Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr?

hannyy · 04.03.2012, 22:28

Hallo,

ich habe heute eine .exe Datei heruntergeladen und sie mit Virustotal.com überprüfen lassen, es wurden mehrere Viren bzw Trojaner gefunden. Natürlich habe ich die Datei sofort gelöscht, aber ich bin trotzdem verunsichert ob mein System infiziert ist oder nicht. Malwarebytes Anti-Malware hat nichts gefunden, aber man weiß ja nie, ob sich nicht doch irgendwas eingenistet hat.

Hier mal meine OTL-Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 3/4/2012 9:42:37 PM - Run 1
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.57% Memory free
8.00 Gb Paging File | 6.28 Gb Available in Paging File | 78.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 320.97 Gb Free Space | 68.93% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78D1E6B0-97D3-0A51-FD5B-450E08A71367}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCE26847-79A9-56FF-908E-C02FAA7705B3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A003AD-7DEF-D28F-0E61-18D5F1D53CF5}" = Catalyst Control Center Localization All
"{03DDA3C7-8D88-5D41-9BE4-210988CF65C3}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{11A292E3-E60B-1335-C4F8-92F1841725D6}" = CCC Help Greek
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{12CB7D4B-F29B-08D3-B305-3C3163F11E6D}" = CCC Help Finnish
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22A0602D-A83C-14A7-A09B-F3E13044D395}" = CCC Help Turkish
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32BA6FBB-C948-F45E-934C-5CC049D16263}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35767883-90A2-B69B-E128-2912DD65CA09}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{386AB6EF-B693-C15B-52F5-88BDC6B8291E}" = CCC Help Danish
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40138968-506D-15D7-B6DD-059C06EA2682}" = CCC Help Chinese Standard
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46CF6A90-7EFB-47E3-9B14-FBCEFA9F9982}" = Catalyst Control Center - Branding
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66CB0FCD-3BF4-F5C5-77AA-37316109072E}" = CCC Help German
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74BB27FA-63B9-DE85-04CB-69D51FF14AD6}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F66BC2-87E5-53F8-48DD-728501B98181}" = CCC Help Thai
"{8DC72EF6-1EB6-610C-6CAB-709718CD2132}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{97D2408A-AC76-4ACA-F047-42180975A250}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D9F86BB-E232-AC3B-8705-146AC303F636}" = CCC Help Polish
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA3F9FB3-20DF-8CAA-919A-F507FCAA9AB9}" = CCC Help Japanese
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1F7BB94-BE89-92DF-4736-D94A13E32622}" = CCC Help Swedish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B76E1251-5ACA-AAB7-518D-17DC63282D23}" = Catalyst Control Center InstallProxy
"{BA592980-D2D8-74B9-D9B0-84FB947F8DC9}" = CCC Help Portuguese
"{BAFCE6EC-1BED-0644-4AE0-0827D3A5BF2D}" = CCC Help Russian
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C585E652-0CBC-4276-9FE7-047078677904}" = Blacklight Retribution
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDC9CB03-079E-D721-4210-0CD5AE082A1B}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE5D7C38-92A7-675C-A49E-1B4F3D945AFE}" = CCC Help French
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E654A9-FF43-C395-2673-1385B493C574}" = CCC Help Korean
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E600853D-6991-2174-0826-F0DE7E024602}" = CCC Help Spanish
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E735A4C4-F4E0-0BA6-288F-C792BD8969B1}" = CCC Help Norwegian
"{EEA93FD7-132D-2968-9478-D84CAAF3FAD5}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"HbsMozillaLauncher" = HbsMozillaLauncher 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mythos" = Mythos
"NCLauncher_GameForge" = NC Launcher (GameForge)
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 34330" = Total War: SHOGUN 2
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/3/2012 9:15:02 AM | Computer Name = ***| Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/3/2012 9:15:02 AM | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12012
 
Error - 3/3/2012 9:15:02 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12012
 
Error - 3/3/2012 9:15:03 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/3/2012 9:15:03 AM | Computer Name = **** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13026
 
Error - 3/3/2012 9:15:03 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error - 3/3/2012 7:38:19 PM | Computer Name = *** ****
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4f28cccc  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7349f1c9
ID
 des fehlerhaften Prozesses: 0xfa8  Startzeit der fehlerhaften Anwendung: 0x01ccf98ec622f6a0
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\steam\steamapps\bleachgeek\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 f470f7ed-6589-11e1-863a-6cf0491ed4b6
 
Error - 3/4/2012 5:40:34 AM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/4/2012 2:56:22 PM | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 3/4/2012 4:28:40 PM | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 2/18/2012 3:26:06 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/18/2012 3:26:06 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/18/2012 3:26:07 PM | Computer Name = **** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 2/23/2012 5:23:16 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:16 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:17 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/23/2012 5:23:18 PM | Computer Name = *** | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 2/25/2012 9:18:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 2/25/2012 9:18:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 2/27/2012 1:31:48 PM | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >

Psychotic · 05.03.2012, 07:59

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1: Defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: OTL-Logdatei posten

Du hast mir leider die Extras.txt gepostet - diese hilft uns nicht weiter. Für den Moment benötigen wir die OTL-TXT. Diese findest du unter C:\_OTL.

Schritt 3: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

hannyy · 05.03.2012, 16:20

Erstmal danke für deine schnelle Hilfe!
Hier erstmal die Logs, ich hoffe diesmal die richtigen!

:

OTL-Logfile:

Code:

ATTFilter

OTL logfile created on: 3/5/2012 3:21:16 PM - Run 2
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\******\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 76.05% Memory free
8.00 Gb Paging File | 6.86 Gb Available in Paging File | 85.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 306.89 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 93 C0 4B 3F B8 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@hanbiton.com/HbsMozillaLauncher: C:\ProgramData\hanbitsoft\nphlauncher.dll (hanbitsoft)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 15:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/19 21:46:02 | 000,000,000 | ---D | M]
 
[2011/12/05 17:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2012/03/04 19:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\4t6mrjoy.default\extensions
[2011/12/30 21:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\EXTENSION@HIDEMYASS.COM.XPI
() (No name found) -- C:\USERS\******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4T6MRJOY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012/02/17 15:59:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/30 21:12:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/04 18:48:22 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/30 21:12:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/30 21:12:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/30 21:12:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/12/30 21:12:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/30 21:12:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A203D69-70C0-4B9F-86B8-050499BF1FB9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e86b701-2d51-11e1-8b67-6cf0491ed4b6}\Shell - "" = AutoRun
O33 - MountPoints2\{0e86b701-2d51-11e1-8b67-6cf0491ed4b6}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{15fd2d9e-1fa5-11e1-9b0d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15fd2d9e-1fa5-11e1-9b0d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/04 22:57:03 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Darkfall
[2012/03/04 22:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall
[2012/03/04 22:54:22 | 058,622,848 | ---- | C] (Aventurine) -- C:\Users\******\Desktop\Darkfall.exe
[2012/03/04 22:48:27 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Darkfall US
[2012/03/04 22:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkfall US
[2012/03/04 22:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darkfall US
[2012/03/04 21:41:31 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012/03/04 20:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 20:06:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 19:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/04 18:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/03/04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2012/03/04 16:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 16:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 16:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Darkfall
[2012/03/04 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\******\Desktop\Darkfall 1.0.43
[2012/03/03 22:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/03/03 22:11:56 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/03/03 22:06:41 | 000,000,000 | --SD | C] -- C:\Users\******\Documents\Mabinogi
[2012/03/03 21:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/03/03 20:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maginogi
[2012/03/03 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/03/03 19:49:16 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\app
[2012/03/03 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012/03/03 19:49:14 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Dofus2
[2012/02/28 18:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
[2012/02/28 18:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gameforge
[2012/02/28 16:44:47 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/02/28 16:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/02/27 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\T3fun
[2012/02/27 21:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\hanbitsoft
[2012/02/27 21:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T3Fun
[2012/02/27 20:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mythos
[2012/02/26 13:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2012/02/26 13:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2012/02/26 13:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TERA
[2012/02/25 23:36:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/25 17:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/02/24 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Hi-Rez Studios
[2012/02/24 20:44:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/02/20 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/02/20 22:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/02/20 22:16:55 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/02/17 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\PBlackout
[2012/02/17 17:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Blackout
[2012/02/15 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\******\jagexcache
[2012/02/15 17:29:49 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\RIFT
[2012/02/15 16:26:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/15 16:25:58 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/15 16:25:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/15 16:25:53 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 16:25:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/15 16:25:46 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 16:25:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 16:25:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 16:25:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 16:25:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 16:25:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/09 18:32:02 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\HP
[2012/02/07 20:14:06 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/07 20:14:06 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/07 20:14:06 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/07 20:14:06 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/02/07 20:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/02/07 17:03:19 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\3DMark 11
[2012/02/07 17:03:13 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\IsolatedStorage
[2012/02/07 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Futuremark_Corporation
[2012/02/07 16:25:18 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\ElevatedDiagnostics
[2012/02/04 17:56:01 | 000,000,000 | ---D | C] -- C:\Users\******\Documents\StarCraft II
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/05 15:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 15:19:27 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 15:17:55 | 000,000,000 | ---- | M] () -- C:\Users\******\defogger_reenable
[2012/03/05 15:16:25 | 000,050,477 | ---- | M] () -- C:\Users\******\Desktop\Defogger.exe
[2012/03/05 14:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 14:33:52 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 14:30:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 14:30:42 | 000,653,888 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/03/05 14:30:42 | 000,626,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 14:30:42 | 000,129,796 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/03/05 14:30:42 | 000,106,644 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 22:56:53 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Darkfall EU.lnk
[2012/03/04 22:55:46 | 058,622,848 | ---- | M] (Aventurine) -- C:\Users\******\Desktop\Darkfall.exe
[2012/03/04 21:41:36 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\******\Desktop\OTL.exe
[2012/03/04 20:06:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/03 19:53:35 | 000,000,008 | ---- | M] () -- C:\Users\******\AppData\Roaming\DofusAppId0_2
[2012/03/03 19:49:14 | 000,000,173 | ---- | M] () -- C:\Users\******\AppData\Roaming\D2Info0
[2012/03/01 21:12:47 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/03/01 21:12:47 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/01 21:11:57 | 000,281,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/29 18:45:16 | 000,025,147 | ---- | M] () -- C:\Users\******\Desktop\Schutz des tropischen Regenwalds.odt
[2012/02/28 17:15:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/28 16:44:47 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk
[2012/02/27 21:33:03 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mythos.lnk
[2012/02/26 13:47:11 | 000,001,838 | ---- | M] () -- C:\Users\******\Desktop\TERA.lnk
[2012/02/22 13:57:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/20 20:48:32 | 000,258,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2012/02/16 14:20:06 | 000,293,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 19:56:40 | 000,000,001 | ---- | M] () -- C:\Users\******\random.dat
[2012/02/15 19:56:35 | 000,000,044 | ---- | M] () -- C:\Users\******\jagex_cl_runescape_LIVE.dat
[2012/02/15 19:22:40 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/02/09 18:30:30 | 000,221,149 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/02/07 20:14:06 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/02/07 20:14:06 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/02/07 20:14:06 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/02/07 20:14:06 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/05 15:17:55 | 000,000,000 | ---- | C] () -- C:\Users\******\defogger_reenable
[2012/03/05 15:16:24 | 000,050,477 | ---- | C] () -- C:\Users\******\Desktop\Defogger.exe
[2012/03/04 22:56:53 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Darkfall EU.lnk
[2012/03/04 20:06:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/03 19:49:14 | 000,000,173 | ---- | C] () -- C:\Users\******\AppData\Roaming\D2Info0
[2012/03/03 19:49:14 | 000,000,008 | ---- | C] () -- C:\Users\******\AppData\Roaming\DofusAppId0_2
[2012/02/28 19:27:05 | 000,025,147 | ---- | C] () -- C:\Users\******\Desktop\Schutz des tropischen Regenwalds.odt
[2012/02/28 16:44:47 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\Launch Blacklight Retribution.lnk
[2012/02/28 16:41:42 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/02/27 21:33:03 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mythos.lnk
[2012/02/26 13:47:11 | 000,001,838 | ---- | C] () -- C:\Users\******\Desktop\TERA.lnk
[2012/02/15 19:56:35 | 000,000,044 | ---- | C] () -- C:\Users\******\jagex_cl_runescape_LIVE.dat
[2012/02/15 19:56:35 | 000,000,001 | ---- | C] () -- C:\Users\******\random.dat
[2012/02/09 18:30:24 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/12/19 21:41:41 | 000,221,149 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/19 21:41:41 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/12/17 17:53:12 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/12/17 16:34:41 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/17 16:34:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/13 22:58:21 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/12/06 02:14:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

< End of report >

aswMBR:

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 15:46:24
-----------------------------
15:46:24.809    OS Version: Windows x64 6.1.7601 Service Pack 1
15:46:24.809    Number of processors: 4 586 0x403
15:46:24.809    ComputerName: ***-PC  UserName: ***
15:46:26.199    Initialize success
15:48:07.638    AVAST engine defs: 12030500
15:48:15.159    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:48:15.159    Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3EA Size: 476940MB BusType: 3
15:48:15.209    Disk 0 MBR read successfully
15:48:15.219    Disk 0 MBR scan
15:48:15.239    Disk 0 Windows 7 default MBR code
15:48:15.239    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:48:15.259    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
15:48:15.289    Disk 0 scanning C:\Windows\system32\drivers
15:48:25.320    Service scanning
15:48:49.612    Modules scanning
15:48:49.622    Disk 0 trace - called modules:
15:48:49.642    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:48:49.652    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a35060]
15:48:49.652    3 CLASSPNP.SYS[fffff8800197243f] -> nt!IofCallDriver -> [0xfffffa8003acd520]
15:48:49.662    5 ACPI.sys[fffff88000e787a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003acb680]
15:48:51.022    AVAST engine scan C:\Windows
15:48:53.213    AVAST engine scan C:\Windows\system32
15:52:13.080    AVAST engine scan C:\Windows\system32\drivers
15:52:23.732    AVAST engine scan C:\Users\***
15:53:58.781    AVAST engine scan C:\ProgramData
15:55:49.452    Scan finished successfully
16:11:22.267    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
16:11:22.267    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

TDSSKiller:

Code:

ATTFilter

16:12:12.0620 3464	TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
16:12:12.0750 3464	============================================================
16:12:12.0750 3464	Current date / time: 2012/03/05 16:12:12.0750
16:12:12.0760 3464	SystemInfo:
16:12:12.0760 3464	
16:12:12.0760 3464	OS Version: 6.1.7601 ServicePack: 1.0
16:12:12.0760 3464	Product type: Workstation
16:12:12.0760 3464	ComputerName: ***-PC
16:12:12.0760 3464	UserName: ***
16:12:12.0760 3464	Windows directory: C:\Windows
16:12:12.0760 3464	System windows directory: C:\Windows
16:12:12.0760 3464	Running under WOW64
16:12:12.0760 3464	Processor architecture: Intel x64
16:12:12.0760 3464	Number of processors: 4
16:12:12.0760 3464	Page size: 0x1000
16:12:12.0760 3464	Boot type: Normal boot
16:12:12.0760 3464	============================================================
16:12:13.0610 3464	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:12:13.0620 3464	\Device\Harddisk0\DR0:
16:12:13.0620 3464	MBR used
16:12:13.0620 3464	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:12:13.0620 3464	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:12:13.0640 3464	Initialize success
16:12:13.0640 3464	============================================================
16:12:15.0510 0928	============================================================
16:12:15.0510 0928	Scan started
16:12:15.0510 0928	Mode: Manual; 
16:12:15.0510 0928	============================================================
16:12:16.0301 0928	1394hub - ok
16:12:16.0371 0928	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:12:16.0381 0928	1394ohci - ok
16:12:16.0401 0928	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:12:16.0411 0928	ACPI - ok
16:12:16.0501 0928	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:12:16.0501 0928	AcpiPmi - ok
16:12:16.0661 0928	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:12:16.0671 0928	adp94xx - ok
16:12:16.0801 0928	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:12:16.0811 0928	adpahci - ok
16:12:16.0851 0928	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:12:16.0851 0928	adpu320 - ok
16:12:16.0971 0928	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:12:16.0981 0928	AFD - ok
16:12:17.0031 0928	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:12:17.0031 0928	agp440 - ok
16:12:17.0121 0928	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:12:17.0131 0928	aliide - ok
16:12:17.0171 0928	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:12:17.0171 0928	amdide - ok
16:12:17.0261 0928	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:12:17.0271 0928	AmdK8 - ok
16:12:17.0441 0928	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:17.0571 0928	amdkmdag - ok
16:12:17.0661 0928	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:12:17.0671 0928	amdkmdap - ok
16:12:17.0731 0928	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:12:17.0731 0928	AmdPPM - ok
16:12:17.0821 0928	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:12:17.0821 0928	amdsata - ok
16:12:17.0841 0928	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:12:17.0851 0928	amdsbs - ok
16:12:17.0871 0928	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:12:17.0871 0928	amdxata - ok
16:12:18.0001 0928	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:12:18.0011 0928	AppID - ok
16:12:18.0131 0928	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:12:18.0131 0928	arc - ok
16:12:18.0141 0928	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:12:18.0151 0928	arcsas - ok
16:12:18.0181 0928	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:18.0181 0928	AsyncMac - ok
16:12:18.0261 0928	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:12:18.0261 0928	atapi - ok
16:12:18.0331 0928	AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
16:12:18.0331 0928	AtiHDAudioService - ok
16:12:18.0421 0928	AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
16:12:18.0421 0928	AtiHdmiService - ok
16:12:18.0601 0928	atikmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
16:12:18.0631 0928	atikmdag - ok
16:12:18.0741 0928	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:12:18.0741 0928	avgntflt - ok
16:12:18.0781 0928	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
16:12:18.0791 0928	avipbb - ok
16:12:18.0861 0928	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:12:18.0861 0928	avkmgr - ok
16:12:18.0931 0928	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:12:18.0941 0928	b06bdrv - ok
16:12:19.0031 0928	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:12:19.0041 0928	b57nd60a - ok
16:12:19.0071 0928	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:12:19.0071 0928	Beep - ok
16:12:19.0181 0928	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:19.0181 0928	blbdrive - ok
16:12:19.0281 0928	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:12:19.0291 0928	bowser - ok
16:12:19.0321 0928	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:12:19.0331 0928	BrFiltLo - ok
16:12:19.0371 0928	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:12:19.0371 0928	BrFiltUp - ok
16:12:19.0411 0928	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:12:19.0411 0928	Brserid - ok
16:12:19.0441 0928	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:19.0441 0928	BrSerWdm - ok
16:12:19.0521 0928	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:19.0521 0928	BrUsbMdm - ok
16:12:19.0541 0928	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:19.0541 0928	BrUsbSer - ok
16:12:19.0591 0928	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:12:19.0591 0928	BTHMODEM - ok
16:12:19.0691 0928	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:19.0701 0928	cdfs - ok
16:12:19.0751 0928	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:12:19.0751 0928	cdrom - ok
16:12:19.0851 0928	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:12:19.0861 0928	circlass - ok
16:12:19.0891 0928	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:12:19.0901 0928	CLFS - ok
16:12:20.0251 0928	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:12:20.0251 0928	CmBatt - ok
16:12:20.0571 0928	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:12:20.0571 0928	cmdide - ok
16:12:20.0631 0928	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:12:20.0641 0928	CNG - ok
16:12:20.0701 0928	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:12:20.0711 0928	Compbatt - ok
16:12:20.0751 0928	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:12:20.0751 0928	CompositeBus - ok
16:12:20.0851 0928	cpuz135 - ok
16:12:20.0922 0928	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:12:20.0922 0928	crcdisk - ok
16:12:21.0002 0928	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:12:21.0012 0928	CSC - ok
16:12:21.0112 0928	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:12:21.0112 0928	DfsC - ok
16:12:21.0152 0928	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:12:21.0152 0928	discache - ok
16:12:21.0252 0928	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:12:21.0252 0928	Disk - ok
16:12:21.0292 0928	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:12:21.0302 0928	dmvsc - ok
16:12:21.0412 0928	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:12:21.0412 0928	Dot4 - ok
16:12:21.0442 0928	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:12:21.0442 0928	Dot4Print - ok
16:12:21.0462 0928	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:12:21.0462 0928	dot4usb - ok
16:12:21.0552 0928	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:12:21.0552 0928	drmkaud - ok
16:12:21.0612 0928	dtsoftbus01     (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:12:21.0622 0928	dtsoftbus01 - ok
16:12:21.0742 0928	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:21.0762 0928	DXGKrnl - ok
16:12:21.0782 0928	EagleX64 - ok
16:12:21.0862 0928	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:12:21.0902 0928	ebdrv - ok
16:12:22.0012 0928	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:12:22.0022 0928	elxstor - ok
16:12:22.0042 0928	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:12:22.0042 0928	ErrDev - ok
16:12:22.0152 0928	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:12:22.0152 0928	exfat - ok
16:12:22.0182 0928	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:12:22.0192 0928	fastfat - ok
16:12:22.0282 0928	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:12:22.0292 0928	fdc - ok
16:12:22.0312 0928	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:12:22.0312 0928	FileInfo - ok
16:12:22.0332 0928	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:12:22.0332 0928	Filetrace - ok
16:12:22.0402 0928	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:22.0412 0928	flpydisk - ok
16:12:22.0452 0928	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:12:22.0462 0928	FltMgr - ok
16:12:22.0502 0928	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:12:22.0502 0928	FsDepends - ok
16:12:22.0582 0928	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:22.0582 0928	Fs_Rec - ok
16:12:22.0662 0928	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:12:22.0662 0928	fvevol - ok
16:12:22.0722 0928	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:12:22.0722 0928	gagp30kx - ok
16:12:22.0812 0928	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:12:22.0812 0928	GEARAspiWDM - ok
16:12:22.0852 0928	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:12:22.0852 0928	hcw85cir - ok
16:12:22.0942 0928	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:12:22.0952 0928	HdAudAddService - ok
16:12:23.0022 0928	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:12:23.0022 0928	HDAudBus - ok
16:12:23.0082 0928	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:12:23.0082 0928	HidBatt - ok
16:12:23.0092 0928	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:12:23.0102 0928	HidBth - ok
16:12:23.0112 0928	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:12:23.0112 0928	HidIr - ok
16:12:23.0192 0928	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:12:23.0192 0928	HidUsb - ok
16:12:23.0322 0928	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:12:23.0322 0928	HpSAMD - ok
16:12:23.0432 0928	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:12:23.0452 0928	HTTP - ok
16:12:23.0462 0928	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:12:23.0462 0928	hwpolicy - ok
16:12:23.0562 0928	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:12:23.0562 0928	i8042prt - ok
16:12:23.0602 0928	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:12:23.0612 0928	iaStorV - ok
16:12:23.0712 0928	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:12:23.0712 0928	iirsp - ok
16:12:23.0842 0928	IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
16:12:23.0872 0928	IntcAzAudAddService - ok
16:12:23.0972 0928	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:12:23.0972 0928	intelide - ok
16:12:24.0022 0928	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:12:24.0022 0928	intelppm - ok
16:12:24.0072 0928	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:24.0072 0928	IpFilterDriver - ok
16:12:24.0092 0928	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:12:24.0092 0928	IPMIDRV - ok
16:12:24.0112 0928	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:12:24.0112 0928	IPNAT - ok
16:12:24.0212 0928	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:12:24.0212 0928	IRENUM - ok
16:12:24.0232 0928	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:12:24.0232 0928	isapnp - ok
16:12:24.0302 0928	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:12:24.0312 0928	iScsiPrt - ok
16:12:24.0352 0928	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:24.0362 0928	kbdclass - ok
16:12:24.0452 0928	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:24.0452 0928	kbdhid - ok
16:12:24.0512 0928	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:12:24.0512 0928	KSecDD - ok
16:12:24.0532 0928	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:12:24.0532 0928	KSecPkg - ok
16:12:24.0622 0928	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:12:24.0622 0928	ksthunk - ok
16:12:24.0732 0928	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:24.0732 0928	lltdio - ok
16:12:24.0782 0928	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:12:24.0782 0928	LSI_FC - ok
16:12:24.0852 0928	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:12:24.0862 0928	LSI_SAS - ok
16:12:24.0892 0928	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:12:24.0892 0928	LSI_SAS2 - ok
16:12:24.0982 0928	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:12:24.0982 0928	LSI_SCSI - ok
16:12:25.0032 0928	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:12:25.0032 0928	luafv - ok
16:12:25.0142 0928	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:12:25.0142 0928	MBAMProtector - ok
16:12:25.0182 0928	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:12:25.0182 0928	megasas - ok
16:12:25.0252 0928	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:12:25.0252 0928	MegaSR - ok
16:12:25.0302 0928	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:12:25.0302 0928	Modem - ok
16:12:25.0382 0928	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:12:25.0382 0928	monitor - ok
16:12:25.0422 0928	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:12:25.0422 0928	mouclass - ok
16:12:25.0492 0928	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:12:25.0492 0928	mouhid - ok
16:12:25.0522 0928	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:12:25.0522 0928	mountmgr - ok
16:12:25.0542 0928	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:12:25.0562 0928	mpio - ok
16:12:25.0622 0928	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:12:25.0622 0928	mpsdrv - ok
16:12:25.0642 0928	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:12:25.0642 0928	MRxDAV - ok
16:12:25.0672 0928	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:25.0672 0928	mrxsmb - ok
16:12:25.0742 0928	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:25.0752 0928	mrxsmb10 - ok
16:12:25.0772 0928	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:25.0772 0928	mrxsmb20 - ok
16:12:25.0802 0928	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:12:25.0802 0928	msahci - ok
16:12:25.0882 0928	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:12:25.0882 0928	msdsm - ok
16:12:25.0932 0928	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:12:25.0932 0928	Msfs - ok
16:12:25.0952 0928	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:12:25.0952 0928	mshidkmdf - ok
16:12:26.0052 0928	MSHUSBVideo     (0bbe794e0c54621cfa8ed9b5850baaae) C:\Windows\system32\Drivers\nx6000.sys
16:12:26.0052 0928	MSHUSBVideo - ok
16:12:26.0072 0928	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:12:26.0072 0928	msisadrv - ok
16:12:26.0182 0928	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:12:26.0192 0928	MSKSSRV - ok
16:12:26.0282 0928	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:26.0282 0928	MSPCLOCK - ok
16:12:26.0312 0928	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:12:26.0312 0928	MSPQM - ok
16:12:26.0342 0928	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:12:26.0342 0928	MsRPC - ok
16:12:26.0422 0928	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:12:26.0422 0928	mssmbios - ok
16:12:26.0452 0928	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:12:26.0462 0928	MSTEE - ok
16:12:26.0482 0928	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:12:26.0492 0928	MTConfig - ok
16:12:26.0512 0928	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:12:26.0512 0928	Mup - ok
16:12:26.0632 0928	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:12:26.0642 0928	NativeWifiP - ok
16:12:26.0702 0928	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:12:26.0712 0928	NDIS - ok
16:12:26.0842 0928	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:26.0842 0928	NdisCap - ok
16:12:26.0912 0928	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:26.0912 0928	NdisTapi - ok
16:12:26.0922 0928	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:26.0932 0928	Ndisuio - ok
16:12:26.0952 0928	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:26.0952 0928	NdisWan - ok
16:12:26.0992 0928	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:12:27.0002 0928	NDProxy - ok
16:12:27.0122 0928	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:12:27.0122 0928	NetBIOS - ok
16:12:27.0182 0928	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:12:27.0182 0928	NetBT - ok
16:12:27.0292 0928	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:12:27.0292 0928	nfrd960 - ok
16:12:27.0382 0928	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:12:27.0392 0928	Npfs - ok
16:12:27.0412 0928	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:12:27.0412 0928	nsiproxy - ok
16:12:27.0452 0928	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:12:27.0472 0928	Ntfs - ok
16:12:27.0552 0928	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:12:27.0552 0928	Null - ok
16:12:27.0612 0928	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:12:27.0612 0928	nvraid - ok
16:12:27.0672 0928	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:12:27.0672 0928	nvstor - ok
16:12:27.0722 0928	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:12:27.0722 0928	nv_agp - ok
16:12:27.0792 0928	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:12:27.0792 0928	ohci1394 - ok
16:12:27.0842 0928	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:12:27.0842 0928	Parport - ok
16:12:27.0922 0928	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:12:27.0922 0928	partmgr - ok
16:12:27.0952 0928	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:12:27.0952 0928	pci - ok
16:12:27.0962 0928	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:12:27.0962 0928	pciide - ok
16:12:28.0042 0928	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:12:28.0042 0928	pcmcia - ok
16:12:28.0062 0928	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:12:28.0062 0928	pcw - ok
16:12:28.0102 0928	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:12:28.0112 0928	PEAUTH - ok
16:12:28.0302 0928	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:12:28.0302 0928	PptpMiniport - ok
16:12:28.0332 0928	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:12:28.0332 0928	Processor - ok
16:12:28.0442 0928	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:12:28.0452 0928	Psched - ok
16:12:28.0592 0928	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:12:28.0642 0928	ql2300 - ok
16:12:28.0772 0928	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:12:28.0772 0928	ql40xx - ok
16:12:28.0802 0928	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:12:28.0802 0928	QWAVEdrv - ok
16:12:28.0872 0928	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:12:28.0872 0928	RasAcd - ok
16:12:28.0922 0928	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:28.0922 0928	RasAgileVpn - ok
16:12:28.0942 0928	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:28.0942 0928	Rasl2tp - ok
16:12:29.0012 0928	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:29.0012 0928	RasPppoe - ok
16:12:29.0052 0928	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:12:29.0062 0928	RasSstp - ok
16:12:29.0082 0928	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:12:29.0092 0928	rdbss - ok
16:12:29.0162 0928	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:12:29.0162 0928	rdpbus - ok
16:12:29.0182 0928	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:29.0182 0928	RDPCDD - ok
16:12:29.0212 0928	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:12:29.0212 0928	RDPDR - ok
16:12:29.0312 0928	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:12:29.0312 0928	RDPENCDD - ok
16:12:29.0332 0928	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:12:29.0332 0928	RDPREFMP - ok
16:12:29.0352 0928	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:12:29.0352 0928	RDPWD - ok
16:12:29.0432 0928	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:12:29.0442 0928	rdyboost - ok
16:12:29.0552 0928	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:12:29.0552 0928	rspndr - ok
16:12:29.0612 0928	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:12:29.0612 0928	RTL8167 - ok
16:12:29.0692 0928	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:12:29.0692 0928	s3cap - ok
16:12:29.0732 0928	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:12:29.0732 0928	sbp2port - ok
16:12:29.0802 0928	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:12:29.0802 0928	scfilter - ok
16:12:29.0862 0928	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:12:29.0862 0928	secdrv - ok
16:12:29.0972 0928	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:12:29.0972 0928	Serenum - ok
16:12:30.0012 0928	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:12:30.0022 0928	Serial - ok
16:12:30.0042 0928	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:12:30.0042 0928	sermouse - ok
16:12:30.0122 0928	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:12:30.0122 0928	sffdisk - ok
16:12:30.0132 0928	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:12:30.0132 0928	sffp_mmc - ok
16:12:30.0142 0928	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:12:30.0142 0928	sffp_sd - ok
16:12:30.0152 0928	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:12:30.0152 0928	sfloppy - ok
16:12:30.0252 0928	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:12:30.0252 0928	SiSRaid2 - ok
16:12:30.0272 0928	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:12:30.0282 0928	SiSRaid4 - ok
16:12:30.0382 0928	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:12:30.0382 0928	Smb - ok
16:12:30.0442 0928	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:12:30.0442 0928	spldr - ok
16:12:30.0562 0928	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:12:30.0562 0928	srv - ok
16:12:30.0702 0928	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:12:30.0742 0928	srv2 - ok
16:12:30.0792 0928	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:12:30.0802 0928	srvnet - ok
16:12:30.0912 0928	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:12:30.0912 0928	stexstor - ok
16:12:30.0972 0928	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:12:30.0972 0928	storflt - ok
16:12:31.0042 0928	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:12:31.0052 0928	storvsc - ok
16:12:31.0082 0928	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:12:31.0082 0928	swenum - ok
16:12:31.0152 0928	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:12:31.0172 0928	Tcpip - ok
16:12:31.0302 0928	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:12:31.0312 0928	TCPIP6 - ok
16:12:31.0342 0928	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:12:31.0342 0928	tcpipreg - ok
16:12:31.0402 0928	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:12:31.0402 0928	TDPIPE - ok
16:12:31.0422 0928	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:12:31.0422 0928	TDTCP - ok
16:12:31.0452 0928	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:12:31.0462 0928	tdx - ok
16:12:31.0532 0928	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:12:31.0532 0928	TermDD - ok
16:12:31.0552 0928	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:31.0552 0928	tssecsrv - ok
16:12:31.0652 0928	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:12:31.0652 0928	TsUsbFlt - ok
16:12:31.0662 0928	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:12:31.0662 0928	TsUsbGD - ok
16:12:31.0772 0928	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:12:31.0772 0928	tunnel - ok
16:12:31.0792 0928	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:12:31.0792 0928	uagp35 - ok
16:12:31.0902 0928	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:12:31.0902 0928	udfs - ok
16:12:32.0002 0928	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:12:32.0002 0928	uliagpkx - ok
16:12:32.0072 0928	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:12:32.0072 0928	umbus - ok
16:12:32.0132 0928	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:12:32.0132 0928	UmPass - ok
16:12:32.0202 0928	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:12:32.0202 0928	USBAAPL64 - ok
16:12:32.0302 0928	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:12:32.0312 0928	usbaudio - ok
16:12:32.0342 0928	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:32.0342 0928	usbccgp - ok
16:12:32.0432 0928	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:12:32.0432 0928	usbcir - ok
16:12:32.0502 0928	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:12:32.0502 0928	usbehci - ok
16:12:32.0602 0928	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:12:32.0602 0928	usbhub - ok
16:12:32.0612 0928	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:12:32.0622 0928	usbohci - ok
16:12:32.0662 0928	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:12:32.0662 0928	usbprint - ok
16:12:32.0742 0928	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:12:32.0742 0928	usbscan - ok
16:12:32.0772 0928	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:12:32.0782 0928	USBSTOR - ok
16:12:32.0852 0928	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:12:32.0852 0928	usbuhci - ok
16:12:32.0882 0928	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:12:32.0892 0928	usbvideo - ok
16:12:32.0993 0928	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:12:32.0993 0928	vdrvroot - ok
16:12:33.0033 0928	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:33.0043 0928	vga - ok
16:12:33.0113 0928	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:12:33.0113 0928	VgaSave - ok
16:12:33.0143 0928	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:12:33.0153 0928	vhdmp - ok
16:12:33.0233 0928	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:12:33.0243 0928	viaide - ok
16:12:33.0273 0928	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:12:33.0283 0928	vmbus - ok
16:12:33.0353 0928	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:12:33.0353 0928	VMBusHID - ok
16:12:33.0383 0928	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:12:33.0383 0928	volmgr - ok
16:12:33.0413 0928	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:12:33.0413 0928	volmgrx - ok
16:12:33.0503 0928	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:12:33.0503 0928	volsnap - ok
16:12:33.0543 0928	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:12:33.0553 0928	vsmraid - ok
16:12:33.0623 0928	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:12:33.0633 0928	vwifibus - ok
16:12:33.0643 0928	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:12:33.0653 0928	WacomPen - ok
16:12:33.0683 0928	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0693 0928	WANARP - ok
16:12:33.0693 0928	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:33.0703 0928	Wanarpv6 - ok
16:12:33.0793 0928	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:12:33.0793 0928	Wd - ok
16:12:33.0823 0928	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:12:33.0833 0928	Wdf01000 - ok
16:12:33.0954 0928	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:33.0954 0928	WfpLwf - ok
16:12:33.0984 0928	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:12:33.0984 0928	WIMMount - ok
16:12:34.0104 0928	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:12:34.0104 0928	WinUsb - ok
16:12:34.0224 0928	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:12:34.0224 0928	WmiAcpi - ok
16:12:34.0254 0928	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:12:34.0254 0928	ws2ifsl - ok
16:12:34.0274 0928	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:12:34.0274 0928	WudfPf - ok
16:12:34.0384 0928	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:34.0384 0928	WUDFRd - ok
16:12:34.0484 0928	X6va005 - ok
16:12:34.0524 0928	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:12:34.0584 0928	\Device\Harddisk0\DR0 - ok
16:12:34.0584 0928	Boot (0x1200)   (92cba65f75de46f9a338bee178e43210) \Device\Harddisk0\DR0\Partition0
16:12:34.0584 0928	\Device\Harddisk0\DR0\Partition0 - ok
16:12:34.0594 0928	Boot (0x1200)   (1b4bc621c8789a9f31d5a8478fdfd994) \Device\Harddisk0\DR0\Partition1
16:12:34.0594 0928	\Device\Harddisk0\DR0\Partition1 - ok
16:12:34.0604 0928	============================================================
16:12:34.0604 0928	Scan finished
16:12:34.0604 0928	============================================================
16:12:34.0614 2012	Detected object count: 0
16:12:34.0614 2012	Actual detected object count: 0
16:13:14.0097 2292	Deinitialize success

Psychotic · 05.03.2012, 16:25

sieht sauber aus!

Lass zur Kontrolle einmal einen Vollständigen Scan mit Malwarebytes´ Antimalware laufen und dann einmal folgendes:

ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Poste beide Logs hier in deinen Thread!

hannyy · 06.03.2012, 17:17

So hier der ESET-Scan, hoffe der ist richtig!

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc3bfe4bc870be43b28a21120b49b356
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-05 05:16:09
# local_time=2012-03-05 06:16:09 (+0100, Mitteleuropäische Zeit)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5276757 5276757 0 0
# compatibility_mode=5893 16776573 100 94 10702 82597256 0 0
# compatibility_mode=8192 67108863 100 0 3743 3743 0 0
# scanned=14708
# found=0
# cleaned=0
# scan_time=363
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bc3bfe4bc870be43b28a21120b49b356
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-05 09:57:56
# local_time=2012-03-05 10:57:56 (+0100, Mitteleuropäische Zeit)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 5289861 5289861 0 0
# compatibility_mode=5893 16776573 100 94 23806 82610360 0 0
# compatibility_mode=8192 67108863 100 0 16847 16847 0 0
# scanned=142849
# found=0
# cleaned=0
# scan_time=4165

Malwarebyte-Log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
** :: **-PC [Administrator]

Schutz: Deaktiviert

3/6/2012 2:43:07 PM
mbam-log-2012-03-06 (14-43-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 318485
Laufzeit: 37 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Psychotic · 06.03.2012, 19:01

Logfiles sind sauber - damit sind wir durch!

OTL

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Aktualität

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Antviren-Software

Gehe sicher immer eine Antiviren-Software installiert zu haben und dass diese auch up to date ist. Auch der beste Virenscanner ist sinnlos, wenn er nicht aktuell ist!
Eine Auswahl kostenloser Antivirenprogramme:

AVG Free Anti-Virus
Avast! Free Anti-Virus
Microsoft Security Essentials
Hinweis:MSE wird auch durch Windows Updates angeboten, falls kein Virenscanner am System erkannt wird

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner, um diesen zu AdBlockPlus hinzuzufügen, reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Sei mißtrauisch in sozialen Netzwerken (z.B. MeinVZ, Facebook, etc) - auch, wenn Nachrichten/Einträge scheinbar von einem deiner Freunde stammen, bedeutet das noch lange nicht, dass sie unschädlich sind (Malware kann seinen Rechner verseucht haben).
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

Psychotic · 08.03.2012, 09:03

Schön, dass wir helfen konnten!

Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!

Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr?

Plagegeister aller Art und deren Bekämpfung: Virus heruntergeladen aber nicht ausgeführt, besteht trotzdem gefahr?