Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BOO/whistler.A im Master Bootsektor (https://www.trojaner-board.de/107574-boo-whistler-a-master-bootsektor.html)

Ischtan 05.01.2012 00:55
BOO/whistler.A im Master Bootsektor
 
Hallo,

ich habe vor einigen Tagen meinen PC neu installiert und dumm wie ich bin ihn anscheinend nicht gleich gut gesichert. Nun bekomme ich von Avira bei jedem Start folgende Meldung:
"Im Masterbootsektor von Laufwerk 'Masterbootsektor HD2' wurde ein Virus oder
unerwünschtes Programm 'BOO/Whistler.A' [virus] gefunden."

Ausfallerscheinungen sind mir glücklicherweise noch nicht aufgefallen.

Ich habe mit Malwarebytes einen Vollscan durchgeführt:
Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andi :: TABULARASA [Administrator]

Schutz: Aktiviert

03.01.2012 18:55:54
mbam-log-2012-01-03 (18-55-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1067397
Laufzeit: 5 Stunde(n), 20 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
K:\Programme\screensaver\Weather Report Screensaver\Mail.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ebenso habe ich den ESET Online Scanner ausgeführt:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 07:58:39
# local_time=2012-01-04 08:58:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6490135 6490135 0 0
# compatibility_mode=5893 16776573 100 94 4018 77263484 0 0
# compatibility_mode=8192 67108863 100 0 3799 3799 0 0
# scanned=823140
# found=3
# cleaned=0
# scan_time=73485
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll        probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean)        00000000000000000000000000000000        I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766        a variant of Java/Agent.DW trojan (unable to clean)        00000000000000000000000000000000        I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f        multiple threats (unable to clean)        00000000000000000000000000000000        I

Larusso 05.01.2012 01:23
:hallo:

Bitte lese folgendes vollständig.
Für alle Hilfesuchenden. Was muss ich vor der Eröffnung eines Themas beachten

Ischtan 05.01.2012 17:01
Zitat:
Zitat von Larusso (Beitrag 748010)
:hallo:

Bitte lese folgendes vollständig.
Für alle Hilfesuchenden. Was muss ich vor der Eröffnung eines Themas beachten
Hallo Larusso,
erst einmal herzlichen Dank für das schnelle Beachten meines Threads.
hätte ich das Malwarebytes und ESET Log nicht gleich posten sollen? Oder habe ich noch etwas anderes falsch gemacht?
Gruß,
Andreas

Larusso 05.01.2012 19:57
Mach das, was ich dir hier schreibe oder wir werden eine Ewigkeit brauchen.

Ischtan 06.01.2012 01:55
Hallo,

tut mir Leid, ich habe das verpeilt, dass es unter den 7 Regeln noch weiter geht und das da drin auch erwähnt wird. Sorry, ich war wohl etwas zu müde von der Arbeit als ich das geschrieben habe :(

Otl.txt
OTL Logfile:
Code:
OTL logfile created on: 05.01.2012 23:53:28 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Andi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,73% Memory free
8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 56,68 Gb Free Space | 47,54% Space Free | Partition Type: NTFS
Drive D: | 179,61 Gb Total Space | 64,17 Gb Free Space | 35,73% Space Free | Partition Type: NTFS
Drive H: | 254,38 Gb Total Space | 83,18 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive I: | 410,73 Gb Total Space | 186,80 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
Drive K: | 20,26 Gb Total Space | 11,08 Gb Free Space | 54,69% Space Free | Partition Type: NTFS
Drive L: | 5,47 Gb Total Space | 4,15 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
Drive P: | 48,83 Gb Total Space | 26,67 Gb Free Space | 54,62% Space Free | Partition Type: NTFS
Drive Q: | 7,67 Gb Total Space | 0,45 Gb Free Space | 5,92% Space Free | Partition Type: FAT32
Drive W: | 88,02 Gb Total Space | 24,96 Gb Free Space | 28,36% Space Free | Partition Type: NTFS
 
Computer Name: TABULARASA | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.05 23:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.18 18:42:45 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011.12.18 18:42:19 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Programme\Steam\Steam.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2007.04.09 11:32:32 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.18 18:42:45 | 014,410,024 | ---- | M] () -- D:\Programme\Steam\bin\libcef.dll
MOD - [2011.12.18 18:42:45 | 000,914,216 | ---- | M] () -- D:\Programme\Steam\bin\avcodec-52.dll
MOD - [2011.12.18 18:42:45 | 000,194,344 | ---- | M] () -- D:\Programme\Steam\bin\chromehtml.dll
MOD - [2011.12.18 18:42:45 | 000,155,432 | ---- | M] () -- D:\Programme\Steam\bin\avformat-52.dll
MOD - [2011.12.18 18:42:45 | 000,091,432 | ---- | M] () -- D:\Programme\Steam\bin\avutil-50.dll
MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- P:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.18 18:42:45 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- P:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.18 16:45:42 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.18 14:39:26 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.10 15:33:48 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.17 18:53:24 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.15 08:46:14 | 000,060,288 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.12 07:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007.04.10 05:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007.04.10 03:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007.04.10 03:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007.04.10 03:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007.04.10 03:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007.04.10 03:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007.04.10 03:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007.04.10 03:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007.04.10 03:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007.04.10 03:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.04.10 03:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.04.10 03:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.04.10 03:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.04.10 03:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.04.10 03:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007.04.10 03:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.04.10 03:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007.04.10 03:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007.04.10 03:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files (x86)\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- P:\Program Files (x86)\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 6F BC A2 05 C8 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: googlesharing@extension.thoughtcrime.org:0.22
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.1.3.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb2/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 445
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: P:\Program Files (x86)\VLC Media Player\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.11 16:41:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.10 17:08:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.20 21:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions
[2012.01.03 18:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\v4yoyhxf.default\extensions
[2011.12.03 11:40:46 | 000,000,853 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\11-suche.xml
[2011.12.03 11:40:46 | 000,002,226 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\englische-ergebnisse.xml
[2011.12.03 11:40:46 | 000,010,506 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\gmx-suche.xml
[2011.12.03 11:40:46 | 000,002,457 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\lastminute.xml
[2011.12.03 11:40:46 | 000,005,500 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\searchplugins\webde-suche.xml
[2011.12.11 16:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\USERS\ANDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V4YOYHXF.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] P:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKCU..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] P:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04BB8299-0BCA-4E3C-8964-0A7D0E15A26F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.23 22:31:52 | 000,000,016 | -H-- | M] () - Q:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2009.06.06 01:19:00 | 000,000,000 | ---- | M] () - W:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 23:50:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2012.01.05 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Orcs Must Die
[2012.01.04 18:39:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.01.04 18:39:06 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Dropbox
[2012.01.04 00:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.04 00:30:08 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
[2012.01.03 18:53:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Malwarebytes
[2012.01.03 18:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.03 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.03 18:53:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.03 18:41:50 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited
[2012.01.03 18:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.01.03 18:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.01.03 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\1&1 Mail & Media GmbH
[2012.01.02 23:19:11 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Diagnostics
[2012.01.02 17:36:59 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.02 17:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.01.02 17:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.01.02 17:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.02 17:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.02 17:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.02 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.02 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.29 01:30:06 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\vlc
[2011.12.28 14:37:45 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\ProgSense
[2011.12.28 14:37:31 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Orbit
[2011.12.27 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\My Games
[2011.12.27 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\My Games
[2011.12.27 20:08:43 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Funcom
[2011.12.25 21:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.25 21:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2011.12.25 21:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2011.12.23 21:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest Immortal Throne
[2011.12.23 21:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titan Quest
[2011.12.23 19:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\createonepart
[2011.12.23 18:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart
[2011.12.23 18:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2011.12.23 18:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2011.12.23 18:53:09 | 000,037,456 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys
[2011.12.23 18:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 11 Free
[2011.12.23 18:53:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.12.23 18:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2011.12.23 12:25:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.12.20 00:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.12.20 00:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.12.18 18:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.18 18:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.12.18 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArenaWars
[2011.12.18 17:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArenaWars
[2011.12.18 16:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.12.18 16:23:49 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.12.18 13:48:13 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.12.18 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2011.12.18 13:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2011.12.18 13:26:43 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.12.18 13:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011.12.18 13:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft
[2011.12.18 13:18:30 | 000,069,632 | ---- | C] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2011.12.18 13:14:32 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Venetica
[2011.12.18 13:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.12.18 13:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2011.12.18 13:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2011.12.18 13:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.12.18 13:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2011.12.18 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Bioshock
[2011.12.18 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Bioshock
[2011.12.18 12:31:12 | 000,000,000 | RH-D | C] -- C:\Users\Andi\AppData\Roaming\SecuROM
[2011.12.18 12:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011.12.18 12:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2011.12.18 12:26:44 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.16 17:17:28 | 000,000,000 | ---D | C] -- C:\Users\Andi\restore
[2011.12.16 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2011.12.16 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2011.12.16 17:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
[2011.12.16 16:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2011.12.16 16:25:12 | 000,119,296 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\opnetext.dll
[2011.12.16 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Okidata
[2011.12.16 16:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.12.16 16:24:58 | 000,029,184 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OKLMON64.DLL
[2011.12.16 16:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\OPPU
[2011.12.16 16:24:55 | 000,054,784 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPUSBEXT.DLL
[2011.12.16 16:24:55 | 000,039,936 | ---- | C] (Oki Data Corporation) -- C:\Windows\SysNative\OPEXTUAC.DLL
[2011.12.13 21:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.12.13 21:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.13 21:51:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.13 21:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.13 21:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.12.13 21:47:26 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Microsoft Help
[2011.12.13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.12.13 21:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 21:47:05 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.12.12 22:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drakensang - Am Fluss der Zeit
[2011.12.12 22:38:50 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Adobe
[2011.12.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.12.12 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.12.12 22:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.12.12 17:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.12.11 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Thunderbird
[2011.12.11 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Thunderbird
[2011.12.10 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Macromedia
[2011.12.10 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Adobe
[2011.12.10 17:35:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.12.10 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Opera
[2011.12.10 17:20:51 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\Opera
[2011.12.10 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011.12.10 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.10 17:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011.12.10 17:05:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.12.10 17:04:02 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\InstallShield
[2011.12.10 16:53:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ
[2011.12.10 16:50:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.12.10 16:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.12.10 16:49:24 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\2DBoy
[2011.12.10 16:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2011.12.10 16:47:06 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.12.10 16:46:57 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.12.10 16:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Goo
[2011.12.10 13:50:15 | 000,000,000 | ---D | C] -- C:\Games to not install
[2011.12.10 13:46:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Drakensang
[2011.12.10 13:44:28 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Drakensang_TRoT
[2011.12.10 13:44:24 | 000,000,000 | ---D | C] -- C:\saves
[2007.04.09 11:32:58 | 000,034,816 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2007.04.09 11:19:16 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 23:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2012.01.05 23:50:07 | 000,000,000 | ---- | M] () -- C:\Users\Andi\defogger_reenable
[2012.01.05 23:49:02 | 000,050,477 | ---- | M] () -- C:\Users\Andi\Desktop\Defogger.exe
[2012.01.05 22:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 17:08:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.05 17:08:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.05 17:08:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.05 17:08:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.05 17:08:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.05 16:49:28 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 16:49:28 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 16:42:06 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 01:40:01 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx
[2012.01.05 01:40:01 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx
[2012.01.05 01:40:01 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx
[2012.01.05 01:40:01 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx
[2012.01.05 01:40:01 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000006-00001102-00000004-20021102}.rfx
[2012.01.04 18:43:15 | 000,001,040 | ---- | M] () -- C:\Users\Andi\Desktop\Dropbox.lnk
[2012.01.04 18:39:28 | 000,001,020 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.04 00:30:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe
[2012.01.02 17:36:09 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.02 17:34:36 | 000,009,658 | ---- | M] () -- C:\Users\Andi\Documents\cc_20120102_173432.reg
[2012.01.02 17:05:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.02 16:57:21 | 000,000,212 | ---- | M] () -- C:\Users\Andi\Desktop\Orcs Must Die!.url
[2011.12.30 02:37:47 | 000,198,426 | ---- | M] () -- C:\Users\Andi\Desktop\Ostafrika_Flyer_Schirmherrschaft_01.pdf
[2011.12.28 15:12:33 | 000,000,201 | ---- | M] () -- C:\Users\Andi\Desktop\Might and Magic Heroes VI Demo.url
[2011.12.28 14:28:34 | 000,005,120 | ---- | M] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 16:32:16 | 000,000,184 | ---- | M] () -- C:\Users\Andi\Desktop\Trine 2 Demo.url
[2011.12.23 21:32:19 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest - Immortal Throne.lnk
[2011.12.23 21:20:34 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2011.12.23 18:53:09 | 000,002,385 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Free.lnk
[2011.12.20 00:21:12 | 000,000,925 | ---- | M] () -- C:\Users\Andi\Desktop\Fall from Heaven 2.lnk
[2011.12.18 18:42:10 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.18 17:17:01 | 000,000,726 | ---- | M] () -- C:\Users\Andi\Desktop\ArenaWars.lnk
[2011.12.18 16:45:42 | 000,310,728 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.12.18 16:23:50 | 000,000,575 | ---- | M] () -- C:\Users\Andi\Desktop\Serious Sam 2.lnk
[2011.12.18 14:39:26 | 000,042,696 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.12.18 14:05:16 | 000,049,964 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011.12.18 14:05:16 | 000,000,767 | ---- | M] () -- C:\Users\Andi\Desktop\Frozen Throne.lnk
[2011.12.18 14:00:18 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.12.18 14:00:18 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2011.12.18 13:50:18 | 000,000,762 | ---- | M] () -- C:\Users\Andi\Desktop\Warcraft III.lnk
[2011.12.18 13:26:14 | 000,029,104 | ---- | M] () -- C:\Windows\scunin.dat
[2011.12.18 13:26:13 | 000,069,632 | ---- | M] (Blizzard Entertainment) -- C:\Windows\ScUnin.exe
[2011.12.18 13:26:13 | 000,000,967 | ---- | M] () -- C:\Windows\ScUnin.pif
[2011.12.18 13:04:03 | 000,000,948 | ---- | M] () -- C:\Users\Andi\Desktop\Venetica.lnk
[2011.12.18 12:28:54 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\BioShock.lnk
[2011.12.18 12:26:44 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.16 15:59:36 | 000,340,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.12 22:46:21 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Drakensang - Am Fluss der Zeit.lnk
[2011.12.11 16:41:03 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.11 07:40:04 | 595,550,200 | ---- | M] () -- C:\Users\Andi\Documents\Thunderbird 8.0 (en-US) - 2011-12-11.pcv
[2011.12.10 17:23:18 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Soulstorm.lnk
[2011.12.10 17:17:20 | 000,001,621 | ---- | M] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2011.12.10 17:08:20 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.12.10 17:05:04 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Dark Crusade.lnk
[2011.12.10 16:56:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.12.10 16:56:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.12.10 16:53:25 | 000,002,941 | ---- | M] () -- C:\Users\Andi\Desktop\Dawn of War.lnk
[2011.12.10 16:53:25 | 000,002,935 | ---- | M] () -- C:\Users\Andi\Desktop\Winter Assault.lnk
[2011.12.10 16:46:10 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2011.12.10 16:27:32 | 203,099,834 | ---- | M] () -- C:\Users\Andi\Documents\Firefox 8.0 (en-US) - 2011-12-10.pcv
[2011.12.10 15:33:48 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.05 23:50:07 | 000,000,000 | ---- | C] () -- C:\Users\Andi\defogger_reenable
[2012.01.05 23:49:01 | 000,050,477 | ---- | C] () -- C:\Users\Andi\Desktop\Defogger.exe
[2012.01.04 18:43:15 | 000,001,040 | ---- | C] () -- C:\Users\Andi\Desktop\Dropbox.lnk
[2012.01.04 18:39:28 | 000,001,020 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.03 18:41:46 | 000,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.03 18:16:09 | 000,002,043 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WEB.DE.lnk
[2012.01.02 17:36:09 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.01.02 17:34:33 | 000,009,658 | ---- | C] () -- C:\Users\Andi\Documents\cc_20120102_173432.reg
[2012.01.02 17:05:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.02 14:58:44 | 000,000,212 | ---- | C] () -- C:\Users\Andi\Desktop\Orcs Must Die!.url
[2011.12.30 02:37:46 | 000,198,426 | ---- | C] () -- C:\Users\Andi\Desktop\Ostafrika_Flyer_Schirmherrschaft_01.pdf
[2011.12.28 14:27:30 | 000,005,120 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.27 20:07:24 | 000,000,201 | ---- | C] () -- C:\Users\Andi\Desktop\Might and Magic Heroes VI Demo.url
[2011.12.26 16:32:16 | 000,000,184 | ---- | C] () -- C:\Users\Andi\Desktop\Trine 2 Demo.url
[2011.12.23 21:32:19 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest - Immortal Throne.lnk
[2011.12.23 21:20:34 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\Titan Quest.lnk
[2011.12.23 20:05:54 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.12.23 18:53:09 | 000,002,385 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Free.lnk
[2011.12.20 00:21:12 | 000,000,925 | ---- | C] () -- C:\Users\Andi\Desktop\Fall from Heaven 2.lnk
[2011.12.18 18:42:10 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.18 17:17:01 | 000,000,726 | ---- | C] () -- C:\Users\Andi\Desktop\ArenaWars.lnk
[2011.12.18 16:23:50 | 000,000,575 | ---- | C] () -- C:\Users\Andi\Desktop\Serious Sam 2.lnk
[2011.12.18 14:39:26 | 000,310,728 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2011.12.18 14:39:26 | 000,042,696 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2011.12.18 14:05:16 | 000,000,767 | ---- | C] () -- C:\Users\Andi\Desktop\Frozen Throne.lnk
[2011.12.18 13:50:18 | 000,000,762 | ---- | C] () -- C:\Users\Andi\Desktop\Warcraft III.lnk
[2011.12.18 13:48:13 | 000,049,964 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.12.18 13:48:13 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2011.12.18 13:18:31 | 000,029,104 | ---- | C] () -- C:\Windows\scunin.dat
[2011.12.18 13:18:30 | 000,000,967 | ---- | C] () -- C:\Windows\ScUnin.pif
[2011.12.18 13:04:03 | 000,000,948 | ---- | C] () -- C:\Users\Andi\Desktop\Venetica.lnk
[2011.12.18 12:28:54 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\BioShock.lnk
[2011.12.16 16:25:12 | 000,003,224 | ---- | C] () -- C:\Windows\SysNative\opnedef.str
[2011.12.16 16:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\opnetext.gid
[2011.12.16 16:25:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OPNETEXT.GID
[2011.12.12 22:46:21 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Drakensang - Am Fluss der Zeit.lnk
[2011.12.12 22:36:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.11 16:41:03 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.11 07:52:59 | 595,550,200 | ---- | C] () -- C:\Users\Andi\Documents\Thunderbird 8.0 (en-US) - 2011-12-11.pcv
[2011.12.11 07:52:35 | 203,099,834 | ---- | C] () -- C:\Users\Andi\Documents\Firefox 8.0 (en-US) - 2011-12-10.pcv
[2011.12.10 17:23:18 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Soulstorm.lnk
[2011.12.10 17:17:20 | 000,001,621 | ---- | C] () -- C:\Users\Public\Desktop\BattleForge™.lnk
[2011.12.10 17:14:27 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.12.10 17:08:20 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.12.10 17:08:20 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.12.10 17:05:04 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\Dark Crusade.lnk
[2011.12.10 16:56:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.12.10 16:56:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.12.10 16:53:25 | 000,002,941 | ---- | C] () -- C:\Users\Andi\Desktop\Dawn of War.lnk
[2011.12.10 16:53:25 | 000,002,935 | ---- | C] () -- C:\Users\Andi\Desktop\Winter Assault.lnk
[2011.12.10 16:47:33 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.12.10 16:46:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.12.10 16:46:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.12.10 16:46:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.12.10 16:46:34 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.12.10 16:46:33 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.12.10 16:46:10 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2011.10.20 19:51:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007.10.12 23:20:06 | 000,151,417 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2007.04.12 07:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2007.04.09 11:55:14 | 000,097,785 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2007.04.09 11:55:14 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2007.04.09 11:33:50 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2007.04.09 11:32:32 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2007.04.09 11:24:30 | 000,325,821 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2007.04.09 11:24:30 | 000,046,273 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2007.04.09 11:19:20 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2007.04.09 11:19:20 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2007.04.09 11:19:18 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2006.10.02 08:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2005.06.16 09:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
 
========== LOP Check ==========
 
[2012.01.03 18:16:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.18 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Bioshock
[2012.01.03 18:41:50 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Canneverbe Limited
[2012.01.05 17:16:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Dropbox
[2011.12.10 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Opera
[2011.12.30 03:57:24 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Orbit
[2011.12.28 14:37:45 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ProgSense
[2011.12.11 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Thunderbird
[2009.07.14 06:08:49 | 000,016,254 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.20 21:08:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.11 06:47:23 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.10 14:02:20 | 000,000,000 | ---D | M] -- C:\Games to not install
[2011.12.13 21:47:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.03 18:19:07 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.04 00:30:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.03 18:53:50 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.20 21:08:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.31 17:57:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.18 12:33:32 | 000,000,000 | ---D | M] -- C:\saves
[2012.01.05 23:54:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.20 21:08:21 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.05 17:34:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---


Extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 05.01.2012 23:53:28 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Andi\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,73% Memory free
8,00 Gb Paging File | 6,24 Gb Available in Paging File | 78,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 56,68 Gb Free Space | 47,54% Space Free | Partition Type: NTFS
Drive D: | 179,61 Gb Total Space | 64,17 Gb Free Space | 35,73% Space Free | Partition Type: NTFS
Drive H: | 254,38 Gb Total Space | 83,18 Gb Free Space | 32,70% Space Free | Partition Type: NTFS
Drive I: | 410,73 Gb Total Space | 186,80 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
Drive K: | 20,26 Gb Total Space | 11,08 Gb Free Space | 54,69% Space Free | Partition Type: NTFS
Drive L: | 5,47 Gb Total Space | 4,15 Gb Free Space | 75,87% Space Free | Partition Type: NTFS
Drive P: | 48,83 Gb Total Space | 26,67 Gb Free Space | 54,62% Space Free | Partition Type: NTFS
Drive Q: | 7,67 Gb Total Space | 0,45 Gb Free Space | 5,92% Space Free | Partition Type: FAT32
Drive W: | 88,02 Gb Total Space | 24,96 Gb Free Space | 28,36% Space Free | Partition Type: NTFS
 
Computer Name: TABULARASA | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OnlineFotoservice] -- "P:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "P:\Program Files (x86)\VLC Media Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{47E5588F-C3A0-11DE-9857-005056C00008}" = Paragon Partition Manager™ 11 Free
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Conan_is1" = Age of Conan: Unchained
"ArenaWars" = ArenaWars
"Avira AntiVir Desktop" = Avira Free Antivirus
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.2
"InstallShield_{D4658131-9D1A-4395-876D-968E38FE8ED5}" = Universe at War Earth Assault
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Opera 11.60.1185" = Opera 11.60
"SeriousSam2" = Serious Sam 2
"Starcraft" = Starcraft
"Steam App 10" = Counter-Strike
"Steam App 102600" = Orcs Must Die!
"Steam App 204260" = Trine 2 Demo
"Steam App 48280" = Might and Magic Heroes VI Demo
"Steam App 65900" = Sid Meier's Civilization V - Demo
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.1.11
"Warcraft III" = Warcraft III
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.01.2012 11:36:52 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: af0    Startzeit:
01ccca2d5ba37b43    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 bebd2fe4-3620-11e1-a549-002185618301 
 
Error - 03.01.2012 12:31:05 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fa0    Startzeit:
01ccca34e1326ccc    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 4a9543a6-3628-11e1-a549-002185618301 
 
Error - 03.01.2012 12:32:59 | Computer Name = Tabularasa | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9f0    Startzeit:
01ccca3518376922    Endzeit: 16    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9637c93c-3628-11e1-a549-002185618301 
 
Error - 03.01.2012 19:30:14 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "P:\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.01.2012 19:30:28 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.01.2012 19:30:29 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.01.2012 19:30:29 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.01.2012 19:30:33 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 04.01.2012 13:39:23 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andi\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 04.01.2012 16:23:20 | Computer Name = Tabularasa | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 04.01.2012 18:32:53 | Computer Name = Tabularasa | Source = bowser | ID = 8003
Description =
 
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 05.01.2012 11:42:16 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.01.2012 11:42:24 | Computer Name = Tabularasa | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 05.01.2012 11:42:24 | Computer Name = Tabularasa | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 05.01.2012 17:34:17 | Computer Name = Tabularasa | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 05.01.2012 17:34:18 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 05.01.2012 17:34:18 | Computer Name = Tabularasa | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---


Ich hoffe jetzt passt alles. Danke für die Geduld!

Larusso 06.01.2012 13:14
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort
aswMBR.txt
TDSSKiller Log

Ischtan 06.01.2012 14:25
Hallo,

aswMBR.txt
Code:
aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 14:16:11
-----------------------------
14:16:11.265    OS Version: Windows x64 6.1.7601 Service Pack 1
14:16:11.265    Number of processors: 4 586 0xF0B
14:16:11.265    ComputerName: TABULARASA  UserName: Andi
14:16:11.437    Initialize success
14:18:05.746    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
14:18:05.746    Disk 0 Vendor: M4-CT128M4SSD2 0009 Size: 122104MB BusType: 3
14:18:05.746    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
14:18:05.746    Disk 1 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
14:18:05.761    Disk 0 MBR read successfully
14:18:05.761    Disk 0 MBR scan
14:18:05.761    Disk 0 Windows 7 default MBR code
14:18:05.761    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      122102 MB offset 2048
14:18:05.777    Service scanning
14:18:07.555    Modules scanning
14:18:07.555    Disk 0 trace - called modules:
14:18:07.555    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:18:07.571    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044d1060]
14:18:07.571    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80042d8520]
14:18:07.571    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-7[0xfffffa80042d7060]
14:18:07.586    Scan finished successfully
14:18:40.112    Disk 0 MBR has been saved successfully to "C:\Users\Andi\Desktop\MBR.dat"
14:18:40.112    The log file has been saved successfully to "C:\Users\Andi\Desktop\aswMBR.txt"
TDSSKiller
Code:
14:21:56.0968 1756        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
14:21:57.0092 1756        ============================================================
14:21:57.0092 1756        Current date / time: 2012/01/06 14:21:57.0092
14:21:57.0092 1756        SystemInfo:
14:21:57.0092 1756       
14:21:57.0092 1756        OS Version: 6.1.7601 ServicePack: 1.0
14:21:57.0092 1756        Product type: Workstation
14:21:57.0092 1756        ComputerName: TABULARASA
14:21:57.0092 1756        UserName: Andi
14:21:57.0092 1756        Windows directory: C:\Windows
14:21:57.0092 1756        System windows directory: C:\Windows
14:21:57.0092 1756        Running under WOW64
14:21:57.0092 1756        Processor architecture: Intel x64
14:21:57.0092 1756        Number of processors: 4
14:21:57.0092 1756        Page size: 0x1000
14:21:57.0092 1756        Boot type: Normal boot
14:21:57.0092 1756        ============================================================
14:21:57.0404 1756        Initialize success
14:22:05.0735 2680        ============================================================
14:22:05.0735 2680        Scan started
14:22:05.0735 2680        Mode: Manual;
14:22:05.0735 2680        ============================================================
14:22:05.0891 2680        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:22:05.0891 2680        1394ohci - ok
14:22:05.0906 2680        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:22:05.0906 2680        ACPI - ok
14:22:05.0906 2680        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:22:05.0906 2680        AcpiPmi - ok
14:22:05.0922 2680        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:22:05.0938 2680        adp94xx - ok
14:22:05.0938 2680        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:22:05.0938 2680        adpahci - ok
14:22:05.0953 2680        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:22:05.0953 2680        adpu320 - ok
14:22:05.0969 2680        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:22:05.0969 2680        AFD - ok
14:22:05.0984 2680        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:22:05.0984 2680        agp440 - ok
14:22:06.0000 2680        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:22:06.0000 2680        aliide - ok
14:22:06.0000 2680        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:22:06.0000 2680        amdide - ok
14:22:06.0016 2680        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:22:06.0016 2680        AmdK8 - ok
14:22:06.0031 2680        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:22:06.0031 2680        AmdPPM - ok
14:22:06.0031 2680        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:22:06.0031 2680        amdsata - ok
14:22:06.0047 2680        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:22:06.0047 2680        amdsbs - ok
14:22:06.0062 2680        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:22:06.0062 2680        amdxata - ok
14:22:06.0078 2680        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:22:06.0078 2680        AppID - ok
14:22:06.0094 2680        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:22:06.0094 2680        arc - ok
14:22:06.0094 2680        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:22:06.0094 2680        arcsas - ok
14:22:06.0109 2680        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:06.0109 2680        AsyncMac - ok
14:22:06.0109 2680        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:22:06.0109 2680        atapi - ok
14:22:06.0187 2680        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:06.0234 2680        atikmdag - ok
14:22:06.0250 2680        atksgt          (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
14:22:06.0250 2680        atksgt - ok
14:22:06.0265 2680        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:06.0265 2680        avgntflt - ok
14:22:06.0281 2680        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
14:22:06.0281 2680        avipbb - ok
14:22:06.0281 2680        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:22:06.0281 2680        avkmgr - ok
14:22:06.0296 2680        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:22:06.0312 2680        b06bdrv - ok
14:22:06.0312 2680        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:06.0328 2680        b57nd60a - ok
14:22:06.0328 2680        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:22:06.0328 2680        Beep - ok
14:22:06.0343 2680        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:06.0343 2680        blbdrive - ok
14:22:06.0359 2680        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:22:06.0359 2680        bowser - ok
14:22:06.0374 2680        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:22:06.0374 2680        BrFiltLo - ok
14:22:06.0374 2680        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:22:06.0374 2680        BrFiltUp - ok
14:22:06.0390 2680        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:22:06.0406 2680        Brserid - ok
14:22:06.0406 2680        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:06.0406 2680        BrSerWdm - ok
14:22:06.0421 2680        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:06.0421 2680        BrUsbMdm - ok
14:22:06.0421 2680        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:06.0421 2680        BrUsbSer - ok
14:22:06.0437 2680        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:22:06.0437 2680        BTHMODEM - ok
14:22:06.0452 2680        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:06.0452 2680        cdfs - ok
14:22:06.0468 2680        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:22:06.0468 2680        cdrom - ok
14:22:06.0468 2680        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:22:06.0484 2680        circlass - ok
14:22:06.0484 2680        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:22:06.0484 2680        CLFS - ok
14:22:06.0515 2680        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:22:06.0515 2680        CmBatt - ok
14:22:06.0515 2680        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:22:06.0515 2680        cmdide - ok
14:22:06.0530 2680        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:22:06.0530 2680        CNG - ok
14:22:06.0546 2680        COMMONFX.DLL    (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
14:22:06.0546 2680        COMMONFX.DLL - ok
14:22:06.0546 2680        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:22:06.0546 2680        Compbatt - ok
14:22:06.0562 2680        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:22:06.0562 2680        CompositeBus - ok
14:22:06.0577 2680        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:22:06.0577 2680        crcdisk - ok
14:22:06.0593 2680        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:22:06.0593 2680        CSC - ok
14:22:06.0608 2680        CT20XUT.DLL    (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
14:22:06.0608 2680        CT20XUT.DLL - ok
14:22:06.0624 2680        ctac32k        (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys
14:22:06.0624 2680        ctac32k - ok
14:22:06.0640 2680        ctaud2k        (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys
14:22:06.0655 2680        ctaud2k - ok
14:22:06.0671 2680        CTAUDFX.DLL    (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
14:22:06.0671 2680        CTAUDFX.DLL - ok
14:22:06.0686 2680        CTEAPSFX.DLL    (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
14:22:06.0686 2680        CTEAPSFX.DLL - ok
14:22:06.0686 2680        CTEDSPFX.DLL    (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
14:22:06.0702 2680        CTEDSPFX.DLL - ok
14:22:06.0702 2680        CTEDSPIO.DLL    (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
14:22:06.0702 2680        CTEDSPIO.DLL - ok
14:22:06.0718 2680        CTEDSPSY.DLL    (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
14:22:06.0718 2680        CTEDSPSY.DLL - ok
14:22:06.0733 2680        CTERFXFX.DLL    (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
14:22:06.0733 2680        CTERFXFX.DLL - ok
14:22:06.0749 2680        CTEXFIFX.DLL    (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
14:22:06.0764 2680        CTEXFIFX.DLL - ok
14:22:06.0780 2680        CTHWIUT.DLL    (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
14:22:06.0780 2680        CTHWIUT.DLL - ok
14:22:06.0780 2680        ctprxy2k        (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys
14:22:06.0780 2680        ctprxy2k - ok
14:22:06.0796 2680        CTSBLFX.DLL    (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
14:22:06.0811 2680        CTSBLFX.DLL - ok
14:22:06.0811 2680        ctsfm2k        (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys
14:22:06.0827 2680        ctsfm2k - ok
14:22:06.0827 2680        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:22:06.0842 2680        DfsC - ok
14:22:06.0842 2680        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:22:06.0858 2680        discache - ok
14:22:06.0858 2680        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:22:06.0858 2680        Disk - ok
14:22:06.0874 2680        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:22:06.0874 2680        drmkaud - ok
14:22:06.0889 2680        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:06.0905 2680        DXGKrnl - ok
14:22:06.0936 2680        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:22:06.0967 2680        ebdrv - ok
14:22:06.0998 2680        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:22:06.0998 2680        elxstor - ok
14:22:07.0014 2680        emupia          (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys
14:22:07.0014 2680        emupia - ok
14:22:07.0014 2680        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:22:07.0014 2680        ErrDev - ok
14:22:07.0030 2680        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:22:07.0045 2680        exfat - ok
14:22:07.0045 2680        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:22:07.0061 2680        fastfat - ok
14:22:07.0061 2680        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:22:07.0076 2680        fdc - ok
14:22:07.0076 2680        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:22:07.0092 2680        FileInfo - ok
14:22:07.0092 2680        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:22:07.0108 2680        Filetrace - ok
14:22:07.0108 2680        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:07.0108 2680        flpydisk - ok
14:22:07.0123 2680        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:22:07.0123 2680        FltMgr - ok
14:22:07.0139 2680        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:22:07.0139 2680        FsDepends - ok
14:22:07.0154 2680        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:07.0154 2680        Fs_Rec - ok
14:22:07.0154 2680        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:22:07.0154 2680        fvevol - ok
14:22:07.0170 2680        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:22:07.0170 2680        gagp30kx - ok
14:22:07.0201 2680        ha10kx2k        (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys
14:22:07.0201 2680        ha10kx2k - ok
14:22:07.0217 2680        hap16v2k        (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys
14:22:07.0217 2680        hap16v2k - ok
14:22:07.0232 2680        hap17v2k        (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys
14:22:07.0232 2680        hap17v2k - ok
14:22:07.0232 2680        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:22:07.0248 2680        hcw85cir - ok
14:22:07.0248 2680        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:22:07.0264 2680        HdAudAddService - ok
14:22:07.0264 2680        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:22:07.0264 2680        HDAudBus - ok
14:22:07.0279 2680        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:22:07.0279 2680        HidBatt - ok
14:22:07.0279 2680        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:22:07.0295 2680        HidBth - ok
14:22:07.0295 2680        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:22:07.0295 2680        HidIr - ok
14:22:07.0310 2680        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:22:07.0310 2680        HidUsb - ok
14:22:07.0326 2680        hotcore3        (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys
14:22:07.0326 2680        hotcore3 - ok
14:22:07.0326 2680        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:22:07.0326 2680        HpSAMD - ok
14:22:07.0342 2680        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:22:07.0357 2680        HTTP - ok
14:22:07.0357 2680        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:22:07.0357 2680        hwpolicy - ok
14:22:07.0373 2680        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:22:07.0373 2680        i8042prt - ok
14:22:07.0388 2680        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:22:07.0388 2680        iaStorV - ok
14:22:07.0404 2680        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:22:07.0404 2680        iirsp - ok
14:22:07.0420 2680        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:22:07.0420 2680        intelide - ok
14:22:07.0435 2680        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:22:07.0435 2680        intelppm - ok
14:22:07.0435 2680        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:07.0435 2680        IpFilterDriver - ok
14:22:07.0451 2680        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:22:07.0451 2680        IPMIDRV - ok
14:22:07.0466 2680        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:22:07.0466 2680        IPNAT - ok
14:22:07.0482 2680        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:22:07.0482 2680        IRENUM - ok
14:22:07.0498 2680        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:22:07.0498 2680        isapnp - ok
14:22:07.0529 2680        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:22:07.0529 2680        iScsiPrt - ok
14:22:07.0544 2680        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:22:07.0544 2680        kbdclass - ok
14:22:07.0544 2680        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:22:07.0544 2680        kbdhid - ok
14:22:07.0560 2680        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:22:07.0560 2680        KSecDD - ok
14:22:07.0576 2680        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:22:07.0576 2680        KSecPkg - ok
14:22:07.0576 2680        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:22:07.0576 2680        ksthunk - ok
14:22:07.0607 2680        lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
14:22:07.0607 2680        lirsgt - ok
14:22:07.0607 2680        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:07.0607 2680        lltdio - ok
14:22:07.0622 2680        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:22:07.0622 2680        LSI_FC - ok
14:22:07.0638 2680        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:22:07.0638 2680        LSI_SAS - ok
14:22:07.0654 2680        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:22:07.0654 2680        LSI_SAS2 - ok
14:22:07.0654 2680        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:22:07.0654 2680        LSI_SCSI - ok
14:22:07.0669 2680        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:22:07.0669 2680        luafv - ok
14:22:07.0685 2680        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:22:07.0685 2680        MBAMProtector - ok
14:22:07.0700 2680        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:22:07.0700 2680        megasas - ok
14:22:07.0700 2680        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:22:07.0716 2680        MegaSR - ok
14:22:07.0716 2680        MHIKEY10        (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
14:22:07.0716 2680        MHIKEY10 - ok
14:22:07.0732 2680        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:22:07.0732 2680        Modem - ok
14:22:07.0732 2680        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:22:07.0732 2680        monitor - ok
14:22:07.0747 2680        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:22:07.0747 2680        mouclass - ok
14:22:07.0763 2680        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:07.0763 2680        mouhid - ok
14:22:07.0763 2680        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:22:07.0763 2680        mountmgr - ok
14:22:07.0778 2680        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:22:07.0778 2680        mpio - ok
14:22:07.0794 2680        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:22:07.0794 2680        mpsdrv - ok
14:22:07.0794 2680        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:22:07.0810 2680        MRxDAV - ok
14:22:07.0810 2680        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:07.0825 2680        mrxsmb - ok
14:22:07.0841 2680        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:07.0841 2680        mrxsmb10 - ok
14:22:07.0856 2680        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:07.0856 2680        mrxsmb20 - ok
14:22:07.0872 2680        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:22:07.0872 2680        msahci - ok
14:22:07.0872 2680        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:22:07.0872 2680        msdsm - ok
14:22:07.0888 2680        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:22:07.0888 2680        Msfs - ok
14:22:07.0903 2680        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:22:07.0903 2680        mshidkmdf - ok
14:22:07.0919 2680        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:22:07.0919 2680        msisadrv - ok
14:22:07.0934 2680        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:07.0934 2680        MSKSSRV - ok
14:22:07.0934 2680        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:07.0934 2680        MSPCLOCK - ok
14:22:07.0950 2680        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:22:07.0950 2680        MSPQM - ok
14:22:07.0966 2680        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:22:07.0966 2680        MsRPC - ok
14:22:07.0981 2680        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:22:07.0981 2680        mssmbios - ok
14:22:07.0981 2680        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:22:07.0981 2680        MSTEE - ok
14:22:07.0997 2680        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:22:07.0997 2680        MTConfig - ok
14:22:08.0012 2680        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:22:08.0012 2680        Mup - ok
14:22:08.0028 2680        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:08.0028 2680        NativeWifiP - ok
14:22:08.0044 2680        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:22:08.0059 2680        NDIS - ok
14:22:08.0059 2680        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:08.0059 2680        NdisCap - ok
14:22:08.0075 2680        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:08.0075 2680        NdisTapi - ok
14:22:08.0090 2680        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:08.0090 2680        Ndisuio - ok
14:22:08.0090 2680        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:08.0090 2680        NdisWan - ok
14:22:08.0106 2680        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:22:08.0106 2680        NDProxy - ok
14:22:08.0122 2680        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:22:08.0122 2680        NetBIOS - ok
14:22:08.0137 2680        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:22:08.0137 2680        NetBT - ok
14:22:08.0153 2680        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:22:08.0153 2680        nfrd960 - ok
14:22:08.0168 2680        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:22:08.0168 2680        Npfs - ok
14:22:08.0184 2680        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:22:08.0184 2680        nsiproxy - ok
14:22:08.0215 2680        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:22:08.0231 2680        Ntfs - ok
14:22:08.0246 2680        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:22:08.0246 2680        Null - ok
14:22:08.0262 2680        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:22:08.0262 2680        nvraid - ok
14:22:08.0262 2680        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:22:08.0262 2680        nvstor - ok
14:22:08.0278 2680        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:22:08.0278 2680        nv_agp - ok
14:22:08.0293 2680        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:22:08.0293 2680        ohci1394 - ok
14:22:08.0309 2680        ossrv          (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys
14:22:08.0309 2680        ossrv - ok
14:22:08.0324 2680        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:22:08.0324 2680        Parport - ok
14:22:08.0324 2680        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:22:08.0324 2680        partmgr - ok
14:22:08.0340 2680        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:22:08.0340 2680        pci - ok
14:22:08.0356 2680        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:22:08.0356 2680        pciide - ok
14:22:08.0356 2680        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:22:08.0356 2680        pcmcia - ok
14:22:08.0371 2680        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:22:08.0371 2680        pcw - ok
14:22:08.0387 2680        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:22:08.0387 2680        PEAUTH - ok
14:22:08.0434 2680        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:08.0434 2680        PptpMiniport - ok
14:22:08.0434 2680        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:22:08.0434 2680        Processor - ok
14:22:08.0449 2680        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:22:08.0449 2680        Psched - ok
14:22:08.0480 2680        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:22:08.0496 2680        ql2300 - ok
14:22:08.0496 2680        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:22:08.0496 2680        ql40xx - ok
14:22:08.0512 2680        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:22:08.0512 2680        QWAVEdrv - ok
14:22:08.0527 2680        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:08.0527 2680        RasAcd - ok
14:22:08.0527 2680        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:08.0527 2680        RasAgileVpn - ok
14:22:08.0543 2680        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:08.0543 2680        Rasl2tp - ok
14:22:08.0558 2680        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:08.0558 2680        RasPppoe - ok
14:22:08.0558 2680        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:08.0558 2680        RasSstp - ok
14:22:08.0574 2680        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:08.0590 2680        rdbss - ok
14:22:08.0590 2680        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:22:08.0590 2680        rdpbus - ok
14:22:08.0605 2680        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:08.0605 2680        RDPCDD - ok
14:22:08.0621 2680        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:22:08.0621 2680        RDPDR - ok
14:22:08.0621 2680        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:22:08.0621 2680        RDPENCDD - ok
14:22:08.0636 2680        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:22:08.0636 2680        RDPREFMP - ok
14:22:08.0652 2680        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:22:08.0652 2680        RDPWD - ok
14:22:08.0668 2680        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:22:08.0668 2680        rdyboost - ok
14:22:08.0683 2680        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:08.0683 2680        rspndr - ok
14:22:08.0699 2680        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:22:08.0699 2680        RTL8167 - ok
14:22:08.0714 2680        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:22:08.0714 2680        s3cap - ok
14:22:08.0714 2680        SASDIFSV - ok
14:22:08.0714 2680        SASKUTIL - ok
14:22:08.0730 2680        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:22:08.0730 2680        sbp2port - ok
14:22:08.0746 2680        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:22:08.0746 2680        scfilter - ok
14:22:08.0761 2680        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:22:08.0761 2680        secdrv - ok
14:22:08.0761 2680        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:22:08.0761 2680        Serenum - ok
14:22:08.0777 2680        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:22:08.0777 2680        Serial - ok
14:22:08.0792 2680        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:22:08.0792 2680        sermouse - ok
14:22:08.0808 2680        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:22:08.0808 2680        sffdisk - ok
14:22:08.0808 2680        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:08.0808 2680        sffp_mmc - ok
14:22:08.0824 2680        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:22:08.0824 2680        sffp_sd - ok
14:22:08.0839 2680        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:22:08.0839 2680        sfloppy - ok
14:22:08.0855 2680        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:22:08.0855 2680        SiSRaid2 - ok
14:22:08.0855 2680        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:22:08.0855 2680        SiSRaid4 - ok
14:22:08.0870 2680        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:22:08.0870 2680        Smb - ok
14:22:08.0886 2680        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:22:08.0886 2680        spldr - ok
14:22:08.0902 2680        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:22:08.0917 2680        srv - ok
14:22:08.0933 2680        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:22:08.0933 2680        srv2 - ok
14:22:08.0948 2680        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:08.0948 2680        srvnet - ok
14:22:08.0964 2680        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:22:08.0964 2680        stexstor - ok
14:22:08.0980 2680        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:22:08.0980 2680        storflt - ok
14:22:08.0995 2680        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:22:08.0995 2680        storvsc - ok
14:22:08.0995 2680        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:22:08.0995 2680        swenum - ok
14:22:09.0042 2680        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:22:09.0058 2680        Tcpip - ok
14:22:09.0089 2680        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:09.0089 2680        TCPIP6 - ok
14:22:09.0104 2680        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:22:09.0104 2680        tcpipreg - ok
14:22:09.0120 2680        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:22:09.0120 2680        TDPIPE - ok
14:22:09.0136 2680        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:22:09.0136 2680        TDTCP - ok
14:22:09.0136 2680        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:22:09.0136 2680        tdx - ok
14:22:09.0151 2680        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:22:09.0151 2680        TermDD - ok
14:22:09.0167 2680        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:09.0167 2680        tssecsrv - ok
14:22:09.0182 2680        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:22:09.0182 2680        TsUsbFlt - ok
14:22:09.0198 2680        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:09.0198 2680        tunnel - ok
14:22:09.0198 2680        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:22:09.0198 2680        uagp35 - ok
14:22:09.0214 2680        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:22:09.0229 2680        udfs - ok
14:22:09.0245 2680        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:22:09.0245 2680        uliagpkx - ok
14:22:09.0245 2680        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:22:09.0245 2680        umbus - ok
14:22:09.0260 2680        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:22:09.0260 2680        UmPass - ok
14:22:09.0276 2680        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:09.0276 2680        usbccgp - ok
14:22:09.0292 2680        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:22:09.0292 2680        usbcir - ok
14:22:09.0292 2680        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:09.0292 2680        usbehci - ok
14:22:09.0307 2680        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:09.0307 2680        usbhub - ok
14:22:09.0323 2680        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:22:09.0323 2680        usbohci - ok
14:22:09.0323 2680        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:09.0323 2680        usbprint - ok
14:22:09.0338 2680        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:09.0338 2680        USBSTOR - ok
14:22:09.0354 2680        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:09.0354 2680        usbuhci - ok
14:22:09.0354 2680        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:22:09.0354 2680        vdrvroot - ok
14:22:09.0370 2680        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:09.0370 2680        vga - ok
14:22:09.0385 2680        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:22:09.0385 2680        VgaSave - ok
14:22:09.0401 2680        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:22:09.0401 2680        vhdmp - ok
14:22:09.0401 2680        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:22:09.0401 2680        viaide - ok
14:22:09.0416 2680        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:22:09.0416 2680        vmbus - ok
14:22:09.0432 2680        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:22:09.0432 2680        VMBusHID - ok
14:22:09.0432 2680        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:22:09.0432 2680        volmgr - ok
14:22:09.0448 2680        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:22:09.0448 2680        volmgrx - ok
14:22:09.0463 2680        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:22:09.0463 2680        volsnap - ok
14:22:09.0479 2680        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:22:09.0479 2680        vsmraid - ok
14:22:09.0494 2680        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:22:09.0494 2680        vwifibus - ok
14:22:09.0494 2680        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:22:09.0494 2680        WacomPen - ok
14:22:09.0510 2680        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:09.0510 2680        WANARP - ok
14:22:09.0510 2680        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:09.0510 2680        Wanarpv6 - ok
14:22:09.0526 2680        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:22:09.0526 2680        Wd - ok
14:22:09.0541 2680        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:22:09.0557 2680        Wdf01000 - ok
14:22:09.0572 2680        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:09.0572 2680        WfpLwf - ok
14:22:09.0588 2680        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:22:09.0588 2680        WIMMount - ok
14:22:09.0604 2680        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:22:09.0619 2680        WmiAcpi - ok
14:22:09.0635 2680        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:09.0635 2680        ws2ifsl - ok
14:22:09.0650 2680        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:22:09.0650 2680        WudfPf - ok
14:22:09.0666 2680        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:09.0666 2680        WUDFRd - ok
14:22:09.0666 2680        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:22:09.0682 2680        \Device\Harddisk0\DR0 - ok
14:22:09.0697 2680        MBR (0x1B8)    (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
14:22:09.0869 2680        \Device\Harddisk1\DR1 - ok
14:22:09.0869 2680        MBR (0x1B8)    (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR2
14:22:10.0009 2680        \Device\Harddisk2\DR2 - ok
14:22:10.0025 2680        MBR (0x1B8)    (b34931cb5ab4a551cc4ef3fcaac10b1a) \Device\Harddisk3\DR3
14:22:10.0025 2680        \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - infected
14:22:10.0025 2680        \Device\Harddisk3\DR3 - detected Rootkit.Boot.Wistler.a (0)
14:22:10.0025 2680        Boot (0x1200)  (adfa03575b4f3b6e35e0e54bea89876f) \Device\Harddisk0\DR0\Partition0
14:22:10.0025 2680        \Device\Harddisk0\DR0\Partition0 - ok
14:22:10.0025 2680        Boot (0x1200)  (1b61523b98189e689985a3a6cd0d5445) \Device\Harddisk1\DR1\Partition0
14:22:10.0025 2680        \Device\Harddisk1\DR1\Partition0 - ok
14:22:10.0025 2680        Boot (0x1200)  (3f52d85a74d8a5c8c2afaae97e450f83) \Device\Harddisk2\DR2\Partition0
14:22:10.0040 2680        \Device\Harddisk2\DR2\Partition0 - ok
14:22:10.0040 2680        Boot (0x1200)  (35d02c479305b3c726e9c4dae215acfe) \Device\Harddisk3\DR3\Partition0
14:22:10.0040 2680        \Device\Harddisk3\DR3\Partition0 - ok
14:22:10.0040 2680        Boot (0x1200)  (7b3d212cdfe9dac44140a512d9a5fb3c) \Device\Harddisk3\DR3\Partition1
14:22:10.0040 2680        \Device\Harddisk3\DR3\Partition1 - ok
14:22:10.0040 2680        Boot (0x1200)  (5146ef7a5568af38a5488467ea96d4b0) \Device\Harddisk3\DR3\Partition2
14:22:10.0040 2680        \Device\Harddisk3\DR3\Partition2 - ok
14:22:10.0040 2680        ============================================================
14:22:10.0040 2680        Scan finished
14:22:10.0040 2680        ============================================================
14:22:10.0056 0712        Detected object count: 1
14:22:10.0056 0712        Actual detected object count: 1
14:22:26.0951 0712        \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - skipped by user
14:22:26.0951 0712        \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - User select action: Skip
14:22:47.0730 4016        Deinitialize success
Was mir noch aufgefallen ist:
Die Funde, die mir Avira meldet, sind von den 3 Partitionen meiner externen Festplatte (I,K,L).

Herzlichen Dank für deine Hilfe!
Gruß,
Andreas

Larusso 06.01.2012 17:51
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort
TDSSKiller Log
Combofix.txt

Ischtan 06.01.2012 20:34
TDSSKiller - ein automatischer Reboot wurde nicht gemacht, ich habe diesen dann manuell ausgeführt - ein installierter Bootloader wurde deaktiviert
Code:
19:17:20.0980 1176        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:17:21.0043 1176        ============================================================
19:17:21.0043 1176        Current date / time: 2012/01/06 19:17:21.0043
19:17:21.0043 1176        SystemInfo:
19:17:21.0043 1176       
19:17:21.0043 1176        OS Version: 6.1.7601 ServicePack: 1.0
19:17:21.0043 1176        Product type: Workstation
19:17:21.0043 1176        ComputerName: TABULARASA
19:17:21.0043 1176        UserName: Andi
19:17:21.0043 1176        Windows directory: C:\Windows
19:17:21.0043 1176        System windows directory: C:\Windows
19:17:21.0043 1176        Running under WOW64
19:17:21.0043 1176        Processor architecture: Intel x64
19:17:21.0043 1176        Number of processors: 4
19:17:21.0043 1176        Page size: 0x1000
19:17:21.0043 1176        Boot type: Normal boot
19:17:21.0043 1176        ============================================================
19:17:28.0110 1176        Initialize success
19:17:50.0199 2400        ============================================================
19:17:50.0199 2400        Scan started
19:17:50.0199 2400        Mode: Manual;
19:17:50.0199 2400        ============================================================
19:17:50.0371 2400        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:17:50.0387 2400        1394ohci - ok
19:17:50.0387 2400        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:17:50.0387 2400        ACPI - ok
19:17:50.0402 2400        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:17:50.0402 2400        AcpiPmi - ok
19:17:50.0418 2400        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:17:50.0418 2400        adp94xx - ok
19:17:50.0433 2400        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:17:50.0433 2400        adpahci - ok
19:17:50.0449 2400        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:17:50.0449 2400        adpu320 - ok
19:17:50.0465 2400        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:17:50.0465 2400        AFD - ok
19:17:50.0480 2400        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:17:50.0480 2400        agp440 - ok
19:17:50.0480 2400        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:17:50.0480 2400        aliide - ok
19:17:50.0496 2400        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:17:50.0496 2400        amdide - ok
19:17:50.0511 2400        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:17:50.0511 2400        AmdK8 - ok
19:17:50.0511 2400        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:17:50.0511 2400        AmdPPM - ok
19:17:50.0527 2400        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:17:50.0527 2400        amdsata - ok
19:17:50.0543 2400        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:17:50.0543 2400        amdsbs - ok
19:17:50.0543 2400        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:17:50.0543 2400        amdxata - ok
19:17:50.0558 2400        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:17:50.0558 2400        AppID - ok
19:17:50.0574 2400        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:17:50.0574 2400        arc - ok
19:17:50.0589 2400        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:17:50.0589 2400        arcsas - ok
19:17:50.0589 2400        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:17:50.0589 2400        AsyncMac - ok
19:17:50.0605 2400        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:17:50.0605 2400        atapi - ok
19:17:50.0667 2400        atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:17:50.0699 2400        atikmdag - ok
19:17:50.0714 2400        atksgt          (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
19:17:50.0714 2400        atksgt - ok
19:17:50.0730 2400        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:17:50.0730 2400        avgntflt - ok
19:17:50.0730 2400        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
19:17:50.0730 2400        avipbb - ok
19:17:50.0745 2400        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:17:50.0745 2400        avkmgr - ok
19:17:50.0761 2400        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:17:50.0761 2400        b06bdrv - ok
19:17:50.0777 2400        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:17:50.0777 2400        b57nd60a - ok
19:17:50.0792 2400        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:17:50.0792 2400        Beep - ok
19:17:50.0792 2400        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:17:50.0808 2400        blbdrive - ok
19:17:50.0808 2400        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:17:50.0808 2400        bowser - ok
19:17:50.0823 2400        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:17:50.0823 2400        BrFiltLo - ok
19:17:50.0823 2400        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:17:50.0823 2400        BrFiltUp - ok
19:17:50.0839 2400        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:17:50.0839 2400        Brserid - ok
19:17:50.0855 2400        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:17:50.0855 2400        BrSerWdm - ok
19:17:50.0855 2400        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:17:50.0855 2400        BrUsbMdm - ok
19:17:50.0870 2400        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:17:50.0870 2400        BrUsbSer - ok
19:17:50.0870 2400        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:17:50.0870 2400        BTHMODEM - ok
19:17:50.0886 2400        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:17:50.0886 2400        cdfs - ok
19:17:50.0901 2400        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:17:50.0901 2400        cdrom - ok
19:17:50.0917 2400        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:17:50.0917 2400        circlass - ok
19:17:50.0933 2400        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:17:50.0933 2400        CLFS - ok
19:17:50.0948 2400        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:17:50.0948 2400        CmBatt - ok
19:17:50.0948 2400        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:17:50.0948 2400        cmdide - ok
19:17:50.0964 2400        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:17:50.0964 2400        CNG - ok
19:17:50.0979 2400        COMMONFX.DLL    (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
19:17:50.0979 2400        COMMONFX.DLL - ok
19:17:50.0979 2400        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:17:50.0979 2400        Compbatt - ok
19:17:50.0995 2400        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:17:50.0995 2400        CompositeBus - ok
19:17:51.0011 2400        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:17:51.0011 2400        crcdisk - ok
19:17:51.0026 2400        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:17:51.0026 2400        CSC - ok
19:17:51.0042 2400        CT20XUT.DLL    (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
19:17:51.0042 2400        CT20XUT.DLL - ok
19:17:51.0057 2400        ctac32k        (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys
19:17:51.0057 2400        ctac32k - ok
19:17:51.0073 2400        ctaud2k        (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys
19:17:51.0089 2400        ctaud2k - ok
19:17:51.0104 2400        CTAUDFX.DLL    (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
19:17:51.0104 2400        CTAUDFX.DLL - ok
19:17:51.0104 2400        CTEAPSFX.DLL    (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
19:17:51.0104 2400        CTEAPSFX.DLL - ok
19:17:51.0120 2400        CTEDSPFX.DLL    (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
19:17:51.0120 2400        CTEDSPFX.DLL - ok
19:17:51.0135 2400        CTEDSPIO.DLL    (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
19:17:51.0135 2400        CTEDSPIO.DLL - ok
19:17:51.0151 2400        CTEDSPSY.DLL    (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
19:17:51.0151 2400        CTEDSPSY.DLL - ok
19:17:51.0151 2400        CTERFXFX.DLL    (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
19:17:51.0167 2400        CTERFXFX.DLL - ok
19:17:51.0182 2400        CTEXFIFX.DLL    (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
19:17:51.0198 2400        CTEXFIFX.DLL - ok
19:17:51.0198 2400        CTHWIUT.DLL    (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
19:17:51.0198 2400        CTHWIUT.DLL - ok
19:17:51.0213 2400        ctprxy2k        (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys
19:17:51.0213 2400        ctprxy2k - ok
19:17:51.0229 2400        CTSBLFX.DLL    (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
19:17:51.0229 2400        CTSBLFX.DLL - ok
19:17:51.0245 2400        ctsfm2k        (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys
19:17:51.0245 2400        ctsfm2k - ok
19:17:51.0260 2400        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:17:51.0260 2400        DfsC - ok
19:17:51.0260 2400        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:17:51.0276 2400        discache - ok
19:17:51.0276 2400        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:17:51.0276 2400        Disk - ok
19:17:51.0291 2400        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:17:51.0291 2400        drmkaud - ok
19:17:51.0307 2400        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:17:51.0323 2400        DXGKrnl - ok
19:17:51.0354 2400        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:17:51.0369 2400        ebdrv - ok
19:17:51.0401 2400        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:17:51.0401 2400        elxstor - ok
19:17:51.0416 2400        emupia          (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys
19:17:51.0416 2400        emupia - ok
19:17:51.0416 2400        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:17:51.0416 2400        ErrDev - ok
19:17:51.0432 2400        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:17:51.0432 2400        exfat - ok
19:17:51.0447 2400        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:17:51.0447 2400        fastfat - ok
19:17:51.0463 2400        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:17:51.0463 2400        fdc - ok
19:17:51.0479 2400        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:17:51.0479 2400        FileInfo - ok
19:17:51.0479 2400        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:17:51.0479 2400        Filetrace - ok
19:17:51.0494 2400        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:17:51.0494 2400        flpydisk - ok
19:17:51.0510 2400        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:17:51.0510 2400        FltMgr - ok
19:17:51.0510 2400        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:17:51.0525 2400        FsDepends - ok
19:17:51.0525 2400        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:17:51.0525 2400        Fs_Rec - ok
19:17:51.0541 2400        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:17:51.0541 2400        fvevol - ok
19:17:51.0541 2400        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:17:51.0541 2400        gagp30kx - ok
19:17:51.0572 2400        ha10kx2k        (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys
19:17:51.0588 2400        ha10kx2k - ok
19:17:51.0588 2400        hap16v2k        (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys
19:17:51.0603 2400        hap16v2k - ok
19:17:51.0603 2400        hap17v2k        (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys
19:17:51.0603 2400        hap17v2k - ok
19:17:51.0619 2400        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:17:51.0619 2400        hcw85cir - ok
19:17:51.0635 2400        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:17:51.0635 2400        HdAudAddService - ok
19:17:51.0635 2400        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:17:51.0635 2400        HDAudBus - ok
19:17:51.0650 2400        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:17:51.0650 2400        HidBatt - ok
19:17:51.0666 2400        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:17:51.0666 2400        HidBth - ok
19:17:51.0666 2400        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:17:51.0666 2400        HidIr - ok
19:17:51.0681 2400        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:17:51.0681 2400        HidUsb - ok
19:17:51.0697 2400        hotcore3        (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys
19:17:51.0697 2400        hotcore3 - ok
19:17:51.0713 2400        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:17:51.0713 2400        HpSAMD - ok
19:17:51.0728 2400        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:17:51.0728 2400        HTTP - ok
19:17:51.0728 2400        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:17:51.0744 2400        hwpolicy - ok
19:17:51.0744 2400        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:17:51.0744 2400        i8042prt - ok
19:17:51.0759 2400        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:17:51.0759 2400        iaStorV - ok
19:17:51.0775 2400        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:17:51.0775 2400        iirsp - ok
19:17:51.0791 2400        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:17:51.0791 2400        intelide - ok
19:17:51.0791 2400        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:17:51.0791 2400        intelppm - ok
19:17:51.0806 2400        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:51.0806 2400        IpFilterDriver - ok
19:17:51.0822 2400        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:17:51.0822 2400        IPMIDRV - ok
19:17:51.0822 2400        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:17:51.0822 2400        IPNAT - ok
19:17:51.0837 2400        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:17:51.0837 2400        IRENUM - ok
19:17:51.0853 2400        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:17:51.0853 2400        isapnp - ok
19:17:51.0853 2400        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:17:51.0853 2400        iScsiPrt - ok
19:17:51.0869 2400        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:17:51.0869 2400        kbdclass - ok
19:17:51.0884 2400        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:17:51.0884 2400        kbdhid - ok
19:17:51.0884 2400        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:17:51.0884 2400        KSecDD - ok
19:17:51.0900 2400        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:17:51.0900 2400        KSecPkg - ok
19:17:51.0915 2400        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:17:51.0915 2400        ksthunk - ok
19:17:51.0931 2400        lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
19:17:51.0931 2400        lirsgt - ok
19:17:51.0931 2400        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:51.0931 2400        lltdio - ok
19:17:51.0947 2400        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:51.0947 2400        LSI_FC - ok
19:17:51.0962 2400        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:51.0962 2400        LSI_SAS - ok
19:17:51.0978 2400        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:51.0978 2400        LSI_SAS2 - ok
19:17:51.0978 2400        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:51.0978 2400        LSI_SCSI - ok
19:17:51.0993 2400        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:17:51.0993 2400        luafv - ok
19:17:51.0993 2400        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:17:52.0009 2400        MBAMProtector - ok
19:17:52.0009 2400        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:17:52.0009 2400        megasas - ok
19:17:52.0025 2400        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:17:52.0025 2400        MegaSR - ok
19:17:52.0040 2400        MHIKEY10        (ba7e071e855d4c502916164a31b05d4d) C:\Windows\system32\Drivers\MHIKEY10x64.sys
19:17:52.0040 2400        MHIKEY10 - ok
19:17:52.0056 2400        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:17:52.0056 2400        Modem - ok
19:17:52.0056 2400        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:17:52.0056 2400        monitor - ok
19:17:52.0071 2400        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:17:52.0071 2400        mouclass - ok
19:17:52.0071 2400        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:52.0071 2400        mouhid - ok
19:17:52.0087 2400        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:17:52.0087 2400        mountmgr - ok
19:17:52.0103 2400        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:17:52.0103 2400        mpio - ok
19:17:52.0103 2400        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:17:52.0103 2400        mpsdrv - ok
19:17:52.0118 2400        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:17:52.0118 2400        MRxDAV - ok
19:17:52.0134 2400        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:52.0134 2400        mrxsmb - ok
19:17:52.0149 2400        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:52.0149 2400        mrxsmb10 - ok
19:17:52.0149 2400        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:52.0149 2400        mrxsmb20 - ok
19:17:52.0181 2400        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:17:52.0181 2400        msahci - ok
19:17:52.0181 2400        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:17:52.0181 2400        msdsm - ok
19:17:52.0196 2400        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:17:52.0196 2400        Msfs - ok
19:17:52.0212 2400        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:17:52.0212 2400        mshidkmdf - ok
19:17:52.0227 2400        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:17:52.0227 2400        msisadrv - ok
19:17:52.0243 2400        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:52.0243 2400        MSKSSRV - ok
19:17:52.0243 2400        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:52.0243 2400        MSPCLOCK - ok
19:17:52.0259 2400        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:17:52.0259 2400        MSPQM - ok
19:17:52.0274 2400        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:17:52.0274 2400        MsRPC - ok
19:17:52.0274 2400        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:17:52.0274 2400        mssmbios - ok
19:17:52.0290 2400        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:17:52.0290 2400        MSTEE - ok
19:17:52.0305 2400        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:17:52.0305 2400        MTConfig - ok
19:17:52.0305 2400        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:17:52.0305 2400        Mup - ok
19:17:52.0321 2400        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:17:52.0321 2400        NativeWifiP - ok
19:17:52.0337 2400        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:17:52.0352 2400        NDIS - ok
19:17:52.0352 2400        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:52.0352 2400        NdisCap - ok
19:17:52.0368 2400        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:52.0368 2400        NdisTapi - ok
19:17:52.0383 2400        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:52.0383 2400        Ndisuio - ok
19:17:52.0383 2400        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:52.0383 2400        NdisWan - ok
19:17:52.0399 2400        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:17:52.0399 2400        NDProxy - ok
19:17:52.0415 2400        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:17:52.0415 2400        NetBIOS - ok
19:17:52.0415 2400        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:17:52.0415 2400        NetBT - ok
19:17:52.0430 2400        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:17:52.0446 2400        nfrd960 - ok
19:17:52.0446 2400        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:17:52.0446 2400        Npfs - ok
19:17:52.0461 2400        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:17:52.0461 2400        nsiproxy - ok
19:17:52.0493 2400        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:17:52.0493 2400        Ntfs - ok
19:17:52.0508 2400        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:17:52.0508 2400        Null - ok
19:17:52.0524 2400        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:17:52.0524 2400        nvraid - ok
19:17:52.0524 2400        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:17:52.0524 2400        nvstor - ok
19:17:52.0539 2400        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:17:52.0539 2400        nv_agp - ok
19:17:52.0555 2400        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:17:52.0555 2400        ohci1394 - ok
19:17:52.0571 2400        ossrv          (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys
19:17:52.0571 2400        ossrv - ok
19:17:52.0586 2400        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:17:52.0586 2400        Parport - ok
19:17:52.0586 2400        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:17:52.0586 2400        partmgr - ok
19:17:52.0602 2400        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:17:52.0602 2400        pci - ok
19:17:52.0617 2400        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:17:52.0617 2400        pciide - ok
19:17:52.0617 2400        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:17:52.0617 2400        pcmcia - ok
19:17:52.0633 2400        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:17:52.0633 2400        pcw - ok
19:17:52.0649 2400        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:17:52.0649 2400        PEAUTH - ok
19:17:52.0680 2400        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:17:52.0680 2400        PptpMiniport - ok
19:17:52.0695 2400        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:17:52.0695 2400        Processor - ok
19:17:52.0711 2400        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:17:52.0711 2400        Psched - ok
19:17:52.0727 2400        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:17:52.0742 2400        ql2300 - ok
19:17:52.0758 2400        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:17:52.0758 2400        ql40xx - ok
19:17:52.0758 2400        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:17:52.0758 2400        QWAVEdrv - ok
19:17:52.0773 2400        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:17:52.0773 2400        RasAcd - ok
19:17:52.0789 2400        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:52.0789 2400        RasAgileVpn - ok
19:17:52.0789 2400        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:52.0789 2400        Rasl2tp - ok
19:17:52.0805 2400        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:52.0805 2400        RasPppoe - ok
19:17:52.0820 2400        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:17:52.0820 2400        RasSstp - ok
19:17:52.0836 2400        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:17:52.0836 2400        rdbss - ok
19:17:52.0836 2400        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:17:52.0836 2400        rdpbus - ok
19:17:52.0851 2400        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:52.0851 2400        RDPCDD - ok
19:17:52.0867 2400        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:17:52.0867 2400        RDPDR - ok
19:17:52.0867 2400        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:17:52.0867 2400        RDPENCDD - ok
19:17:52.0883 2400        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:17:52.0883 2400        RDPREFMP - ok
19:17:52.0898 2400        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:17:52.0898 2400        RDPWD - ok
19:17:52.0914 2400        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:17:52.0914 2400        rdyboost - ok
19:17:52.0929 2400        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:17:52.0929 2400        rspndr - ok
19:17:52.0945 2400        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:17:52.0945 2400        RTL8167 - ok
19:17:52.0961 2400        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:17:52.0961 2400        s3cap - ok
19:17:52.0961 2400        SASDIFSV - ok
19:17:52.0961 2400        SASKUTIL - ok
19:17:52.0976 2400        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:17:52.0976 2400        sbp2port - ok
19:17:52.0992 2400        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:17:52.0992 2400        scfilter - ok
19:17:53.0007 2400        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:17:53.0007 2400        secdrv - ok
19:17:53.0023 2400        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:17:53.0023 2400        Serenum - ok
19:17:53.0023 2400        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:17:53.0023 2400        Serial - ok
19:17:53.0039 2400        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:17:53.0039 2400        sermouse - ok
19:17:53.0054 2400        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:17:53.0054 2400        sffdisk - ok
19:17:53.0070 2400        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:17:53.0070 2400        sffp_mmc - ok
19:17:53.0070 2400        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:17:53.0070 2400        sffp_sd - ok
19:17:53.0085 2400        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:17:53.0085 2400        sfloppy - ok
19:17:53.0101 2400        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:17:53.0101 2400        SiSRaid2 - ok
19:17:53.0101 2400        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:17:53.0117 2400        SiSRaid4 - ok
19:17:53.0117 2400        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:17:53.0117 2400        Smb - ok
19:17:53.0132 2400        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:17:53.0132 2400        spldr - ok
19:17:53.0148 2400        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:17:53.0163 2400        srv - ok
19:17:53.0163 2400        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:17:53.0179 2400        srv2 - ok
19:17:53.0179 2400        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:17:53.0179 2400        srvnet - ok
19:17:53.0195 2400        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:17:53.0195 2400        stexstor - ok
19:17:53.0210 2400        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:17:53.0210 2400        storflt - ok
19:17:53.0226 2400        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:17:53.0226 2400        storvsc - ok
19:17:53.0226 2400        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:17:53.0226 2400        swenum - ok
19:17:53.0273 2400        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:17:53.0273 2400        Tcpip - ok
19:17:53.0304 2400        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:17:53.0319 2400        TCPIP6 - ok
19:17:53.0319 2400        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:17:53.0319 2400        tcpipreg - ok
19:17:53.0335 2400        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:17:53.0335 2400        TDPIPE - ok
19:17:53.0351 2400        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:17:53.0351 2400        TDTCP - ok
19:17:53.0366 2400        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:17:53.0366 2400        tdx - ok
19:17:53.0366 2400        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:17:53.0366 2400        TermDD - ok
19:17:53.0397 2400        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:53.0397 2400        tssecsrv - ok
19:17:53.0397 2400        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:17:53.0397 2400        TsUsbFlt - ok
19:17:53.0413 2400        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:17:53.0413 2400        tunnel - ok
19:17:53.0429 2400        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:17:53.0429 2400        uagp35 - ok
19:17:53.0444 2400        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:17:53.0444 2400        udfs - ok
19:17:53.0460 2400        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:17:53.0460 2400        uliagpkx - ok
19:17:53.0460 2400        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:17:53.0460 2400        umbus - ok
19:17:53.0475 2400        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:17:53.0475 2400        UmPass - ok
19:17:53.0491 2400        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:53.0491 2400        usbccgp - ok
19:17:53.0507 2400        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:17:53.0507 2400        usbcir - ok
19:17:53.0507 2400        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:17:53.0507 2400        usbehci - ok
19:17:53.0522 2400        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:17:53.0522 2400        usbhub - ok
19:17:53.0538 2400        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:17:53.0538 2400        usbohci - ok
19:17:53.0538 2400        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:17:53.0538 2400        usbprint - ok
19:17:53.0553 2400        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:53.0553 2400        USBSTOR - ok
19:17:53.0569 2400        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:17:53.0569 2400        usbuhci - ok
19:17:53.0569 2400        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:17:53.0569 2400        vdrvroot - ok
19:17:53.0585 2400        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:53.0585 2400        vga - ok
19:17:53.0600 2400        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:17:53.0600 2400        VgaSave - ok
19:17:53.0616 2400        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:17:53.0616 2400        vhdmp - ok
19:17:53.0616 2400        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:17:53.0616 2400        viaide - ok
19:17:53.0631 2400        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:17:53.0631 2400        vmbus - ok
19:17:53.0647 2400        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:17:53.0647 2400        VMBusHID - ok
19:17:53.0647 2400        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:17:53.0647 2400        volmgr - ok
19:17:53.0663 2400        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:17:53.0663 2400        volmgrx - ok
19:17:53.0678 2400        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:17:53.0678 2400        volsnap - ok
19:17:53.0694 2400        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:17:53.0694 2400        vsmraid - ok
19:17:53.0694 2400        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:17:53.0694 2400        vwifibus - ok
19:17:53.0709 2400        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:17:53.0709 2400        WacomPen - ok
19:17:53.0725 2400        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:53.0725 2400        WANARP - ok
19:17:53.0725 2400        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:53.0725 2400        Wanarpv6 - ok
19:17:53.0741 2400        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:17:53.0741 2400        Wd - ok
19:17:53.0756 2400        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:17:53.0772 2400        Wdf01000 - ok
19:17:53.0787 2400        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:53.0787 2400        WfpLwf - ok
19:17:53.0803 2400        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:17:53.0803 2400        WIMMount - ok
19:17:53.0819 2400        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:17:53.0819 2400        WmiAcpi - ok
19:17:53.0850 2400        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:17:53.0850 2400        ws2ifsl - ok
19:17:53.0865 2400        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:17:53.0865 2400        WudfPf - ok
19:17:53.0865 2400        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:53.0881 2400        WUDFRd - ok
19:17:53.0881 2400        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:17:53.0897 2400        \Device\Harddisk0\DR0 - ok
19:17:53.0912 2400        MBR (0x1B8)    (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk1\DR1
19:17:54.0084 2400        \Device\Harddisk1\DR1 - ok
19:17:54.0084 2400        MBR (0x1B8)    (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR2
19:17:54.0224 2400        \Device\Harddisk2\DR2 - ok
19:17:54.0224 2400        MBR (0x1B8)    (b34931cb5ab4a551cc4ef3fcaac10b1a) \Device\Harddisk3\DR3
19:17:54.0224 2400        \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - infected
19:17:54.0224 2400        \Device\Harddisk3\DR3 - detected Rootkit.Boot.Wistler.a (0)
19:17:54.0224 2400        Boot (0x1200)  (adfa03575b4f3b6e35e0e54bea89876f) \Device\Harddisk0\DR0\Partition0
19:17:54.0224 2400        \Device\Harddisk0\DR0\Partition0 - ok
19:17:54.0240 2400        Boot (0x1200)  (1b61523b98189e689985a3a6cd0d5445) \Device\Harddisk1\DR1\Partition0
19:17:54.0240 2400        \Device\Harddisk1\DR1\Partition0 - ok
19:17:54.0240 2400        Boot (0x1200)  (3f52d85a74d8a5c8c2afaae97e450f83) \Device\Harddisk2\DR2\Partition0
19:17:54.0240 2400        \Device\Harddisk2\DR2\Partition0 - ok
19:17:54.0240 2400        Boot (0x1200)  (35d02c479305b3c726e9c4dae215acfe) \Device\Harddisk3\DR3\Partition0
19:17:54.0240 2400        \Device\Harddisk3\DR3\Partition0 - ok
19:17:54.0240 2400        Boot (0x1200)  (7b3d212cdfe9dac44140a512d9a5fb3c) \Device\Harddisk3\DR3\Partition1
19:17:54.0255 2400        \Device\Harddisk3\DR3\Partition1 - ok
19:17:54.0255 2400        Boot (0x1200)  (5146ef7a5568af38a5488467ea96d4b0) \Device\Harddisk3\DR3\Partition2
19:17:54.0255 2400        \Device\Harddisk3\DR3\Partition2 - ok
19:17:54.0255 2400        ============================================================
19:17:54.0255 2400        Scan finished
19:17:54.0255 2400        ============================================================
19:17:54.0271 2600        Detected object count: 1
19:17:54.0271 2600        Actual detected object count: 1
19:17:59.0013 2600        \Device\Harddisk3\DR3 - processing error
19:18:14.0348 2600        \Device\Harddisk3\DR3 - restored
19:18:14.0348 2600        \Device\Harddisk3\DR3 ( Rootkit.Boot.Wistler.a ) - User select action: Cure Restore
19:18:28.0841 2700        Deinitialize success
Combofix
[code]
Combofix Logfile:
Code:
ComboFix 12-01-06.01 - Andi 06.01.2012  20:16:13.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4095.2910 [GMT 1:00]
ausgeführt von:: c:\users\Andi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-06 19:19 . 2012-01-06 19:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-06 13:22 . 2011-11-30 01:21        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{124D8571-834A-4D9D-BEFC-567495CF4F74}\mpengine.dll
2012-01-04 17:39 . 2012-01-06 19:12        --------        d-----w-        c:\users\Andi\AppData\Roaming\Dropbox
2012-01-03 23:30 . 2012-01-03 23:30        --------        d-----w-        c:\program files (x86)\ESET
2012-01-03 17:53 . 2012-01-03 17:53        --------        d-----w-        c:\users\Andi\AppData\Roaming\Malwarebytes
2012-01-03 17:53 . 2012-01-03 17:53        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-03 17:53 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-03 17:41 . 2012-01-03 17:41        --------        d-----w-        c:\users\Andi\AppData\Roaming\Canneverbe Limited
2012-01-03 17:41 . 2012-01-03 17:41        --------        d-----w-        c:\programdata\Canneverbe Limited
2012-01-03 17:16 . 2012-01-03 17:16        --------        d-----w-        c:\programdata\DesktopIcons
2012-01-03 17:16 . 2012-01-03 17:16        --------        d-----w-        c:\users\Andi\AppData\Roaming\1&1 Mail & Media GmbH
2012-01-02 22:19 . 2012-01-02 22:19        --------        d-----w-        c:\users\Andi\AppData\Local\Diagnostics
2012-01-02 16:36 . 2012-01-02 16:36        --------        d-----w-        c:\users\Andi\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 16:36 . 2012-01-02 16:36        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-01-02 16:05 . 2012-01-02 16:05        --------        d-----w-        c:\program files\CCleaner
2012-01-02 16:01 . 2012-01-02 16:01        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-01-02 16:01 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2012-01-02 16:01 . 2011-02-19 12:04        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-01-02 16:01 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-01-02 16:01 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-01-02 16:01 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2011-12-29 00:30 . 2011-12-29 00:30        --------        d-----w-        c:\users\Andi\AppData\Roaming\vlc
2011-12-28 13:37 . 2011-12-28 13:37        --------        d-----w-        c:\users\Andi\AppData\Roaming\ProgSense
2011-12-28 13:37 . 2011-12-30 02:57        --------        d-----w-        c:\users\Andi\AppData\Roaming\Orbit
2011-12-27 19:22 . 2011-12-27 19:22        --------        d-----w-        c:\users\Andi\AppData\Local\My Games
2011-12-27 19:08 . 2011-12-27 19:08        --------        d-----w-        c:\users\Andi\AppData\Local\Funcom
2011-12-25 20:10 . 2011-12-25 20:10        --------        d-----w-        c:\programdata\Panda Security
2011-12-25 20:10 . 2011-12-25 20:10        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2011-12-23 19:05 . 2007-01-01 20:03        40960        ----a-r-        c:\windows\SysWow64\psfind.dll
2011-12-23 19:05 . 2006-07-11 18:43        1060864        ----a-w-        c:\windows\SysWow64\mfc71.dll
2011-12-23 19:05 . 2006-07-11 18:35        503808        ----a-w-        c:\windows\SysWow64\MSVCP71.dll
2011-12-23 18:02 . 2011-12-23 18:02        --------        d-----w-        c:\programdata\createonepart
2011-12-23 17:59 . 2011-12-23 17:59        --------        d-----w-        c:\programdata\redistpart
2011-12-23 17:59 . 2011-12-23 17:59        --------        d-----w-        c:\programdata\explauncher
2011-12-23 17:59 . 2011-12-23 17:59        --------        d-----w-        c:\programdata\launcher
2011-12-23 17:53 . 2011-12-23 17:53        --------        dc----w-        c:\windows\system32\DRVSTORE
2011-12-23 17:53 . 2011-05-17 17:53        37456        ----a-w-        c:\windows\system32\drivers\hotcore3.sys
2011-12-23 17:53 . 2011-12-23 17:53        --------        d-----w-        c:\program files (x86)\Paragon Software
2011-12-23 11:25 . 2011-12-23 11:25        --------        d-----w-        c:\windows\SysWow64\xlive
2011-12-18 17:42 . 2012-01-06 18:19        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2011-12-18 13:39 . 2011-12-18 15:45        310728        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-12-18 13:39 . 2011-12-18 13:39        42696        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-12-18 12:48 . 2011-12-18 13:00        2829        ----a-w-        c:\windows\War3Unin.pif
2011-12-18 12:48 . 2011-12-18 13:00        139264        ----a-w-        c:\windows\War3Unin.exe
2011-12-18 12:18 . 2011-12-18 12:26        967        ----a-w-        c:\windows\ScUnin.pif
2011-12-18 12:18 . 2011-12-18 12:26        69632        ----a-w-        c:\windows\ScUnin.exe
2011-12-18 12:04 . 2011-12-18 12:04        --------        d-----w-        c:\windows\SysWow64\AGEIA
2011-12-18 12:04 . 2011-12-18 12:04        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2011-12-18 12:04 . 2011-12-18 12:04        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2011-12-18 11:31 . 2011-12-18 12:55        --------        d-----w-        c:\users\Andi\AppData\Roaming\Bioshock
2011-12-18 11:31 . 2011-12-18 11:31        --------        d--h--r-        c:\users\Andi\AppData\Roaming\SecuROM
2011-12-18 11:28 . 2011-12-27 19:08        --------        d-----w-        c:\programdata\Media Center Programs
2011-12-18 11:26 . 2011-12-18 11:26        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
2011-12-17 22:27 . 2011-12-17 22:27        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-12-16 16:17 . 2011-12-16 16:17        --------        d-----w-        c:\users\Andi\restore
2011-12-16 16:05 . 2011-12-18 17:38        --------        d-----w-        c:\programdata\tmp
2011-12-16 16:05 . 2011-12-16 16:05        --------        d-----w-        c:\programdata\hps
2011-12-16 15:27 . 2011-12-16 15:27        --------        d-----w-        c:\programdata\Hewlett-Packard
2011-12-16 15:27 . 2009-07-14 01:41        230400        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-12-16 15:25 . 2011-12-16 15:25        --------        d-----w-        c:\program files\Okidata
2011-12-16 15:25 . 2008-04-16 00:17        119296        ----a-w-        c:\windows\system32\opnetext.dll
2011-12-16 15:25 . 2011-12-16 15:25        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield
2011-12-16 15:24 . 2007-04-26 13:21        29184        ----a-w-        c:\windows\system32\OKLMON64.DLL
2011-12-16 15:24 . 2011-12-16 15:28        --------        d-----w-        c:\programdata\OPPU
2011-12-16 15:24 . 2008-03-27 17:25        38912        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\OPPUPP3.DLL
2011-12-16 15:24 . 2007-07-19 10:27        54784        ----a-w-        c:\windows\system32\OPUSBEXT.DLL
2011-12-16 15:24 . 2007-03-14 21:59        39936        ----a-w-        c:\windows\system32\OPEXTUAC.DLL
2011-12-15 16:37 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-15 16:37 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-15 16:37 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-15 16:37 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-12-15 16:37 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-15 16:37 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-12-13 20:51 . 2011-12-13 20:51        --------        d-----w-        c:\windows\PCHEALTH
2011-12-13 20:47 . 2011-12-13 20:47        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
2011-12-13 20:47 . 2011-12-13 20:47        --------        d-----w-        c:\users\Andi\AppData\Local\Microsoft Help
2011-12-13 20:47 . 2011-12-17 22:28        --------        d-----w-        c:\programdata\Microsoft Help
2011-12-13 20:47 . 2011-12-13 20:47        --------        d-----r-        C:\MSOCache
2011-12-12 21:38 . 2011-12-12 21:38        --------        d-----w-        c:\users\Andi\AppData\Local\Adobe
2011-12-12 21:36 . 2011-12-12 21:36        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2011-12-12 16:50 . 2011-12-13 20:51        --------        d-----w-        c:\program files (x86)\Microsoft.NET
2011-12-11 15:42 . 2011-12-11 15:42        --------        d-----w-        c:\users\Andi\AppData\Local\Thunderbird
2011-12-11 15:42 . 2011-12-11 15:42        --------        d-----w-        c:\users\Andi\AppData\Roaming\Thunderbird
2011-12-11 15:41 . 2011-11-21 04:21        134104        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-12-10 16:52 . 2011-12-10 16:52        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2011-12-10 16:52 . 2011-12-10 16:52        --------        d-----w-        c:\windows\system32\wbem\en-US
2011-12-10 16:35 . 2011-12-10 16:37        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-10 16:35 . 2011-12-10 16:35        --------        d-----w-        c:\windows\SysWow64\Macromed
2011-12-10 16:20 . 2011-12-10 16:20        --------        d-----w-        c:\users\Andi\AppData\Local\Opera
2011-12-10 16:17 . 2008-10-27 09:04        514384        ----a-w-        c:\windows\SysWow64\XAudio2_3.dll
2011-12-10 16:17 . 2008-10-27 09:04        235856        ----a-w-        c:\windows\SysWow64\xactengine3_3.dll
2011-12-10 16:17 . 2008-10-27 09:04        23376        ----a-w-        c:\windows\SysWow64\X3DAudio1_5.dll
2011-12-10 16:17 . 2008-10-27 09:04        70992        ----a-w-        c:\windows\SysWow64\XAPOFX1_2.dll
2011-12-10 16:17 . 2008-05-30 13:19        507400        ----a-w-        c:\windows\SysWow64\XAudio2_1.dll
2011-12-10 16:17 . 2008-05-30 13:18        238088        ----a-w-        c:\windows\SysWow64\xactengine3_1.dll
2011-12-10 16:17 . 2008-05-30 13:17        65032        ----a-w-        c:\windows\SysWow64\XAPOFX1_0.dll
2011-12-10 16:17 . 2008-05-30 13:17        25608        ----a-w-        c:\windows\SysWow64\X3DAudio1_4.dll
2011-12-10 16:17 . 2008-05-30 13:11        467984        ----a-w-        c:\windows\SysWow64\d3dx10_38.dll
2011-12-10 16:17 . 2008-05-30 13:11        3850760        ----a-w-        c:\windows\SysWow64\D3DX9_38.dll
2011-12-10 16:17 . 2008-05-30 13:11        1491992        ----a-w-        c:\windows\SysWow64\D3DCompiler_38.dll
2011-12-10 16:14 . 2011-12-10 16:23        --------        d-----w-        c:\program files (x86)\Opera
2011-12-10 16:08 . 2011-12-10 16:08        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2011-12-10 16:05 . 2011-12-23 20:27        --------        d--h--w-        c:\program files (x86)\InstallShield Installation Information
2011-12-10 16:04 . 2011-12-10 16:04        --------        d-----w-        c:\users\Andi\AppData\Roaming\InstallShield
2011-12-10 15:53 . 2011-12-10 15:53        8192        ----a-r-        c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2011-12-10 15:53 . 2011-12-10 15:53        6144        ----a-r-        c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2011-12-10 15:53 . 2011-12-10 15:53        11264        ----a-r-        c:\users\Andi\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2011-12-10 15:50 . 2011-12-10 15:50        --------        d-----w-        c:\windows\system32\SPReview
2011-12-10 15:50 . 2011-12-10 15:50        --------        d-----w-        c:\windows\system32\EventProviders
2011-12-10 15:49 . 2011-12-10 15:49        --------        d-----w-        c:\users\Andi\AppData\Local\2DBoy
2011-12-10 15:49 . 2011-12-10 15:49        --------        d-----w-        c:\programdata\2DBoy
2011-12-10 15:46 . 2010-11-20 13:27        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
2011-12-10 15:45 . 2010-11-20 13:27        529408        ----a-w-        c:\windows\system32\wbemcomn.dll
2011-12-10 15:45 . 2010-11-20 13:27        244736        ----a-w-        c:\program files\Windows Portable Devices\sqmapi.dll
2011-12-10 15:45 . 2010-11-20 13:27        244736        ----a-w-        c:\windows\system32\sqmapi.dll
2011-12-10 15:41 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-12-10 15:41 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll
2011-12-10 15:41 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll
2011-12-10 12:50 . 2011-12-10 13:02        --------        d-----w-        C:\Games to not install
2011-12-10 12:44 . 2011-12-18 11:33        --------        d-----w-        C:\saves
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 05:42 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2011-12-11 05:42 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-12-10 14:33 . 2011-10-20 20:44        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-15 13:29 . 2011-10-20 19:34        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-10-20 20:11 . 2011-10-20 20:11        431104        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-10-20 20:11 . 2011-10-20 20:11        409600        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2011-10-20 20:11 . 2011-10-20 20:11        136192        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-10-20 20:11 . 2011-10-20 20:11        114688        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2011-10-11 13:00 . 2011-10-20 20:44        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-20 20:44        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\programme\Steam\steam.exe" [2011-12-18 1242448]
"SUPERAntiSpyware"="p:\program files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="p:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Andi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;p:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;p:\program files (x86)\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;p:\program files (x86)\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;p:\program files (x86)\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Andi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\v4yoyhxf.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_home
FF - prefs.js: keyword.URL - hxxp://go.web.de/tb2/mff_keyurl_search/?su=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)
HKLM-Run-AsioReg - CTASIO.DLL
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3644321233-799333344-2366422095-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2a,d2,41,a5,0a,34,e6,8a,42,a6,4f,0a,c5,bf,0d,8e,0a,fd,fc,15,45,c0,21,
  91,50,ad,12,fb,0d,23,88,15,34,7b,6f,aa,f5,5f,c0,08,e9,6b,d7,0e,02,37,bf,12,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-3644321233-799333344-2366422095-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:99,7a,5d,8d,ae,17,5e,ec,18,8d,1a,0d,5d,18,85,50,a7,6f,f1,c8,b8,
  11,0c,1f,62,45,38,fe,ca,5a,02,8c,0b,21,98,e3,a9,c9,41,3f,b3,86,94,18,df,d2,\
"rkeysecu"=hex:b3,be,9a,00,0f,90,af,59,79,32,6c,7e,3e,8c,a6,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-06  20:22:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-06 19:22
.
Vor Suchlauf: 8 Verzeichnis(se), 60.373.127.168 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 59.852.042.240 Bytes frei
.
- - End Of File - - 3101AFCC5436D609F40A79F1AE7FF5E4
--- --- ---

Larusso 06.01.2012 21:14
Hy, wie läuft der Rechner ?



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Ischtan 07.01.2012 10:01
Hallo, der Rechner läuft einwandfrei.

ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 07:58:39
# local_time=2012-01-04 08:58:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6490135 6490135 0 0
# compatibility_mode=5893 16776573 100 94 4018 77263484 0 0
# compatibility_mode=8192 67108863 100 0 3799 3799 0 0
# scanned=823140
# found=3
# cleaned=0
# scan_time=73485
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll        probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean)        00000000000000000000000000000000        I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766        a variant of Java/Agent.DW trojan (unable to clean)        00000000000000000000000000000000        I
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f        multiple threats (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e4aa13dd9617104a869f31ec2f23b4b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 07:47:35
# local_time=2012-01-07 08:47:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6752834 6752834 0 0
# compatibility_mode=5893 16776573 100 94 21604 77526183 0 0
# compatibility_mode=8192 67108863 100 0 266498 266498 0 0
# scanned=821511
# found=1
# cleaned=0
# scan_time=26121
K:\Programme\NoNameScript3.81-Ischtan\script\dlls\stdio.dll        probably a variant of Win32/IRCBot.BWELRFB trojan (unable to clean)        00000000000000000000000000000000        I
Außerdem meldet mir Avira beim Systemstart nun folgendes:
Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 7. Januar 2012  09:57

Es wird nach 3031180 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : TABULARASA

Versionsinformationen:
BUILD.DAT      : 12.0.0.872    41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE    : 12.1.0.18    490448 Bytes  26.10.2011 15:51:09
AVSCAN.DLL    : 12.1.0.17      65744 Bytes  11.10.2011 12:59:58
LUKE.DLL      : 12.1.0.17      68304 Bytes  11.10.2011 12:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  10.12.2011 14:33:48
AVREG.DLL      : 12.1.0.27    227536 Bytes  10.12.2011 14:33:48
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 20:06:44
VBASE003.VDF  : 7.11.19.171    2048 Bytes  20.12.2011 20:06:44
VBASE004.VDF  : 7.11.19.172    2048 Bytes  20.12.2011 20:06:44
VBASE005.VDF  : 7.11.19.173    2048 Bytes  20.12.2011 20:06:44
VBASE006.VDF  : 7.11.19.174    2048 Bytes  20.12.2011 20:06:44
VBASE007.VDF  : 7.11.19.175    2048 Bytes  20.12.2011 20:06:44
VBASE008.VDF  : 7.11.19.176    2048 Bytes  20.12.2011 20:06:44
VBASE009.VDF  : 7.11.19.177    2048 Bytes  20.12.2011 20:06:44
VBASE010.VDF  : 7.11.19.178    2048 Bytes  20.12.2011 20:06:44
VBASE011.VDF  : 7.11.19.179    2048 Bytes  20.12.2011 20:06:44
VBASE012.VDF  : 7.11.19.180    2048 Bytes  20.12.2011 20:06:44
VBASE013.VDF  : 7.11.19.217  182784 Bytes  22.12.2011 22:09:44
VBASE014.VDF  : 7.11.19.255  148480 Bytes  24.12.2011 15:08:53
VBASE015.VDF  : 7.11.20.29    164352 Bytes  27.12.2011 22:32:28
VBASE016.VDF  : 7.11.20.70    180224 Bytes  29.12.2011 23:40:50
VBASE017.VDF  : 7.11.20.102  240640 Bytes  02.01.2012 15:27:27
VBASE018.VDF  : 7.11.20.139  164864 Bytes  04.01.2012 17:07:34
VBASE019.VDF  : 7.11.20.178  167424 Bytes  06.01.2012 17:07:33
VBASE020.VDF  : 7.11.20.179    2048 Bytes  06.01.2012 17:07:33
VBASE021.VDF  : 7.11.20.180    2048 Bytes  06.01.2012 17:07:33
VBASE022.VDF  : 7.11.20.181    2048 Bytes  06.01.2012 17:07:33
VBASE023.VDF  : 7.11.20.182    2048 Bytes  06.01.2012 17:07:33
VBASE024.VDF  : 7.11.20.183    2048 Bytes  06.01.2012 17:07:33
VBASE025.VDF  : 7.11.20.184    2048 Bytes  06.01.2012 17:07:33
VBASE026.VDF  : 7.11.20.185    2048 Bytes  06.01.2012 17:07:33
VBASE027.VDF  : 7.11.20.186    2048 Bytes  06.01.2012 17:07:33
VBASE028.VDF  : 7.11.20.187    2048 Bytes  06.01.2012 17:07:33
VBASE029.VDF  : 7.11.20.188    2048 Bytes  06.01.2012 17:07:33
VBASE030.VDF  : 7.11.20.189    2048 Bytes  06.01.2012 17:07:33
VBASE031.VDF  : 7.11.20.192    2560 Bytes  06.01.2012 17:07:33
Engineversion  : 8.2.8.18 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 15:51:08
AESCRIPT.DLL  : 8.1.3.95      479612 Bytes  28.12.2011 23:16:01
AESCN.DLL      : 8.1.7.2      127349 Bytes  01.09.2011 21:46:02
AESBX.DLL      : 8.2.4.5      434549 Bytes  10.12.2011 14:33:45
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.15.1      770423 Bytes  13.12.2011 16:35:25
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  29.12.2011 23:40:54
AEHEUR.DLL    : 8.1.3.14    4260216 Bytes  29.12.2011 23:40:53
AEHELP.DLL    : 8.1.18.0      254327 Bytes  26.10.2011 15:51:06
AEGEN.DLL      : 8.1.5.17      405877 Bytes  10.12.2011 14:33:43
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.24.3      201079 Bytes  28.12.2011 23:15:58
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL    : 12.1.0.19    208848 Bytes  10.12.2011 14:33:46
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f074bb5\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 7. Januar 2012  09:57

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766
  [0] Archivtyp: ZIP
  --> report/Generator.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.U
  --> report/HDDDetect.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.T

Beginne mit der Desinfektion:
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
  [WARNUNG]  Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 7. Januar 2012  09:58
Benötigte Zeit: 00:13 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    656 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    654 Dateien ohne Befall
      2 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise
  22635 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden


Die Suchergebnisse werden an den Guard übermittelt.
und
Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 7. Januar 2012  09:57

Es wird nach 3031180 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : TABULARASA

Versionsinformationen:
BUILD.DAT      : 12.0.0.872    41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE    : 12.1.0.18    490448 Bytes  26.10.2011 15:51:09
AVSCAN.DLL    : 12.1.0.17      65744 Bytes  11.10.2011 12:59:58
LUKE.DLL      : 12.1.0.17      68304 Bytes  11.10.2011 12:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  10.12.2011 14:33:48
AVREG.DLL      : 12.1.0.27    227536 Bytes  10.12.2011 14:33:48
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 20:06:44
VBASE003.VDF  : 7.11.19.171    2048 Bytes  20.12.2011 20:06:44
VBASE004.VDF  : 7.11.19.172    2048 Bytes  20.12.2011 20:06:44
VBASE005.VDF  : 7.11.19.173    2048 Bytes  20.12.2011 20:06:44
VBASE006.VDF  : 7.11.19.174    2048 Bytes  20.12.2011 20:06:44
VBASE007.VDF  : 7.11.19.175    2048 Bytes  20.12.2011 20:06:44
VBASE008.VDF  : 7.11.19.176    2048 Bytes  20.12.2011 20:06:44
VBASE009.VDF  : 7.11.19.177    2048 Bytes  20.12.2011 20:06:44
VBASE010.VDF  : 7.11.19.178    2048 Bytes  20.12.2011 20:06:44
VBASE011.VDF  : 7.11.19.179    2048 Bytes  20.12.2011 20:06:44
VBASE012.VDF  : 7.11.19.180    2048 Bytes  20.12.2011 20:06:44
VBASE013.VDF  : 7.11.19.217  182784 Bytes  22.12.2011 22:09:44
VBASE014.VDF  : 7.11.19.255  148480 Bytes  24.12.2011 15:08:53
VBASE015.VDF  : 7.11.20.29    164352 Bytes  27.12.2011 22:32:28
VBASE016.VDF  : 7.11.20.70    180224 Bytes  29.12.2011 23:40:50
VBASE017.VDF  : 7.11.20.102  240640 Bytes  02.01.2012 15:27:27
VBASE018.VDF  : 7.11.20.139  164864 Bytes  04.01.2012 17:07:34
VBASE019.VDF  : 7.11.20.178  167424 Bytes  06.01.2012 17:07:33
VBASE020.VDF  : 7.11.20.179    2048 Bytes  06.01.2012 17:07:33
VBASE021.VDF  : 7.11.20.180    2048 Bytes  06.01.2012 17:07:33
VBASE022.VDF  : 7.11.20.181    2048 Bytes  06.01.2012 17:07:33
VBASE023.VDF  : 7.11.20.182    2048 Bytes  06.01.2012 17:07:33
VBASE024.VDF  : 7.11.20.183    2048 Bytes  06.01.2012 17:07:33
VBASE025.VDF  : 7.11.20.184    2048 Bytes  06.01.2012 17:07:33
VBASE026.VDF  : 7.11.20.185    2048 Bytes  06.01.2012 17:07:33
VBASE027.VDF  : 7.11.20.186    2048 Bytes  06.01.2012 17:07:33
VBASE028.VDF  : 7.11.20.187    2048 Bytes  06.01.2012 17:07:33
VBASE029.VDF  : 7.11.20.188    2048 Bytes  06.01.2012 17:07:33
VBASE030.VDF  : 7.11.20.189    2048 Bytes  06.01.2012 17:07:33
VBASE031.VDF  : 7.11.20.192    2560 Bytes  06.01.2012 17:07:33
Engineversion  : 8.2.8.18 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 15:51:08
AESCRIPT.DLL  : 8.1.3.95      479612 Bytes  28.12.2011 23:16:01
AESCN.DLL      : 8.1.7.2      127349 Bytes  01.09.2011 21:46:02
AESBX.DLL      : 8.2.4.5      434549 Bytes  10.12.2011 14:33:45
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.15.1      770423 Bytes  13.12.2011 16:35:25
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  29.12.2011 23:40:54
AEHEUR.DLL    : 8.1.3.14    4260216 Bytes  29.12.2011 23:40:53
AEHELP.DLL    : 8.1.18.0      254327 Bytes  26.10.2011 15:51:06
AEGEN.DLL      : 8.1.5.17      405877 Bytes  10.12.2011 14:33:43
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.24.3      201079 Bytes  28.12.2011 23:15:58
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL    : 12.1.0.19    208848 Bytes  10.12.2011 14:33:46
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f074bb5\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 7. Januar 2012  09:57

Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440
  [0] Archivtyp: ZIP
  --> main.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
Beginne mit der Suche in 'W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f'
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f
  [0] Archivtyp: ZIP
  --> photo/Zoom.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CH.2

Beginne mit der Desinfektion:
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CH.2
  [WARNUNG]  Die Datei wurde ignoriert.
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
  [WARNUNG]  Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 7. Januar 2012  09:58
Benötigte Zeit: 00:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    659 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    657 Dateien ohne Befall
      3 Archive wurden durchsucht
      2 Warnungen
      0 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

Larusso 07.01.2012 10:37
Was ist denn W für eine Partition ? Ich sehe nämlich kein installiertes Java in den Logs

Ischtan 07.01.2012 13:48
Partition W beinhaltet mein altes Windows XP System (welches ich noch nicht komplett deinstalliert habe, da ich das Windows 7 System erst einmal komplett aufsetzen wollte)

Larusso 07.01.2012 16:12
Noch umständlicher kann man sich das Leben nicht machen.

Ist dieses Win XP noch bootfähig bzw in Verwendung ?

Ischtan 07.01.2012 18:40
Zitat:
Zitat von Larusso (Beitrag 750024)
Noch umständlicher kann man sich das Leben nicht machen.
Auf der einen Seite ja, auf der anderen nein. So hatte ich die Möglichkeit ein 2. Betriebsystem hochzuziehen, und trotzdem gleichzeitig ein lauffähiges zu haben, da es aus zeitgründen nicht auf einmal ging.

Zitat:
Zitat von Larusso (Beitrag 750024)
Ist dieses Win XP noch bootfähig bzw in Verwendung ?
Sowhol als auch, ja.

Larusso 08.01.2012 00:27
Dann lass bitte folgendes Tool auf der XP Partition laufen.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Wenn du keine weiteren Probleme mehr hast, sind wir hier fertig.
Bitte folge den letzten paar Schritten.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Ischtan 08.01.2012 11:43
Das werde ich nächstes Wochenende machen, begebe mich gerade in den Urlaub. Herzlichen Dank schon einmal für deine Hilfe!

Ischtan 15.01.2012 15:38
Ich habe TFC nun aus Eindows XP heraus gestartet und es hat einiges entfernt. Allerdings hat mir Avira danach beim Win7 Start folgendes gemeldet:
Code:
In der Datei 'C:\Users\Andi\Desktop\ComboFix.exe'
wurde ein Virus oder unerwünschtes Programm 'RKIT/Agent.4374153' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Daraufhin habe ich eine vollständige Systemprüfung mit Avira durchgeführt, welche folgendes Ergebnis lieferte:
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 14. Januar 2012  19:29

Es wird nach 3069807 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : Andi
Computername  : TABULARASA

Versionsinformationen:
BUILD.DAT      : 12.0.0.872    41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE    : 12.1.0.18    490448 Bytes  26.10.2011 15:51:09
AVSCAN.DLL    : 12.1.0.17      65744 Bytes  11.10.2011 12:59:58
LUKE.DLL      : 12.1.0.17      68304 Bytes  11.10.2011 12:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  10.12.2011 14:33:48
AVREG.DLL      : 12.1.0.27    227536 Bytes  10.12.2011 14:33:48
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 20:06:44
VBASE003.VDF  : 7.11.19.171    2048 Bytes  20.12.2011 20:06:44
VBASE004.VDF  : 7.11.19.172    2048 Bytes  20.12.2011 20:06:44
VBASE005.VDF  : 7.11.19.173    2048 Bytes  20.12.2011 20:06:44
VBASE006.VDF  : 7.11.19.174    2048 Bytes  20.12.2011 20:06:44
VBASE007.VDF  : 7.11.19.175    2048 Bytes  20.12.2011 20:06:44
VBASE008.VDF  : 7.11.19.176    2048 Bytes  20.12.2011 20:06:44
VBASE009.VDF  : 7.11.19.177    2048 Bytes  20.12.2011 20:06:44
VBASE010.VDF  : 7.11.19.178    2048 Bytes  20.12.2011 20:06:44
VBASE011.VDF  : 7.11.19.179    2048 Bytes  20.12.2011 20:06:44
VBASE012.VDF  : 7.11.19.180    2048 Bytes  20.12.2011 20:06:44
VBASE013.VDF  : 7.11.19.217  182784 Bytes  22.12.2011 22:09:44
VBASE014.VDF  : 7.11.19.255  148480 Bytes  24.12.2011 15:08:53
VBASE015.VDF  : 7.11.20.29    164352 Bytes  27.12.2011 22:32:28
VBASE016.VDF  : 7.11.20.70    180224 Bytes  29.12.2011 23:40:50
VBASE017.VDF  : 7.11.20.102  240640 Bytes  02.01.2012 15:27:27
VBASE018.VDF  : 7.11.20.139  164864 Bytes  04.01.2012 17:07:34
VBASE019.VDF  : 7.11.20.178  167424 Bytes  06.01.2012 17:07:33
VBASE020.VDF  : 7.11.20.207  230400 Bytes  10.01.2012 18:08:15
VBASE021.VDF  : 7.11.20.236  150528 Bytes  11.01.2012 18:08:19
VBASE022.VDF  : 7.11.21.13    135168 Bytes  13.01.2012 18:08:23
VBASE023.VDF  : 7.11.21.14      2048 Bytes  13.01.2012 18:08:23
VBASE024.VDF  : 7.11.21.15      2048 Bytes  13.01.2012 18:08:23
VBASE025.VDF  : 7.11.21.16      2048 Bytes  13.01.2012 18:08:23
VBASE026.VDF  : 7.11.21.17      2048 Bytes  13.01.2012 18:08:23
VBASE027.VDF  : 7.11.21.18      2048 Bytes  13.01.2012 18:08:23
VBASE028.VDF  : 7.11.21.19      2048 Bytes  13.01.2012 18:08:25
VBASE029.VDF  : 7.11.21.20      2048 Bytes  13.01.2012 18:08:25
VBASE030.VDF  : 7.11.21.21      2048 Bytes  13.01.2012 18:08:25
VBASE031.VDF  : 7.11.21.28    26112 Bytes  13.01.2012 18:08:25
Engineversion  : 8.2.8.26 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 15:51:08
AESCRIPT.DLL  : 8.1.3.97      426363 Bytes  13.01.2012 18:09:28
AESCN.DLL      : 8.1.7.2      127349 Bytes  01.09.2011 21:46:02
AESBX.DLL      : 8.2.4.5      434549 Bytes  10.12.2011 14:33:45
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.15.1      770423 Bytes  13.12.2011 16:35:25
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  29.12.2011 23:40:54
AEHEUR.DLL    : 8.1.3.18    4297079 Bytes  13.01.2012 18:09:23
AEHELP.DLL    : 8.1.18.0      254327 Bytes  26.10.2011 15:51:06
AEGEN.DLL      : 8.1.5.17      405877 Bytes  10.12.2011 14:33:43
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.24.3      201079 Bytes  28.12.2011 23:15:58
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL    : 12.1.0.19    208848 Bytes  10.12.2011 14:33:46
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, H:, I:, K:, L:, P:, W:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Samstag, 14. Januar 2012  19:29

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'H:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'I:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'K:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'L:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'P:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'W:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Eine Instanz der ARK Library läuft bereits.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBVaccine.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'CtHelper.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4982' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Andi\Desktop\ComboFix.exe
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 4a875aaa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\' <Games>
Beginne mit der Suche in 'H:\' <Data>
Beginne mit der Suche in 'I:\' <Elements>
Beginne mit der Suche in 'K:\' <PROGRAMS>
Beginne mit der Suche in 'L:\' <Carol>
Beginne mit der Suche in 'P:\' <Programme>
Beginne mit der Suche in 'W:\' <Windows>
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\4a11719b-10256766
  [0] Archivtyp: ZIP
  --> report/Generator.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.U
  --> report/HDDDetect.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.T
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 522d8f6f.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48\7e736370-62c7e440
  [0] Archivtyp: ZIP
  --> main.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 0078d58d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
W:\Dokumente und Einstellungen\Andi\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50\c25df2-2b28b28f
  [0] Archivtyp: ZIP
  --> photo/Zoom.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CH.2
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 66419a70.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.


Ende des Suchlaufs: Sonntag, 15. Januar 2012  02:21
Benötigte Zeit:  6:52:39 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

 143097 Verzeichnisse wurden überprüft
 2706125 Dateien wurden geprüft
      5 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      4 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      4 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 2706120 Dateien ohne Befall
  25389 Archive wurden durchsucht
      0 Warnungen
      4 Hinweise
Ich habe danach auf dem XP System weiter aufgeräumt und auch Java deinstalliert, und dann auf dem Win 7 System noch einmal einen Scan mit Avira ausgeführt und keinen Virus mehr gefunden.

Ich habe aufgrund der obigen Ereignisse mit dem Deinstallieren von Combofix, usw. noch nicht angefangen.

Larusso 15.01.2012 19:15
Ja, die AVP Firmen haben derzeit nen Fehler und finden in CF wiedermal alles mögliche. Nicht ungewöhnlich bei unseren Tools

In der Datei 'C:\Users\Andi\Desktop\ComboFix.exe'

Wäre ne Idee, CF einfach zu deinstallieren oder ;)

Ischtan 17.01.2012 23:10
Habe alles wieder entfernt wie vorgeschlagen, den PC sicherer gemacht und finde auch keine Viren mehr. Herzlichen Dank für die Hilfe!

Larusso 18.01.2012 07:29
Froh das wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131