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\gtk-2.0
[2011.08.01 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ImgBurn
[2011.08.29 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Kalypso Media
[2011.08.03 15:43:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Leadertech
[2011.06.07 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\MAXON
[2011.08.26 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Nokia
[2011.08.26 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Nokia Ovi Suite
[2011.07.03 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2011.08.15 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Origin
[2011.08.26 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PC Suite
[2011.05.27 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Publish Providers
[2011.07.02 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Sony
[2011.06.27 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Sony Creative Software
[2011.06.12 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TeamViewer
[2011.05.26 21:42:55 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Thunderbird
[2011.08.22 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TS3Client
[2011.08.22 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ts3overlay
[2011.08.04 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tunngle
[2011.09.09 12:46:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.05.28 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Ubisoft
[2011.09.27 06:44:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.18 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\.minecraft
[2011.08.08 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Adobe
[2011.05.27 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ATI
[2011.06.14 12:28:02 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.05.27 23:01:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DAEMON Tools Lite
[2011.07.24 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\dvdcss
[2011.09.18 02:09:57 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoft
[2011.05.28 14:24:43 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 12:08:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GameRanger
[2011.07.06 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\GameTracker
[2011.09.02 01:39:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\gtk-2.0
[2011.05.26 03:06:07 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Identities
[2011.08.01 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ImgBurn
[2011.08.29 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Kalypso Media
[2011.08.03 15:43:47 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Leadertech
[2011.05.26 03:58:26 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Macromedia
[2011.09.26 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Malwarebytes
[2011.06.07 18:42:23 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\MAXON
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Media Center Programs
[2011.07.29 13:13:35 | 000,000,000 | --SD | M] -- C:\Users\Benjamin\AppData\Roaming\Microsoft
[2011.05.26 03:52:53 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Mozilla
[2011.05.27 00:25:30 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\NCH Software
[2011.08.26 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Nokia
[2011.08.26 20:08:39 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Nokia Ovi Suite
[2011.07.03 12:08:45 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\OpenOffice.org
[2011.08.15 08:53:07 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Origin
[2011.08.26 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\PC Suite
[2011.05.27 00:35:36 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Publish Providers
[2011.06.12 13:31:00 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\SecuROM
[2011.09.27 16:36:55 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Skype
[2011.06.19 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\skypePM
[2011.07.02 21:46:05 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Sony
[2011.06.27 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Sony Creative Software
[2011.06.12 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TeamViewer
[2011.05.26 21:42:55 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Thunderbird
[2011.08.22 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TS3Client
[2011.08.22 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\ts3overlay
[2011.08.04 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Tunngle
[2011.09.09 12:46:42 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.05.28 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\Ubisoft
[2011.08.22 00:57:37 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\vlc
[2011.05.26 05:18:46 | 000,000,000 | ---D | M] -- C:\Users\Benjamin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.18 14:54:09 | 001,050,355 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\.minecraft\mcpatcher-2.1.1.exe
[2011.08.16 16:42:01 | 001,449,696 | ---- | M] (GameRanger Technologies) -- C:\Users\Benjamin\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
[2011.06.14 12:27:23 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Benjamin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.21 15:49:21 | 000,010,134 | R--- | M] () -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.01 06:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---


Mfg Benni

Alt 27.09.2011, 18:49   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\Shell\AutoRun\command - "" = E:\setup.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2011, 19:03   #12
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Hier das Logfile von OTL :
Zitat:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a241f8f3-c2d2-11e0-9ae6-00ff01000001}\ not found.
File E:\setup.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benjamin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 262144 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46521629 bytes
->Flash cache emptied: 84716 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3238112 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35653830 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09272011_195558

Files\Folders moved on Reboot...
File\Folder C:\Users\Benjamin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Hab noch ne Frage : Du meintestg das die Datein im _OTL ordern "gesichert" werden. Kann ich die dann löschen oder sollte das da lieber mal bleiben?

Mfg Benni

Alt 27.09.2011, 19:40   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.09.2011, 19:43   #14
BenniDE
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Der Report - Sagt meiner meinung nach aus das nichts mehr vorliegt oder ? und auf verknüpfungen sowie Eigene Dokumente kann ich noch zugreifen.

Zitat:
20:41:29.0013 5588 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:41:29.0104 5588 ============================================================
20:41:29.0104 5588 Current date / time: 2011/09/27 20:41:29.0104
20:41:29.0104 5588 SystemInfo:
20:41:29.0104 5588
20:41:29.0104 5588 OS Version: 6.1.7600 ServicePack: 0.0
20:41:29.0104 5588 Product type: Workstation
20:41:29.0104 5588 ComputerName: BENNIPC
20:41:29.0104 5588 UserName: Benjamin
20:41:29.0104 5588 Windows directory: C:\Windows
20:41:29.0104 5588 System windows directory: C:\Windows
20:41:29.0104 5588 Running under WOW64
20:41:29.0104 5588 Processor architecture: Intel x64
20:41:29.0104 5588 Number of processors: 4
20:41:29.0104 5588 Page size: 0x1000
20:41:29.0104 5588 Boot type: Normal boot
20:41:29.0104 5588 ============================================================
20:41:29.0794 5588 Initialize success
20:41:40.0393 4708 ============================================================
20:41:40.0393 4708 Scan started
20:41:40.0393 4708 Mode: Manual;
20:41:40.0393 4708 ============================================================
20:41:40.0802 4708 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:41:40.0805 4708 1394ohci - ok
20:41:40.0833 4708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:41:40.0836 4708 ACPI - ok
20:41:40.0862 4708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:41:40.0864 4708 AcpiPmi - ok
20:41:40.0946 4708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:41:40.0954 4708 adp94xx - ok
20:41:40.0982 4708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:41:40.0985 4708 adpahci - ok
20:41:41.0007 4708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:41:41.0009 4708 adpu320 - ok
20:41:41.0057 4708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
20:41:41.0061 4708 AFD - ok
20:41:41.0078 4708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:41:41.0080 4708 agp440 - ok
20:41:41.0101 4708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:41:41.0103 4708 aliide - ok
20:41:41.0160 4708 ALSysIO - ok
20:41:41.0220 4708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:41:41.0223 4708 amdide - ok
20:41:41.0287 4708 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
20:41:41.0289 4708 amdiox64 - ok
20:41:41.0315 4708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:41:41.0327 4708 AmdK8 - ok
20:41:41.0521 4708 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
20:41:41.0654 4708 amdkmdag - ok
20:41:41.0719 4708 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
20:41:41.0724 4708 amdkmdap - ok
20:41:41.0744 4708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:41:41.0745 4708 AmdPPM - ok
20:41:41.0785 4708 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:41:41.0787 4708 amdsata - ok
20:41:41.0807 4708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:41:41.0809 4708 amdsbs - ok
20:41:41.0862 4708 AmdTools (3d76b267334d209d0f072a9ed5e31d6f) C:\Windows\system32\DRIVERS\AmdTools64.sys
20:41:41.0863 4708 AmdTools - ok
20:41:41.0886 4708 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:41:41.0887 4708 amdxata - ok
20:41:41.0902 4708 AODDriver4.01 - ok
20:41:41.0940 4708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:41:41.0944 4708 AppID - ok
20:41:41.0979 4708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:41:41.0981 4708 arc - ok
20:41:42.0012 4708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:41:42.0014 4708 arcsas - ok
20:41:42.0053 4708 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
20:41:42.0053 4708 aswFsBlk - ok
20:41:42.0096 4708 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
20:41:42.0097 4708 aswMonFlt - ok
20:41:42.0143 4708 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
20:41:42.0144 4708 aswRdr - ok
20:41:42.0183 4708 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
20:41:42.0192 4708 aswSnx - ok
20:41:42.0226 4708 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
20:41:42.0231 4708 aswSP - ok
20:41:42.0259 4708 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
20:41:42.0260 4708 aswTdi - ok
20:41:42.0277 4708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:42.0278 4708 AsyncMac - ok
20:41:42.0304 4708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:41:42.0304 4708 atapi - ok
20:41:42.0394 4708 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
20:41:42.0400 4708 AtiHDAudioService - ok
20:41:42.0446 4708 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:41:42.0451 4708 atksgt - ok
20:41:42.0540 4708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:41:42.0546 4708 b06bdrv - ok
20:41:42.0590 4708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:41:42.0592 4708 b57nd60a - ok
20:41:42.0621 4708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:41:42.0622 4708 Beep - ok
20:41:42.0643 4708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:41:42.0644 4708 blbdrive - ok
20:41:42.0671 4708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:41:42.0675 4708 bowser - ok
20:41:42.0700 4708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:41:42.0702 4708 BrFiltLo - ok
20:41:42.0726 4708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:41:42.0728 4708 BrFiltUp - ok
20:41:42.0761 4708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:41:42.0765 4708 Brserid - ok
20:41:42.0791 4708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:41:42.0792 4708 BrSerWdm - ok
20:41:42.0812 4708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:41:42.0813 4708 BrUsbMdm - ok
20:41:42.0836 4708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:41:42.0838 4708 BrUsbSer - ok
20:41:42.0856 4708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:41:42.0858 4708 BTHMODEM - ok
20:41:42.0883 4708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:41:42.0885 4708 cdfs - ok
20:41:42.0907 4708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:41:42.0909 4708 cdrom - ok
20:41:42.0943 4708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:41:42.0945 4708 circlass - ok
20:41:42.0972 4708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:41:42.0976 4708 CLFS - ok
20:41:43.0031 4708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:41:43.0034 4708 CmBatt - ok
20:41:43.0061 4708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:41:43.0063 4708 cmdide - ok
20:41:43.0107 4708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:41:43.0115 4708 CNG - ok
20:41:43.0141 4708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:41:43.0145 4708 Compbatt - ok
20:41:43.0172 4708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:41:43.0175 4708 CompositeBus - ok
20:41:43.0200 4708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:41:43.0202 4708 crcdisk - ok
20:41:43.0256 4708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:41:43.0258 4708 DfsC - ok
20:41:43.0286 4708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:41:43.0288 4708 discache - ok
20:41:43.0320 4708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:41:43.0321 4708 Disk - ok
20:41:43.0368 4708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:41:43.0371 4708 drmkaud - ok
20:41:43.0407 4708 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:41:43.0409 4708 dtsoftbus01 - ok
20:41:43.0461 4708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:41:43.0474 4708 DXGKrnl - ok
20:41:43.0495 4708 EagleX64 - ok
20:41:43.0561 4708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:41:43.0630 4708 ebdrv - ok
20:41:43.0672 4708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:41:43.0677 4708 elxstor - ok
20:41:43.0703 4708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:41:43.0705 4708 ErrDev - ok
20:41:43.0730 4708 ESLvnic1 (c33acb897af927d1c1bd84f211fae75b) C:\Windows\system32\DRIVERS\ESLvnic.sys
20:41:43.0731 4708 ESLvnic1 - ok
20:41:43.0770 4708 ESLWireAC (a9c7dc1400d32f69a5510205e7938e4c) C:\Windows\system32\drivers\ESLWireACD.sys
20:41:43.0771 4708 ESLWireAC - ok
20:41:43.0802 4708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:41:43.0804 4708 exfat - ok
20:41:43.0830 4708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:41:43.0833 4708 fastfat - ok
20:41:43.0860 4708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:41:43.0863 4708 fdc - ok
20:41:43.0899 4708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:41:43.0901 4708 FileInfo - ok
20:41:43.0932 4708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:41:43.0934 4708 Filetrace - ok
20:41:43.0960 4708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:41:43.0961 4708 flpydisk - ok
20:41:43.0986 4708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:41:43.0989 4708 FltMgr - ok
20:41:44.0015 4708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:41:44.0016 4708 FsDepends - ok
20:41:44.0035 4708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:41:44.0036 4708 Fs_Rec - ok
20:41:44.0073 4708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:41:44.0078 4708 fvevol - ok
20:41:44.0115 4708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:41:44.0119 4708 gagp30kx - ok
20:41:44.0127 4708 gdrv - ok
20:41:44.0169 4708 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
20:41:44.0172 4708 GVTDrv64 - ok
20:41:44.0211 4708 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:41:44.0212 4708 hamachi - ok
20:41:44.0266 4708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:41:44.0270 4708 hcw85cir - ok
20:41:44.0338 4708 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:41:44.0346 4708 HdAudAddService - ok
20:41:44.0381 4708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:41:44.0384 4708 HDAudBus - ok
20:41:44.0410 4708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:41:44.0411 4708 HidBatt - ok
20:41:44.0429 4708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:41:44.0431 4708 HidBth - ok
20:41:44.0449 4708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:41:44.0450 4708 HidIr - ok
20:41:44.0488 4708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:41:44.0490 4708 HidUsb - ok
20:41:44.0521 4708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:41:44.0523 4708 HpSAMD - ok
20:41:44.0567 4708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:41:44.0574 4708 HTTP - ok
20:41:44.0596 4708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:41:44.0596 4708 hwpolicy - ok
20:41:44.0638 4708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:41:44.0641 4708 i8042prt - ok
20:41:44.0671 4708 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:41:44.0675 4708 iaStorV - ok
20:41:44.0711 4708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:41:44.0713 4708 iirsp - ok
20:41:44.0811 4708 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
20:41:44.0833 4708 IntcAzAudAddService - ok
20:41:44.0857 4708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:41:44.0859 4708 intelide - ok
20:41:44.0896 4708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:41:44.0898 4708 intelppm - ok
20:41:44.0928 4708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:41:44.0931 4708 IpFilterDriver - ok
20:41:44.0959 4708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:41:44.0962 4708 IPMIDRV - ok
20:41:44.0985 4708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:41:44.0987 4708 IPNAT - ok
20:41:45.0005 4708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:41:45.0007 4708 IRENUM - ok
20:41:45.0036 4708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:41:45.0038 4708 isapnp - ok
20:41:45.0061 4708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:41:45.0064 4708 iScsiPrt - ok
20:41:45.0119 4708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:41:45.0121 4708 kbdclass - ok
20:41:45.0144 4708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:41:45.0146 4708 kbdhid - ok
20:41:45.0168 4708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:41:45.0171 4708 KSecDD - ok
20:41:45.0211 4708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:41:45.0213 4708 KSecPkg - ok
20:41:45.0233 4708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:41:45.0234 4708 ksthunk - ok
20:41:45.0321 4708 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
20:41:45.0323 4708 LGBusEnum - ok
20:41:45.0367 4708 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
20:41:45.0369 4708 LGVirHid - ok
20:41:45.0421 4708 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:41:45.0424 4708 LHidFilt - ok
20:41:45.0456 4708 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:41:45.0458 4708 lirsgt - ok
20:41:45.0485 4708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:41:45.0487 4708 lltdio - ok
20:41:45.0518 4708 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:41:45.0519 4708 LMouFilt - ok
20:41:45.0543 4708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:41:45.0546 4708 LSI_FC - ok
20:41:45.0580 4708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:41:45.0582 4708 LSI_SAS - ok
20:41:45.0603 4708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:41:45.0606 4708 LSI_SAS2 - ok
20:41:45.0633 4708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:41:45.0636 4708 LSI_SCSI - ok
20:41:45.0661 4708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:41:45.0663 4708 luafv - ok
20:41:45.0681 4708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:41:45.0682 4708 megasas - ok
20:41:45.0709 4708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:41:45.0712 4708 MegaSR - ok
20:41:45.0733 4708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:41:45.0735 4708 Modem - ok
20:41:45.0757 4708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:41:45.0758 4708 monitor - ok
20:41:45.0790 4708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:41:45.0791 4708 mouclass - ok
20:41:45.0811 4708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:41:45.0813 4708 mouhid - ok
20:41:45.0834 4708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:41:45.0837 4708 mountmgr - ok
20:41:45.0859 4708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:41:45.0862 4708 mpio - ok
20:41:45.0886 4708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:41:45.0888 4708 mpsdrv - ok
20:41:45.0918 4708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:41:45.0921 4708 MRxDAV - ok
20:41:45.0963 4708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:45.0968 4708 mrxsmb - ok
20:41:46.0026 4708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:46.0029 4708 mrxsmb10 - ok
20:41:46.0050 4708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:46.0053 4708 mrxsmb20 - ok
20:41:46.0080 4708 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:41:46.0081 4708 msahci - ok
20:41:46.0105 4708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:41:46.0107 4708 msdsm - ok
20:41:46.0150 4708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:41:46.0152 4708 Msfs - ok
20:41:46.0176 4708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:41:46.0177 4708 mshidkmdf - ok
20:41:46.0202 4708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:41:46.0203 4708 msisadrv - ok
20:41:46.0265 4708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:41:46.0268 4708 MSKSSRV - ok
20:41:46.0296 4708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:46.0300 4708 MSPCLOCK - ok
20:41:46.0334 4708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:41:46.0337 4708 MSPQM - ok
20:41:46.0365 4708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:41:46.0369 4708 MsRPC - ok
20:41:46.0393 4708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:41:46.0394 4708 mssmbios - ok
20:41:46.0423 4708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:41:46.0425 4708 MSTEE - ok
20:41:46.0457 4708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:41:46.0459 4708 MTConfig - ok
20:41:46.0488 4708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:41:46.0489 4708 Mup - ok
20:41:46.0532 4708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:41:46.0539 4708 NativeWifiP - ok
20:41:46.0592 4708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:41:46.0601 4708 NDIS - ok
20:41:46.0633 4708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:41:46.0635 4708 NdisCap - ok
20:41:46.0669 4708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:46.0671 4708 NdisTapi - ok
20:41:46.0697 4708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:46.0700 4708 Ndisuio - ok
20:41:46.0724 4708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:46.0726 4708 NdisWan - ok
20:41:46.0751 4708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:41:46.0755 4708 NDProxy - ok
20:41:46.0780 4708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:41:46.0782 4708 NetBIOS - ok
20:41:46.0809 4708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:41:46.0812 4708 NetBT - ok
20:41:46.0861 4708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:41:46.0864 4708 nfrd960 - ok
20:41:46.0911 4708 nmwcd (88f2f2cb9faee2e14bccf384f4c88061) C:\Windows\system32\drivers\ccdcmbx64.sys
20:41:46.0913 4708 nmwcd - ok
20:41:46.0961 4708 nmwcdc (31c1fac4ae14fb2f8771c59ba3f90bad) C:\Windows\system32\drivers\ccdcmbox64.sys
20:41:46.0964 4708 nmwcdc - ok
20:41:46.0989 4708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:41:46.0992 4708 Npfs - ok
20:41:47.0015 4708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:41:47.0016 4708 nsiproxy - ok
20:41:47.0056 4708 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:41:47.0088 4708 Ntfs - ok
20:41:47.0104 4708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:41:47.0106 4708 Null - ok
20:41:47.0136 4708 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:41:47.0138 4708 nvraid - ok
20:41:47.0167 4708 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:41:47.0170 4708 nvstor - ok
20:41:47.0206 4708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:41:47.0210 4708 nv_agp - ok
20:41:47.0228 4708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:41:47.0230 4708 ohci1394 - ok
20:41:47.0266 4708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:41:47.0269 4708 Parport - ok
20:41:47.0292 4708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:41:47.0294 4708 partmgr - ok
20:41:47.0335 4708 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:41:47.0338 4708 pccsmcfd - ok
20:41:47.0361 4708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:41:47.0363 4708 pci - ok
20:41:47.0382 4708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:41:47.0383 4708 pciide - ok
20:41:47.0410 4708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:41:47.0412 4708 pcmcia - ok
20:41:47.0444 4708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:41:47.0445 4708 pcw - ok
20:41:47.0485 4708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:41:47.0491 4708 PEAUTH - ok
20:41:47.0564 4708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:41:47.0567 4708 PptpMiniport - ok
20:41:47.0599 4708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:41:47.0602 4708 Processor - ok
20:41:47.0638 4708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:41:47.0640 4708 Psched - ok
20:41:47.0707 4708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:41:47.0722 4708 ql2300 - ok
20:41:47.0752 4708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:41:47.0755 4708 ql40xx - ok
20:41:47.0772 4708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:41:47.0773 4708 QWAVEdrv - ok
20:41:47.0800 4708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:41:47.0802 4708 RasAcd - ok
20:41:47.0827 4708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:41:47.0829 4708 RasAgileVpn - ok
20:41:47.0850 4708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:47.0851 4708 Rasl2tp - ok
20:41:47.0880 4708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:47.0884 4708 RasPppoe - ok
20:41:47.0921 4708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:41:47.0923 4708 RasSstp - ok
20:41:47.0952 4708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:41:47.0955 4708 rdbss - ok
20:41:47.0983 4708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:41:47.0986 4708 rdpbus - ok
20:41:48.0004 4708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:48.0005 4708 RDPCDD - ok
20:41:48.0027 4708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:41:48.0029 4708 RDPENCDD - ok
20:41:48.0041 4708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:41:48.0042 4708 RDPREFMP - ok
20:41:48.0067 4708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:41:48.0070 4708 RDPWD - ok
20:41:48.0107 4708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:41:48.0109 4708 rdyboost - ok
20:41:48.0137 4708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:41:48.0139 4708 rspndr - ok
20:41:48.0200 4708 RTHDMIAzAudService (116d03e901246ac7af006121e1e22842) C:\Windows\system32\drivers\RtHDMIVX.sys
20:41:48.0202 4708 RTHDMIAzAudService - ok
20:41:48.0250 4708 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:41:48.0253 4708 RTL8167 - ok
20:41:48.0292 4708 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
20:41:48.0295 4708 RtNdPt60 - ok
20:41:48.0328 4708 RTTEAMPT (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
20:41:48.0331 4708 RTTEAMPT - ok
20:41:48.0355 4708 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
20:41:48.0357 4708 RTVLANPT - ok
20:41:48.0381 4708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:41:48.0383 4708 sbp2port - ok
20:41:48.0412 4708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:41:48.0413 4708 scfilter - ok
20:41:48.0443 4708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:41:48.0445 4708 secdrv - ok
20:41:48.0476 4708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:41:48.0479 4708 Serenum - ok
20:41:48.0501 4708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:41:48.0503 4708 Serial - ok
20:41:48.0521 4708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:41:48.0523 4708 sermouse - ok
20:41:48.0557 4708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:41:48.0559 4708 sffdisk - ok
20:41:48.0587 4708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:41:48.0590 4708 sffp_mmc - ok
20:41:48.0619 4708 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:41:48.0621 4708 sffp_sd - ok
20:41:48.0642 4708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:41:48.0643 4708 sfloppy - ok
20:41:48.0677 4708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:41:48.0679 4708 SiSRaid2 - ok
20:41:48.0705 4708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:41:48.0707 4708 SiSRaid4 - ok
20:41:48.0733 4708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:41:48.0736 4708 Smb - ok
20:41:48.0775 4708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:41:48.0776 4708 spldr - ok
20:41:48.0824 4708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:41:48.0829 4708 srv - ok
20:41:48.0866 4708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:41:48.0870 4708 srv2 - ok
20:41:48.0914 4708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:41:48.0916 4708 srvnet - ok
20:41:48.0966 4708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:41:48.0970 4708 stexstor - ok
20:41:49.0019 4708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:41:49.0021 4708 swenum - ok
20:41:49.0083 4708 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
20:41:49.0085 4708 tap0901t - ok
20:41:49.0145 4708 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
20:41:49.0177 4708 Tcpip - ok
20:41:49.0225 4708 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
20:41:49.0236 4708 TCPIP6 - ok
20:41:49.0268 4708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:41:49.0270 4708 tcpipreg - ok
20:41:49.0296 4708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:41:49.0297 4708 TDPIPE - ok
20:41:49.0319 4708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:41:49.0320 4708 TDTCP - ok
20:41:49.0339 4708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:41:49.0360 4708 tdx - ok
20:41:49.0439 4708 TEAM (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
20:41:49.0440 4708 TEAM - ok
20:41:49.0482 4708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:41:49.0483 4708 TermDD - ok
20:41:49.0523 4708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:49.0524 4708 tssecsrv - ok
20:41:49.0554 4708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:41:49.0557 4708 tunnel - ok
20:41:49.0582 4708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:41:49.0584 4708 uagp35 - ok
20:41:49.0608 4708 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:41:49.0612 4708 udfs - ok
20:41:49.0650 4708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:41:49.0653 4708 uliagpkx - ok
20:41:49.0678 4708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:41:49.0681 4708 umbus - ok
20:41:49.0703 4708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:41:49.0705 4708 UmPass - ok
20:41:49.0791 4708 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) B:\Programme\Unlocker\UnlockerDriver5.sys
20:41:49.0794 4708 UnlockerDriver5 - ok
20:41:49.0858 4708 upperdev (fbd861e69e1f583bec906fcd04e4f84e) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:41:49.0863 4708 upperdev - ok
20:41:49.0902 4708 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:49.0907 4708 usbccgp - ok
20:41:49.0941 4708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:41:49.0945 4708 usbcir - ok
20:41:49.0961 4708 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:41:49.0962 4708 usbehci - ok
20:41:49.0990 4708 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
20:41:49.0993 4708 usbhub - ok
20:41:50.0023 4708 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:41:50.0025 4708 usbohci - ok
20:41:50.0045 4708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:41:50.0047 4708 usbprint - ok
20:41:50.0075 4708 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
20:41:50.0078 4708 usbser - ok
20:41:50.0126 4708 UsbserFilt (0fbb0080b287bbcbf5c7076e3d74a35c) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:41:50.0127 4708 UsbserFilt - ok
20:41:50.0149 4708 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:50.0150 4708 USBSTOR - ok
20:41:50.0179 4708 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:41:50.0182 4708 usbuhci - ok
20:41:50.0257 4708 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
20:41:50.0262 4708 VBoxDrv - ok
20:41:50.0306 4708 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:41:50.0310 4708 VBoxNetAdp - ok
20:41:50.0360 4708 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
20:41:50.0364 4708 VBoxNetFlt - ok
20:41:50.0428 4708 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
20:41:50.0432 4708 VBoxUSBMon - ok
20:41:50.0473 4708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:41:50.0475 4708 vdrvroot - ok
20:41:50.0534 4708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:50.0538 4708 vga - ok
20:41:50.0568 4708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:41:50.0572 4708 VgaSave - ok
20:41:50.0604 4708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:41:50.0610 4708 vhdmp - ok
20:41:50.0643 4708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:41:50.0646 4708 viaide - ok
20:41:50.0678 4708 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
20:41:50.0680 4708 VLAN - ok
20:41:50.0708 4708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:41:50.0710 4708 volmgr - ok
20:41:50.0736 4708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:41:50.0739 4708 volmgrx - ok
20:41:50.0765 4708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:41:50.0769 4708 volsnap - ok
20:41:50.0804 4708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:41:50.0807 4708 vsmraid - ok
20:41:50.0835 4708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:41:50.0837 4708 vwifibus - ok
20:41:50.0869 4708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:41:50.0871 4708 WacomPen - ok
20:41:50.0900 4708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:50.0903 4708 WANARP - ok
20:41:50.0908 4708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:41:50.0909 4708 Wanarpv6 - ok
20:41:50.0963 4708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:41:50.0964 4708 Wd - ok
20:41:50.0996 4708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:41:51.0003 4708 Wdf01000 - ok
20:41:51.0035 4708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:41:51.0036 4708 WfpLwf - ok
20:41:51.0057 4708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:41:51.0059 4708 WIMMount - ok
20:41:51.0122 4708 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:41:51.0125 4708 WinUsb - ok
20:41:51.0155 4708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:41:51.0156 4708 WmiAcpi - ok
20:41:51.0200 4708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:41:51.0201 4708 ws2ifsl - ok
20:41:51.0227 4708 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:41:51.0229 4708 WudfPf - ok
20:41:51.0261 4708 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:41:51.0264 4708 WUDFRd - ok
20:41:51.0319 4708 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
20:41:51.0321 4708 xusb21 - ok
20:41:51.0344 4708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:41:51.0350 4708 \Device\Harddisk0\DR0 - ok
20:41:51.0356 4708 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
20:41:51.0362 4708 \Device\Harddisk1\DR1 - ok
20:41:51.0370 4708 Boot (0x1200) (a76946ffa1c936d2d5826aa681c90da8) \Device\Harddisk0\DR0\Partition0
20:41:51.0372 4708 \Device\Harddisk0\DR0\Partition0 - ok
20:41:51.0375 4708 Boot (0x1200) (b2b8a7288451117aeeb0f781b045485f) \Device\Harddisk0\DR0\Partition1
20:41:51.0375 4708 \Device\Harddisk0\DR0\Partition1 - ok
20:41:51.0398 4708 Boot (0x1200) (b2abad257deee9c3598cf2c83e72fdd7) \Device\Harddisk0\DR0\Partition2
20:41:51.0398 4708 \Device\Harddisk0\DR0\Partition2 - ok
20:41:51.0403 4708 Boot (0x1200) (416193af1bb7ee848e43d4577c487e72) \Device\Harddisk1\DR1\Partition0
20:41:51.0403 4708 \Device\Harddisk1\DR1\Partition0 - ok
20:41:51.0404 4708 ============================================================
20:41:51.0404 4708 Scan finished
20:41:51.0404 4708 ============================================================
20:41:51.0413 1412 Detected object count: 0
20:41:51.0413 1412 Actual detected object count: 0


Mfg Benni

Alt 27.09.2011, 19:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Standard

Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!
.dll, anwendungen, avast, avast!, booten, ebenfalls, edition, fehler, folge, forum, frage, fund, herunterfahren, komische, leute, problem, ram, reboot, rum, speicher, starten, trojaner, vieren, virus, win, win32, win32:cycbot-ki[trj]



Ähnliche Themen: Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!


  1. backdoor:win32/Cycbot.G und HTML/Rce.Gen bin ich sie los?
    Log-Analyse und Auswertung - 10.11.2011 (4)
  2. Backdoor:Win32/Cycbot.G wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (12)
  3. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Log-Analyse und Auswertung - 13.07.2011 (13)
  4. Win32:Cycbot-Fo fund in C:\USERS\DARK\APPDATA\ROAMING\MICROSOFT\CONHOST.EXE
    Plagegeister aller Art und deren Bekämpfung - 03.07.2011 (3)
  5. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (17)
  6. Backdoorprogramm:win32/Cycbot.B. + Proxy verändert
    Plagegeister aller Art und deren Bekämpfung - 09.04.2011 (35)
  7. Trojaner(?) - "Backdoor:Win32/Cycbot.B" fund durch Windows Defender
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (23)
  8. win32/cycbot.b
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (5)
  9. Win32/cycbot.B
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (62)
  10. C:\Windows\System32 Virusbefall durch backdoor:win32 cycbot.B
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (61)
  11. win32/cycbot auf Windows 7 kehrt immer wieder zurück..
    Plagegeister aller Art und deren Bekämpfung - 29.01.2011 (33)
  12. Backdoor:Win32/Cycbot.B - Infiziert seit dem 25.12.2010, Meldung durch Windows Defender.
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (1)
  13. Virusbefall durch " Backdoor:Win32/Cycbot.B ",kann ihn nicht beseitigen
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (1)
  14. Backdoor:Win32/Cycbot.B - bin ich ihn losgeworden?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2010 (13)
  15. Backdoor:Win32/Cycbot.B, und andere!
    Plagegeister aller Art und deren Bekämpfung - 24.11.2010 (6)
  16. Vierenfund (Win32:Trojan-gen {VC}), system jetzt sauber?
    Log-Analyse und Auswertung - 07.04.2008 (5)
  17. Vierenfund in Inbox von Thunderbird (?)
    Antiviren-, Firewall- und andere Schutzprogramme - 22.08.2004 (2)

Zum Thema Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! - Hallo Leute, Habe folgendes Problem: Habe vorhin eine meiner Wöchentlichen Avast! Virenprüfungen gemacht und habe dabei auf meinem Speicher mehrmals den Trojaner : Win32:Cycbot-KI gefunden. Das Komische daran war die - Vierenfund : Win32:Cycbot-KI[Trj] bei Avast!...
Archiv
Du betrachtest: Vierenfund : Win32:Cycbot-KI[Trj] bei Avast! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.