Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr? (https://www.trojaner-board.de/110920-virus-heruntergeladen-ausgefuehrt-besteht-trotzdem-gefahr.html)

hannyy 04.03.2012 22:28

Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr?
 
Hallo,

ich habe heute eine .exe Datei heruntergeladen und sie mit Virustotal.com überprüfen lassen, es wurden mehrere Viren bzw Trojaner gefunden. Natürlich habe ich die Datei sofort gelöscht, aber ich bin trotzdem verunsichert ob mein System infiziert ist oder nicht. Malwarebytes Anti-Malware hat nichts gefunden, aber man weiß ja nie, ob sich nicht doch irgendwas eingenistet hat.

Hier mal meine OTL-Logfile:
Code:

OTL Extras logfile created on: 3/4/2012 9:42:37 PM - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.57% Memory free
8.00 Gb Paging File | 6.28 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 320.97 Gb Free Space | 68.93% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78D1E6B0-97D3-0A51-FD5B-450E08A71367}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCE26847-79A9-56FF-908E-C02FAA7705B3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai
"{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy
"{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese
"{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian
"{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"HbsMozillaLauncher" = HbsMozillaLauncher 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mythos" = Mythos
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 34330" = Total War: SHOGUN 2
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/3/2012 9:15:02 AM | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/3/2012 9:15:02 AM | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
 
Error - 3/3/2012 9:15:02 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
 
Error - 3/3/2012 9:15:03 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/3/2012 9:15:03 AM | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026
 
Error - 3/3/2012 9:15:03 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error - 3/3/2012 7:38:19 PM | Computer Name = *** ****
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7349f1c9
ID
 des fehlerhaften Prozesses: 0xfa8  Startzeit der fehlerhaften Anwendung: 0x01ccf98ec622f6a0
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\bleachgeek\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 f470f7ed-6589-11e1-863a-6cf0491ed4b6
 
Error - 3/4/2012 5:40:34 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 3/4/2012 2:56:22 PM | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 3/4/2012 4:28:40 PM | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 2/18/2012 3:26:06 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/18/2012 3:26:06 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/18/2012 3:26:07 PM | Computer Name = **** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/23/2012 5:23:16 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:16 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:17 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:18 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/25/2012 9:18:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 2/25/2012 9:18:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 2/27/2012 1:31:48 PM | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >


Psychotic 05.03.2012 07:59

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.


Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1: Defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.



Schritt 2: OTL-Logdatei posten

Du hast mir leider die Extras.txt gepostet - diese hilft uns nicht weiter. Für den Moment benötigen wir die OTL-TXT. Diese findest du unter C:\_OTL.


Schritt 3: aswMBR


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.


Schritt 4: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

hannyy 05.03.2012 16:20

Erstmal danke für deine schnelle Hilfe!
Hier erstmal die Logs, ich hoffe diesmal die richtigen! :):

OTL-Logfile:
Code:

OTL logfile created on: 3/5/2012 3:21:16 PM - Run 2
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Users\******\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 76.05% Memory free
8.00 Gb Paging File | 6.86 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 306.89 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 93 C0 4B 3F B8 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@hanbiton.com/HbsMozillaLauncher: C:\ProgramData\hanbitsoft\nphlauncher.dll (hanbitsoft)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 15:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:46:02 | 000,000,000 | ---D | M]
 
[2011/12/05 17:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2012/03/04 19:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\4t6mrjoy.default\extensions
[2011/12/30 21:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\EXTENSION@HIDEMYASS.COM.XPI
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012/02/17 15:59:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/30 21:12:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/04 18:48:22 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/30 21:12:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/30 21:12:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/30 21:12:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/30 21:12:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/30 21:12:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A203D69-70C0-4B9F-86B8-050499BF1FB9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e86b701-2d51-11e1-8b67-6cf0491ed4b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0e86b701-2d51-11e1-8b67-6cf0491ed4b6}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{15fd2d9e-1fa5-11e1-9b0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15fd2d9e-1fa5-11e1-9b0d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/04 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Darkfall
[2012/03/04 22:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall
[2012/03/04 22:54:22 | 058,622,848 | ---- | C] (Aventurine) -- C:\Users\******\Desktop\Darkfall.exe
[2012/03/04 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Darkfall US
[2012/03/04 22:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall US
[2012/03/04 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darkfall US
[2012/03/04 21:41:31 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012/03/04 20:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 20:06:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/04 18:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/03/04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2012/03/04 16:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 16:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darkfall
[2012/03/04 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Darkfall 1.0.43
[2012/03/03 22:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/03/03 22:11:56 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/03/03 22:06:41 | 000,000,000 | --SD | C] -- C:\Users\******\Documents\Mabinogi
[2012/03/03 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/03/03 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maginogi
[2012/03/03 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/03/03 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\app
[2012/03/03 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/03/03 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Dofus2
[2012/02/28 18:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012/02/28 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012/02/28 16:44:47 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/02/28 16:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/27 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\T3fun
[2012/02/27 21:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hanbitsoft
[2012/02/27 21:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T3Fun
[2012/02/27 20:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mythos
[2012/02/26 13:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012/02/26 13:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/02/26 13:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012/02/25 23:36:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/25 17:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/02/24 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Hi-Rez Studios
[2012/02/24 20:44:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/02/20 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/02/20 22:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/02/20 22:16:55 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/02/17 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\PBlackout
[2012/02/17 17:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Blackout
[2012/02/15 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\******\jagexcache
[2012/02/15 17:29:49 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\RIFT
[2012/02/15 16:26:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 16:25:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 16:25:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 16:25:53 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 16:25:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 16:25:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 16:25:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 16:25:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 16:25:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 16:25:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 16:25:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/09 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\HP
[2012/02/07 20:14:06 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/07 20:14:06 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/07 20:14:06 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/07 20:14:06 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/02/07 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/02/07 17:03:19 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\3DMark 11
[2012/02/07 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\IsolatedStorage
[2012/02/07 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Futuremark_Corporation
[2012/02/07 16:25:18 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\ElevatedDiagnostics
[2012/02/04 17:56:01 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\StarCraft II
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/05 15:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 15:19:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 15:17:55 | 000,000,000 | ---- | M] () -- C:\Users\******\defogger_reenable
[2012/03/05 15:16:25 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2012/03/05 14:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 14:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 14:30:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 14:30:42 | 000,653,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/05 14:30:42 | 000,626,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 14:30:42 | 000,129,796 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/05 14:30:42 | 000,106,644 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 22:56:53 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Darkfall EU.lnk
[2012/03/04 22:55:46 | 058,622,848 | ---- | M] (Aventurine) -- C:\Users\******\Desktop\Darkfall.exe
[2012/03/04 21:41:36 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012/03/04 20:06:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/03 19:53:35 | 000,000,008 | ---- | M] () -- C:\Users\******\AppData\Roaming\DofusAppId0_2
[2012/03/03 19:49:14 | 000,000,173 | ---- | M] () -- C:\Users\******\AppData\Roaming\D2Info0
[2012/03/01 21:12:47 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/01 21:12:47 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/01 21:11:57 | 000,281,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/29 18:45:16 | 000,025,147 | ---- | M] () -- C:\Users\******\Desktop\Schutz des tropischen Regenwalds.odt
[2012/02/28 17:15:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/28 16:44:47 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk
[2012/02/27 21:33:03 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mythos.lnk
[2012/02/26 13:47:11 | 000,001,838 | ---- | M] () -- C:\Users\******\Desktop\TERA.lnk
[2012/02/22 13:57:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/20 20:48:32 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/02/16 14:20:06 | 000,293,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 19:56:40 | 000,000,001 | ---- | M] () -- C:\Users\******\random.dat
[2012/02/15 19:56:35 | 000,000,044 | ---- | M] () -- C:\Users\******\jagex_cl_runescape_LIVE.dat
[2012/02/15 19:22:40 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/09 18:30:30 | 000,221,149 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/02/07 20:14:06 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/07 20:14:06 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/07 20:14:06 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/07 20:14:06 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/05 15:17:55 | 000,000,000 | ---- | C] () -- C:\Users\******\defogger_reenable
[2012/03/05 15:16:24 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2012/03/04 22:56:53 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Darkfall EU.lnk
[2012/03/04 20:06:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/03 19:49:14 | 000,000,173 | ---- | C] () -- C:\Users\******\AppData\Roaming\D2Info0
[2012/03/03 19:49:14 | 000,000,008 | ---- | C] () -- C:\Users\******\AppData\Roaming\DofusAppId0_2
[2012/02/28 19:27:05 | 000,025,147 | ---- | C] () -- C:\Users\******\Desktop\Schutz des tropischen Regenwalds.odt
[2012/02/28 16:44:47 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk
[2012/02/28 16:41:42 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/02/27 21:33:03 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mythos.lnk
[2012/02/26 13:47:11 | 000,001,838 | ---- | C] () -- C:\Users\******\Desktop\TERA.lnk
[2012/02/15 19:56:35 | 000,000,044 | ---- | C] () -- C:\Users\******\jagex_cl_runescape_LIVE.dat
[2012/02/15 19:56:35 | 000,000,001 | ---- | C] () -- C:\Users\******\random.dat
[2012/02/09 18:30:24 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/19 21:41:41 | 000,221,149 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/19 21:41:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/17 17:53:12 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/12/17 16:34:41 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/17 16:34:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/13 22:58:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/12/06 02:14:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

< End of report >

aswMBR:
Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 15:46:24
-----------------------------
15:46:24.809    OS Version: Windows x64 6.1.7601 Service Pack 1
15:46:24.809    Number of processors: 4 586 0x403
15:46:24.809    ComputerName: ***-PC  UserName: ***
15:46:26.199    Initialize success
15:48:07.638    AVAST engine defs: 12030500
15:48:15.159    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:48:15.159    Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3EA Size: 476940MB BusType: 3
15:48:15.209    Disk 0 MBR read successfully
15:48:15.219    Disk 0 MBR scan
15:48:15.239    Disk 0 Windows 7 default MBR code
15:48:15.239    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:48:15.259    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      476838 MB offset 206848
15:48:15.289    Disk 0 scanning C:\Windows\system32\drivers
15:48:25.320    Service scanning
15:48:49.612    Modules scanning
15:48:49.622    Disk 0 trace - called modules:
15:48:49.642    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:48:49.652    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a35060]
15:48:49.652    3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa8003acd520]
15:48:49.662    5 ACPI.sys[fffff88000e787a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003acb680]
15:48:51.022    AVAST engine scan C:\Windows
15:48:53.213    AVAST engine scan C:\Windows\system32
15:52:13.080    AVAST engine scan C:\Windows\system32\drivers
15:52:23.732    AVAST engine scan C:\Users\***
15:53:58.781    AVAST engine scan C:\ProgramData
15:55:49.452    Scan finished successfully
16:11:22.267    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
16:11:22.267    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"


TDSSKiller:
Code:

16:12:12.0620 3464        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:12:12.0750 3464        ============================================================
16:12:12.0750 3464        Current date / time: 2012/03/05 16:12:12.0750
16:12:12.0760 3464        SystemInfo:
16:12:12.0760 3464       
16:12:12.0760 3464        OS Version: 6.1.7601 ServicePack: 1.0
16:12:12.0760 3464        Product type: Workstation
16:12:12.0760 3464        ComputerName: ***-PC
16:12:12.0760 3464        UserName: ***
16:12:12.0760 3464        Windows directory: C:\Windows
16:12:12.0760 3464        System windows directory: C:\Windows
16:12:12.0760 3464        Running under WOW64
16:12:12.0760 3464        Processor architecture: Intel x64
16:12:12.0760 3464        Number of processors: 4
16:12:12.0760 3464        Page size: 0x1000
16:12:12.0760 3464        Boot type: Normal boot
16:12:12.0760 3464        ============================================================
16:12:13.0610 3464        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:12:13.0620 3464        \Device\Harddisk0\DR0:
16:12:13.0620 3464        MBR used
16:12:13.0620 3464        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:12:13.0620 3464        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:12:13.0640 3464        Initialize success
16:12:13.0640 3464        ============================================================
16:12:15.0510 0928        ============================================================
16:12:15.0510 0928        Scan started
16:12:15.0510 0928        Mode: Manual;
16:12:15.0510 0928        ============================================================
16:12:16.0301 0928        1394hub - ok
16:12:16.0371 0928        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:12:16.0381 0928        1394ohci - ok
16:12:16.0401 0928        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:12:16.0411 0928        ACPI - ok
16:12:16.0501 0928        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:12:16.0501 0928        AcpiPmi - ok
16:12:16.0661 0928        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:12:16.0671 0928        adp94xx - ok
16:12:16.0801 0928        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:12:16.0811 0928        adpahci - ok
16:12:16.0851 0928        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:12:16.0851 0928        adpu320 - ok
16:12:16.0971 0928        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:12:16.0981 0928        AFD - ok
16:12:17.0031 0928        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:12:17.0031 0928        agp440 - ok
16:12:17.0121 0928        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:12:17.0131 0928        aliide - ok
16:12:17.0171 0928        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:12:17.0171 0928        amdide - ok
16:12:17.0261 0928        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:12:17.0271 0928        AmdK8 - ok
16:12:17.0441 0928        amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:17.0571 0928        amdkmdag - ok
16:12:17.0661 0928        amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:12:17.0671 0928        amdkmdap - ok
16:12:17.0731 0928        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:12:17.0731 0928        AmdPPM - ok
16:12:17.0821 0928        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:12:17.0821 0928        amdsata - ok
16:12:17.0841 0928        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:12:17.0851 0928        amdsbs - ok
16:12:17.0871 0928        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:12:17.0871 0928        amdxata - ok
16:12:18.0001 0928        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:12:18.0011 0928        AppID - ok
16:12:18.0131 0928        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:12:18.0131 0928        arc - ok
16:12:18.0141 0928        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:12:18.0151 0928        arcsas - ok
16:12:18.0181 0928        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:18.0181 0928        AsyncMac - ok
16:12:18.0261 0928        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:12:18.0261 0928        atapi - ok
16:12:18.0331 0928        AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
16:12:18.0331 0928        AtiHDAudioService - ok
16:12:18.0421 0928        AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
16:12:18.0421 0928        AtiHdmiService - ok
16:12:18.0601 0928        atikmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:18.0631 0928        atikmdag - ok
16:12:18.0741 0928        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:12:18.0741 0928        avgntflt - ok
16:12:18.0781 0928        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
16:12:18.0791 0928        avipbb - ok
16:12:18.0861 0928        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:12:18.0861 0928        avkmgr - ok
16:12:18.0931 0928        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:12:18.0941 0928        b06bdrv - ok
16:12:19.0031 0928        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:12:19.0041 0928        b57nd60a - ok
16:12:19.0071 0928        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:12:19.0071 0928        Beep - ok
16:12:19.0181 0928        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:19.0181 0928        blbdrive - ok
16:12:19.0281 0928        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:12:19.0291 0928        bowser - ok
16:12:19.0321 0928        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:12:19.0331 0928        BrFiltLo - ok
16:12:19.0371 0928        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:12:19.0371 0928        BrFiltUp - ok
16:12:19.0411 0928        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:12:19.0411 0928        Brserid - ok
16:12:19.0441 0928        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:19.0441 0928        BrSerWdm - ok
16:12:19.0521 0928        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:19.0521 0928        BrUsbMdm - ok
16:12:19.0541 0928        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:19.0541 0928        BrUsbSer - ok
16:12:19.0591 0928        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:12:19.0591 0928        BTHMODEM - ok
16:12:19.0691 0928        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:19.0701 0928        cdfs - ok
16:12:19.0751 0928        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:12:19.0751 0928        cdrom - ok
16:12:19.0851 0928        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:12:19.0861 0928        circlass - ok
16:12:19.0891 0928        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:12:19.0901 0928        CLFS - ok
16:12:20.0251 0928        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:12:20.0251 0928        CmBatt - ok
16:12:20.0571 0928        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:12:20.0571 0928        cmdide - ok
16:12:20.0631 0928        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:12:20.0641 0928        CNG - ok
16:12:20.0701 0928        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:12:20.0711 0928        Compbatt - ok
16:12:20.0751 0928        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:12:20.0751 0928        CompositeBus - ok
16:12:20.0851 0928        cpuz135 - ok
16:12:20.0922 0928        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:12:20.0922 0928        crcdisk - ok
16:12:21.0002 0928        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:12:21.0012 0928        CSC - ok
16:12:21.0112 0928        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:12:21.0112 0928        DfsC - ok
16:12:21.0152 0928        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:12:21.0152 0928        discache - ok
16:12:21.0252 0928        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:12:21.0252 0928        Disk - ok
16:12:21.0292 0928        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:12:21.0302 0928        dmvsc - ok
16:12:21.0412 0928        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:12:21.0412 0928        Dot4 - ok
16:12:21.0442 0928        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:12:21.0442 0928        Dot4Print - ok
16:12:21.0462 0928        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:12:21.0462 0928        dot4usb - ok
16:12:21.0552 0928        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:12:21.0552 0928        drmkaud - ok
16:12:21.0612 0928        dtsoftbus01    (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:12:21.0622 0928        dtsoftbus01 - ok
16:12:21.0742 0928        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:21.0762 0928        DXGKrnl - ok
16:12:21.0782 0928        EagleX64 - ok
16:12:21.0862 0928        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:12:21.0902 0928        ebdrv - ok
16:12:22.0012 0928        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:12:22.0022 0928        elxstor - ok
16:12:22.0042 0928        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:12:22.0042 0928        ErrDev - ok
16:12:22.0152 0928        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:12:22.0152 0928        exfat - ok
16:12:22.0182 0928        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:12:22.0192 0928        fastfat - ok
16:12:22.0282 0928        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:12:22.0292 0928        fdc - ok
16:12:22.0312 0928        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:12:22.0312 0928        FileInfo - ok
16:12:22.0332 0928        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:12:22.0332 0928        Filetrace - ok
16:12:22.0402 0928        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:22.0412 0928        flpydisk - ok
16:12:22.0452 0928        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:12:22.0462 0928        FltMgr - ok
16:12:22.0502 0928        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:12:22.0502 0928        FsDepends - ok
16:12:22.0582 0928        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:22.0582 0928        Fs_Rec - ok
16:12:22.0662 0928        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:12:22.0662 0928        fvevol - ok
16:12:22.0722 0928        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:12:22.0722 0928        gagp30kx - ok
16:12:22.0812 0928        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:12:22.0812 0928        GEARAspiWDM - ok
16:12:22.0852 0928        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:12:22.0852 0928        hcw85cir - ok
16:12:22.0942 0928        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:12:22.0952 0928        HdAudAddService - ok
16:12:23.0022 0928        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:12:23.0022 0928        HDAudBus - ok
16:12:23.0082 0928        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:12:23.0082 0928        HidBatt - ok
16:12:23.0092 0928        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:12:23.0102 0928        HidBth - ok
16:12:23.0112 0928        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:12:23.0112 0928        HidIr - ok
16:12:23.0192 0928        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:12:23.0192 0928        HidUsb - ok
16:12:23.0322 0928        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:12:23.0322 0928        HpSAMD - ok
16:12:23.0432 0928        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:12:23.0452 0928        HTTP - ok
16:12:23.0462 0928        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:12:23.0462 0928        hwpolicy - ok
16:12:23.0562 0928        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:12:23.0562 0928        i8042prt - ok
16:12:23.0602 0928        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:12:23.0612 0928        iaStorV - ok
16:12:23.0712 0928        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:12:23.0712 0928        iirsp - ok
16:12:23.0842 0928        IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
16:12:23.0872 0928        IntcAzAudAddService - ok
16:12:23.0972 0928        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:12:23.0972 0928        intelide - ok
16:12:24.0022 0928        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:12:24.0022 0928        intelppm - ok
16:12:24.0072 0928        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:24.0072 0928        IpFilterDriver - ok
16:12:24.0092 0928        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:12:24.0092 0928        IPMIDRV - ok
16:12:24.0112 0928        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:12:24.0112 0928        IPNAT - ok
16:12:24.0212 0928        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:12:24.0212 0928        IRENUM - ok
16:12:24.0232 0928        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:12:24.0232 0928        isapnp - ok
16:12:24.0302 0928        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:12:24.0312 0928        iScsiPrt - ok
16:12:24.0352 0928        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:24.0362 0928        kbdclass - ok
16:12:24.0452 0928        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:24.0452 0928        kbdhid - ok
16:12:24.0512 0928        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:12:24.0512 0928        KSecDD - ok
16:12:24.0532 0928        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:12:24.0532 0928        KSecPkg - ok
16:12:24.0622 0928        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:12:24.0622 0928        ksthunk - ok
16:12:24.0732 0928        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:24.0732 0928        lltdio - ok
16:12:24.0782 0928        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:12:24.0782 0928        LSI_FC - ok
16:12:24.0852 0928        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:12:24.0862 0928        LSI_SAS - ok
16:12:24.0892 0928        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:12:24.0892 0928        LSI_SAS2 - ok
16:12:24.0982 0928        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:12:24.0982 0928        LSI_SCSI - ok
16:12:25.0032 0928        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:12:25.0032 0928        luafv - ok
16:12:25.0142 0928        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:12:25.0142 0928        MBAMProtector - ok
16:12:25.0182 0928        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:12:25.0182 0928        megasas - ok
16:12:25.0252 0928        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:12:25.0252 0928        MegaSR - ok
16:12:25.0302 0928        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:12:25.0302 0928        Modem - ok
16:12:25.0382 0928        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:12:25.0382 0928        monitor - ok
16:12:25.0422 0928        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:12:25.0422 0928        mouclass - ok
16:12:25.0492 0928        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:12:25.0492 0928        mouhid - ok
16:12:25.0522 0928        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:12:25.0522 0928        mountmgr - ok
16:12:25.0542 0928        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:12:25.0562 0928        mpio - ok
16:12:25.0622 0928        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:12:25.0622 0928        mpsdrv - ok
16:12:25.0642 0928        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:12:25.0642 0928        MRxDAV - ok
16:12:25.0672 0928        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:25.0672 0928        mrxsmb - ok
16:12:25.0742 0928        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:25.0752 0928        mrxsmb10 - ok
16:12:25.0772 0928        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:25.0772 0928        mrxsmb20 - ok
16:12:25.0802 0928        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:12:25.0802 0928        msahci - ok
16:12:25.0882 0928        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:12:25.0882 0928        msdsm - ok
16:12:25.0932 0928        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:12:25.0932 0928        Msfs - ok
16:12:25.0952 0928        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:12:25.0952 0928        mshidkmdf - ok
16:12:26.0052 0928        MSHUSBVideo    (0bbe794e0c54621cfa8ed9b5850baaae) C:\Windows\system32\Drivers\nx6000.sys
16:12:26.0052 0928        MSHUSBVideo - ok
16:12:26.0072 0928        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:12:26.0072 0928        msisadrv - ok
16:12:26.0182 0928        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:12:26.0192 0928        MSKSSRV - ok
16:12:26.0282 0928        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:26.0282 0928        MSPCLOCK - ok
16:12:26.0312 0928        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:12:26.0312 0928        MSPQM - ok
16:12:26.0342 0928        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:12:26.0342 0928        MsRPC - ok
16:12:26.0422 0928        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:12:26.0422 0928        mssmbios - ok
16:12:26.0452 0928        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:12:26.0462 0928        MSTEE - ok
16:12:26.0482 0928        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:12:26.0492 0928        MTConfig - ok
16:12:26.0512 0928        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:12:26.0512 0928        Mup - ok
16:12:26.0632 0928        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:12:26.0642 0928        NativeWifiP - ok
16:12:26.0702 0928        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:12:26.0712 0928        NDIS - ok
16:12:26.0842 0928        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:26.0842 0928        NdisCap - ok
16:12:26.0912 0928        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:26.0912 0928        NdisTapi - ok
16:12:26.0922 0928        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:26.0932 0928        Ndisuio - ok
16:12:26.0952 0928        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:26.0952 0928        NdisWan - ok
16:12:26.0992 0928        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:12:27.0002 0928        NDProxy - ok
16:12:27.0122 0928        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:12:27.0122 0928        NetBIOS - ok
16:12:27.0182 0928        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:12:27.0182 0928        NetBT - ok
16:12:27.0292 0928        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:12:27.0292 0928        nfrd960 - ok
16:12:27.0382 0928        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:12:27.0392 0928        Npfs - ok
16:12:27.0412 0928        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:12:27.0412 0928        nsiproxy - ok
16:12:27.0452 0928        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:12:27.0472 0928        Ntfs - ok
16:12:27.0552 0928        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:12:27.0552 0928        Null - ok
16:12:27.0612 0928        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:12:27.0612 0928        nvraid - ok
16:12:27.0672 0928        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:12:27.0672 0928        nvstor - ok
16:12:27.0722 0928        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:12:27.0722 0928        nv_agp - ok
16:12:27.0792 0928        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:12:27.0792 0928        ohci1394 - ok
16:12:27.0842 0928        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:12:27.0842 0928        Parport - ok
16:12:27.0922 0928        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:12:27.0922 0928        partmgr - ok
16:12:27.0952 0928        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:12:27.0952 0928        pci - ok
16:12:27.0962 0928        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:12:27.0962 0928        pciide - ok
16:12:28.0042 0928        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:12:28.0042 0928        pcmcia - ok
16:12:28.0062 0928        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:12:28.0062 0928        pcw - ok
16:12:28.0102 0928        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:12:28.0112 0928        PEAUTH - ok
16:12:28.0302 0928        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:12:28.0302 0928        PptpMiniport - ok
16:12:28.0332 0928        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:12:28.0332 0928        Processor - ok
16:12:28.0442 0928        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:12:28.0452 0928        Psched - ok
16:12:28.0592 0928        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:12:28.0642 0928        ql2300 - ok
16:12:28.0772 0928        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:12:28.0772 0928        ql40xx - ok
16:12:28.0802 0928        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:12:28.0802 0928        QWAVEdrv - ok
16:12:28.0872 0928        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:12:28.0872 0928        RasAcd - ok
16:12:28.0922 0928        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:28.0922 0928        RasAgileVpn - ok
16:12:28.0942 0928        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:28.0942 0928        Rasl2tp - ok
16:12:29.0012 0928        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:29.0012 0928        RasPppoe - ok
16:12:29.0052 0928        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:12:29.0062 0928        RasSstp - ok
16:12:29.0082 0928        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:12:29.0092 0928        rdbss - ok
16:12:29.0162 0928        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:12:29.0162 0928        rdpbus - ok
16:12:29.0182 0928        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:29.0182 0928        RDPCDD - ok
16:12:29.0212 0928        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:12:29.0212 0928        RDPDR - ok
16:12:29.0312 0928        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:12:29.0312 0928        RDPENCDD - ok
16:12:29.0332 0928        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:12:29.0332 0928        RDPREFMP - ok
16:12:29.0352 0928        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:12:29.0352 0928        RDPWD - ok
16:12:29.0432 0928        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:12:29.0442 0928        rdyboost - ok
16:12:29.0552 0928        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:12:29.0552 0928        rspndr - ok
16:12:29.0612 0928        RTL8167        (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:12:29.0612 0928        RTL8167 - ok
16:12:29.0692 0928        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:12:29.0692 0928        s3cap - ok
16:12:29.0732 0928        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:12:29.0732 0928        sbp2port - ok
16:12:29.0802 0928        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:12:29.0802 0928        scfilter - ok
16:12:29.0862 0928        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:12:29.0862 0928        secdrv - ok
16:12:29.0972 0928        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:12:29.0972 0928        Serenum - ok
16:12:30.0012 0928        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:12:30.0022 0928        Serial - ok
16:12:30.0042 0928        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:12:30.0042 0928        sermouse - ok
16:12:30.0122 0928        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:12:30.0122 0928        sffdisk - ok
16:12:30.0132 0928        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:12:30.0132 0928        sffp_mmc - ok
16:12:30.0142 0928        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:12:30.0142 0928        sffp_sd - ok
16:12:30.0152 0928        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:12:30.0152 0928        sfloppy - ok
16:12:30.0252 0928        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:12:30.0252 0928        SiSRaid2 - ok
16:12:30.0272 0928        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:12:30.0282 0928        SiSRaid4 - ok
16:12:30.0382 0928        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:12:30.0382 0928        Smb - ok
16:12:30.0442 0928        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:12:30.0442 0928        spldr - ok
16:12:30.0562 0928        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:12:30.0562 0928        srv - ok
16:12:30.0702 0928        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:12:30.0742 0928        srv2 - ok
16:12:30.0792 0928        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:12:30.0802 0928        srvnet - ok
16:12:30.0912 0928        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:12:30.0912 0928        stexstor - ok
16:12:30.0972 0928        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:12:30.0972 0928        storflt - ok
16:12:31.0042 0928        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:12:31.0052 0928        storvsc - ok
16:12:31.0082 0928        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:12:31.0082 0928        swenum - ok
16:12:31.0152 0928        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:12:31.0172 0928        Tcpip - ok
16:12:31.0302 0928        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:12:31.0312 0928        TCPIP6 - ok
16:12:31.0342 0928        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:12:31.0342 0928        tcpipreg - ok
16:12:31.0402 0928        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:12:31.0402 0928        TDPIPE - ok
16:12:31.0422 0928        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:12:31.0422 0928        TDTCP - ok
16:12:31.0452 0928        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:12:31.0462 0928        tdx - ok
16:12:31.0532 0928        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:12:31.0532 0928        TermDD - ok
16:12:31.0552 0928        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:31.0552 0928        tssecsrv - ok
16:12:31.0652 0928        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:12:31.0652 0928        TsUsbFlt - ok
16:12:31.0662 0928        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:12:31.0662 0928        TsUsbGD - ok
16:12:31.0772 0928        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:12:31.0772 0928        tunnel - ok
16:12:31.0792 0928        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:12:31.0792 0928        uagp35 - ok
16:12:31.0902 0928        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:12:31.0902 0928        udfs - ok
16:12:32.0002 0928        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:12:32.0002 0928        uliagpkx - ok
16:12:32.0072 0928        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:12:32.0072 0928        umbus - ok
16:12:32.0132 0928        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:12:32.0132 0928        UmPass - ok
16:12:32.0202 0928        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:12:32.0202 0928        USBAAPL64 - ok
16:12:32.0302 0928        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:12:32.0312 0928        usbaudio - ok
16:12:32.0342 0928        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:32.0342 0928        usbccgp - ok
16:12:32.0432 0928        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:12:32.0432 0928        usbcir - ok
16:12:32.0502 0928        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:12:32.0502 0928        usbehci - ok
16:12:32.0602 0928        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:12:32.0602 0928        usbhub - ok
16:12:32.0612 0928        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:12:32.0622 0928        usbohci - ok
16:12:32.0662 0928        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:12:32.0662 0928        usbprint - ok
16:12:32.0742 0928        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:12:32.0742 0928        usbscan - ok
16:12:32.0772 0928        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:12:32.0782 0928        USBSTOR - ok
16:12:32.0852 0928        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:12:32.0852 0928        usbuhci - ok
16:12:32.0882 0928        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:12:32.0892 0928        usbvideo - ok
16:12:32.0993 0928        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:12:32.0993 0928        vdrvroot - ok
16:12:33.0033 0928        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:33.0043 0928        vga - ok
16:12:33.0113 0928        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:12:33.0113 0928        VgaSave - ok
16:12:33.0143 0928        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:12:33.0153 0928        vhdmp - ok
16:12:33.0233 0928        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:12:33.0243 0928        viaide - ok
16:12:33.0273 0928        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:12:33.0283 0928        vmbus - ok
16:12:33.0353 0928        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:12:33.0353 0928        VMBusHID - ok
16:12:33.0383 0928        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:12:33.0383 0928        volmgr - ok
16:12:33.0413 0928        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:12:33.0413 0928        volmgrx - ok
16:12:33.0503 0928        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:12:33.0503 0928        volsnap - ok
16:12:33.0543 0928        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:12:33.0553 0928        vsmraid - ok
16:12:33.0623 0928        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:12:33.0633 0928        vwifibus - ok
16:12:33.0643 0928        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:12:33.0653 0928        WacomPen - ok
16:12:33.0683 0928        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0693 0928        WANARP - ok
16:12:33.0693 0928        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0703 0928        Wanarpv6 - ok
16:12:33.0793 0928        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:12:33.0793 0928        Wd - ok
16:12:33.0823 0928        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:12:33.0833 0928        Wdf01000 - ok
16:12:33.0954 0928        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:33.0954 0928        WfpLwf - ok
16:12:33.0984 0928        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:12:33.0984 0928        WIMMount - ok
16:12:34.0104 0928        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:12:34.0104 0928        WinUsb - ok
16:12:34.0224 0928        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:12:34.0224 0928        WmiAcpi - ok
16:12:34.0254 0928        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:12:34.0254 0928        ws2ifsl - ok
16:12:34.0274 0928        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:12:34.0274 0928        WudfPf - ok
16:12:34.0384 0928        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:34.0384 0928        WUDFRd - ok
16:12:34.0484 0928        X6va005 - ok
16:12:34.0524 0928        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:12:34.0584 0928        \Device\Harddisk0\DR0 - ok
16:12:34.0584 0928        Boot (0x1200)  (92cba65f75de46f9a338bee178e43210) \Device\Harddisk0\DR0\Partition0
16:12:34.0584 0928        \Device\Harddisk0\DR0\Partition0 - ok
16:12:34.0594 0928        Boot (0x1200)  (1b4bc621c8789a9f31d5a8478fdfd994) \Device\Harddisk0\DR0\Partition1
16:12:34.0594 0928        \Device\Harddisk0\DR0\Partition1 - ok
16:12:34.0604 0928        ============================================================
16:12:34.0604 0928        Scan finished
16:12:34.0604 0928        ============================================================
16:12:34.0614 2012        Detected object count: 0
16:12:34.0614 2012        Actual detected object count: 0
16:13:14.0097 2292        Deinitialize success


Psychotic 05.03.2012 16:25

sieht sauber aus!

Lass zur Kontrolle einmal einen Vollständigen Scan mit Malwarebytes´ Antimalware laufen und dann einmal folgendes:

ESET


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Poste beide Logs hier in deinen Thread! :)

hannyy 06.03.2012 17:17

So hier der ESET-Scan, hoffe der ist richtig!
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc3bfe4bc870be43b28a21120b49b356
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-05 05:16:09
# local_time=2012-03-05 06:16:09 (+0100, Mitteleuropäische Zeit)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5276757 5276757 0 0
# compatibility_mode=5893 16776573 100 94 10702 82597256 0 0
# compatibility_mode=8192 67108863 100 0 3743 3743 0 0
# scanned=14708
# found=0
# cleaned=0
# scan_time=363
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc3bfe4bc870be43b28a21120b49b356
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-05 09:57:56
# local_time=2012-03-05 10:57:56 (+0100, Mitteleuropäische Zeit)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5289861 5289861 0 0
# compatibility_mode=5893 16776573 100 94 23806 82610360 0 0
# compatibility_mode=8192 67108863 100 0 16847 16847 0 0
# scanned=142849
# found=0
# cleaned=0
# scan_time=4165

Malwarebyte-Log
Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
** :: **-PC [Administrator]

Schutz: Deaktiviert

3/6/2012 2:43:07 PM
mbam-log-2012-03-06 (14-43-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318485
Laufzeit: 37 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Psychotic 06.03.2012 19:01

Logfiles sind sauber - damit sind wir durch! :)

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Antviren-Software
  • Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
    Eine Auswahl kostenloser Antivirenprogramme:
Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.
Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Psychotic 08.03.2012 09:03

Schön, dass wir helfen konnten! :abklatsch:


Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131