Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.11.2011, 16:43   #1
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Icon27

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Moin,
Als ich neulich so durch Facebook surfte und einen Link zu einen lustigen Foto anklickte, und zur Seite Pic2lol.com gelangte kam eine Meldung von Adobe Reader, er könne eine bestimmte Datei nicht öffen, und die Frage ob er den Script weiterausführen solle ( Die ich prompt mit nein beantwortete) Zack der Bundestrojaner schon wieder Den Pc (windows 7) habe ich dann neu gestartet, Avira & Malewarebytes drüber laufen lassen. GEfunden wurden mehrere Viren. Hab die Viren in Quarantäne verschoben und dann dummerweise in Panik gelöscht

Der Pc leistet alles ganz normal.

MELDUNGEN:

[spoiler]Exportierte Ereignisse:

07.11.2011 01:06 [Scanner] Malware gefunden
Die Datei 'C:\Users\Skinhead\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\UOX4V3UQ\info[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.DU.55' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4afb8156.qua'
verschoben! IST IMMERNOCH IN QUARANTÄNE!
-------------------------------
07.11.2011 00:22 [Scanner] Malware gefunden
Die Datei
'C:\Users\Skinhead\AppData\Local\Mozilla\Firefox\Profiles\yyttfpot.default\Cache
\A\B7\EEFF9d01'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Pdfka.QG' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b4dbd3f.qua'
verschoben!
------------------------------
07.11.2011 00:15 [Guard] Malware gefunden
In der Datei
'C:\Users\Skinhead\AppData\Local\Mozilla\Firefox\Profiles\yyttfpot.default\Cache
\A\B7\EEFF9d01'
wurde ein Virus oder unerwünschtes Programm 'EXP/Pdfka.QG' [exploit] gefunden.
Ausgeführte Aktion: Zugriff erlauben
------------------------------
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8101

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07.11.2011 01:32:54
mbam-log-2011-11-07 (01-32-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 272050
Laufzeit: 24 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Skinhead\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\WCQAYN1M\contacts[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Skinhead\AppData\Roaming\mahmud.exe (Trojan.Agent) -> Quarantined and deleted successfully.
---------------------------
[/spoiler]

so und hier der OTL-log
[spoiler]OTL logfile created on: 07.11.2011 16:31:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Skinhead\Desktop\Dokumente
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,59% Memory free
8,00 Gb Paging File | 5,99 Gb Available in Paging File | 74,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1316,07 Gb Free Space | 94,20% Space Free | Partition Type: NTFS
Drive D: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: SCHORSCHI | User Name: Skinhead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Skinhead\Desktop\Dokumente\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
PRC - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\ASDR.exe ()
PRC - C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe (TODO: <Company name>)
PRC - C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll ()
MOD - C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OLED.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\LED.dll ()
MOD - C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll ()
MOD - C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ASDR) -- C:\Windows\SysWOW64\ASDR.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.21 20:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 01:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 10:20:49 | 000,000,000 | ---D | M]

[2011.06.24 15:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skinhead\AppData\Roaming\mozilla\Extensions
[2011.10.28 10:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.28 14:26:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.06.24 21:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.28 10:20:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 01:50:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 01:50:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 01:50:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 01:50:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 01:50:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 01:50:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 01:50:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [avupdate] C:\Users\Skinhead\AppData\Roaming\jashla.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412A6EC9-6E58-4FBB-8D18-9195EFCA503E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.07 15:46:08 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{969D61F6-C2EA-4352-A08F-CBC6FE404744}
[2011.11.07 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2691D98A-7F75-4408-B3D2-57E56A91CA8B}
[2011.11.07 00:24:42 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{266F9D67-0FEA-4DBF-8904-D7E1D165D113}
[2011.11.07 00:24:31 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{38EE765B-645F-43BF-A609-F41C7302F771}
[2011.11.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{47DC539A-9960-4507-94AC-2DEE277FDBBE}
[2011.11.06 20:22:05 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{B8EDC192-803A-4ED8-8697-3B97310A79D1}
[2011.11.06 13:54:26 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{658E8811-51F5-41FA-BA37-889C25D6EEC9}
[2011.11.06 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{080446AF-5D73-4414-831B-8FE6EC51B2AB}
[2011.11.05 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{681CE882-6AC2-44CE-81E2-B06A74DCCD12}
[2011.11.05 15:00:44 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CFE9DFB4-C7CB-4C60-8BD1-1D5E384981D6}
[2011.11.04 14:52:49 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E191E191-90C9-4AFD-AA6A-E7B150D9B3DE}
[2011.11.04 14:52:32 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{452ECA83-3BBE-414D-84B4-D5D16BFBAF3F}
[2011.11.03 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{C9EA4F4E-D53B-495D-9C97-F883A9C77DA7}
[2011.11.03 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{EA14A11F-71A9-45FA-80B5-2BC9B7388151}
[2011.11.03 17:04:35 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{DFCBE90C-E6D4-46FE-B4F8-673FBA4116D9}
[2011.11.03 17:04:24 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6B29E367-8E67-4369-81D2-87825944475D}
[2011.11.03 14:41:56 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2609F749-3C48-47EF-A58F-D73D92FCC606}
[2011.11.03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E4859773-93B5-4BF3-B89A-2AAEF7B917D2}
[2011.11.02 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CD171D58-3231-4AE3-B06A-11DC7D014A10}
[2011.11.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6BB20E04-4491-4A53-B007-3414A930F23B}
[2011.11.01 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A4B1CE31-5F2A-4ECF-B84C-DCEBFE059555}
[2011.11.01 17:14:44 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{7B3C8A73-DDBE-4035-90DB-30000AA8CC54}
[2011.11.01 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F505DEAE-0D1B-4C35-B072-109204A2AE54}
[2011.10.31 21:41:12 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.10.31 21:41:12 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011.10.31 21:41:12 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011.10.31 21:41:12 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011.10.31 21:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.10.31 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{C653513B-EC17-443A-B54D-0F764ED8D688}
[2011.10.31 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{698C2681-3001-47CF-812A-0200EF2CC161}
[2011.10.30 19:53:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CA98E587-8A5A-4972-8830-076112DE0FAF}
[2011.10.30 19:53:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F9D71461-93D8-4A58-AB43-E1AC6AE7634B}
[2011.10.29 17:49:47 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Roaming\.minecraft
[2011.10.29 14:28:11 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6C27BB97-E2FD-4C90-866E-942F5B67E9F9}
[2011.10.28 10:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.28 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.10.28 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.10.28 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.28 10:20:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.10.28 10:20:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.10.28 10:20:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.10.28 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{486C6F31-D7CD-4652-A038-BB9482E6DDC7}
[2011.10.28 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CD49091A-6C31-4DE4-A6C1-0A06A5BF950D}
[2011.10.17 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{15E3DF37-5A69-4BCA-B8E3-391FBC16EF95}
[2011.10.17 15:20:21 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F003B939-E9BF-4450-B800-AC48348A046B}
[2011.10.16 21:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.10.16 21:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.10.16 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{1EBAB55E-331E-4560-BA85-01DD27AC3F3D}
[2011.10.16 18:59:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2C898E0E-79A5-4662-AB5A-95AB4F749C7E}
[2011.10.16 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{138EEB47-B47F-4933-861D-FD1DFA9466B9}
[2011.10.16 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{342DC22C-1DED-4BAC-81B1-4BA2C58829B7}
[2011.10.16 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{067BE829-928F-4F63-9DE7-0C6AC9C662FD}
[2011.10.14 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F3C35706-7001-4E2E-B210-44A91D79BD30}
[2011.10.14 14:13:38 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{B90B0624-CE21-4B66-B5E9-BE0482858DFF}
[2011.10.14 06:50:43 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A39EE134-BE92-4445-AAF9-2E836E3C205F}
[2011.10.13 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{5B0B6821-BC0F-482C-A050-C3122AC00AC5}
[2011.10.13 18:10:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A3C48E67-326D-4245-BD40-68D1519299E4}
[2011.10.13 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E1BE8B7C-671E-45E7-8D49-BA593E9BDE65}
[2011.10.13 14:56:39 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{60DD20CB-01E3-4689-8436-587C2E990D11}
[2011.10.12 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{82CEB80B-0C6B-46F4-B866-C2BE40131916}
[2011.10.12 13:48:00 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F1437164-C5C1-4CCB-87B2-A11123DF7CA2}
[2011.10.12 10:34:50 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.12 10:34:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.12 10:34:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.12 10:34:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.12 10:34:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.12 10:34:50 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.12 10:34:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.12 10:34:39 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.12 10:34:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.12 10:34:39 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.12 10:34:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.12 10:34:22 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.12 10:34:22 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.12 10:28:03 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6A72974A-D835-4CFB-8CCB-D81ADD4B88A9}
[2011.10.09 19:36:23 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{C880230B-E482-4522-91C0-1DC01CEFB739}
[2011.10.09 19:36:11 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{49AD6CD5-AF29-4A55-B3EB-22F334988B8B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.07 15:51:45 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 15:51:45 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 15:44:42 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 15:44:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 15:44:23 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.07 01:34:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 00:01:37 | 000,005,873 | ---- | M] () -- C:\Users\Skinhead\.recently-used.xbel
[2011.11.06 18:56:44 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.06 18:56:44 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.06 18:56:44 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.06 18:56:44 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.06 18:56:44 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.31 21:40:57 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2011.10.31 21:40:57 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2011.10.31 21:40:57 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2011.10.31 21:40:56 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.10.31 21:12:26 | 000,001,252 | ---- | M] () -- C:\Users\Skinhead\Desktop\Minecraft.lnk
[2011.10.29 18:12:49 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011.10.28 10:28:40 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.10.13 14:55:41 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.09 20:02:07 | 000,000,000 | -H-- | M] () -- C:\Users\Skinhead\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.07 00:01:37 | 000,005,873 | ---- | C] () -- C:\Users\Skinhead\.recently-used.xbel
[2011.10.31 21:12:26 | 000,001,252 | ---- | C] () -- C:\Users\Skinhead\Desktop\Minecraft.lnk
[2011.10.29 18:12:38 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011.10.28 10:28:40 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.10.28 10:17:53 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.09 20:02:07 | 000,000,000 | -H-- | C] () -- C:\Users\Skinhead\Documents\Default.rdp
[2011.09.26 22:51:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.07.16 01:05:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.07.16 01:05:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.07.16 01:05:36 | 000,031,177 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.07.16 00:55:39 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.16 00:55:39 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.07.16 00:54:14 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.09 15:34:12 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,023,468 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.27 10:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011.10.31 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\.minecraft
[2011.09.27 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Azureus
[2011.07.16 01:06:29 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\DeviceVm
[2011.11.07 00:01:37 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\gtk-2.0
[2011.09.02 14:45:10 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SharePod
[2011.10.03 23:08:01 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SoftGrid Client
[2011.07.09 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\TP
[2011.07.20 17:34:34 | 000,029,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >[/spoiler]

Ich hoffe die Infos sind ausreichend.
Bedank mich schonmal im voraus für Hilfe!

Alt 07.11.2011, 19:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 08.11.2011, 22:26   #3
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Nur diese beiden noch, aber die sagen nichts aus...
[spoiler]
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8101

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07.11.2011 01:36:03
mbam-log-2011-11-07 (01-36-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172022
Laufzeit: 1 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
---------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7251

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

23.07.2011 18:23:21
mbam-log-2011-07-23 (18-23-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 273510
Laufzeit: 22 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
[/spoiler]

DAnke ersteinmal für die schnelle antwort
__________________

Alt 09.11.2011, 09:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.11.2011, 15:10   #5
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



So, done

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=811203630fe4d14ba97f04cfe690e7bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-09 01:57:12
# local_time=2011-11-09 02:57:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 63495 57376683 56290 0
# compatibility_mode=5893 16776573 100 94 11577 72474670 0 0
# compatibility_mode=8192 67108863 100 0 3736 3736 0 0
# scanned=112036
# found=1
# cleaned=0
# scan_time=2212
C:\Users\Skinhead\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y42VP61I\main[1] Win32/LockScreen.AHO trojan (unable to clean) 00000000000000000000000000000000 I


Alt 10.11.2011, 09:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe

Alt 10.11.2011, 16:56   #7
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



SO! hier der OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.11.2011 16:42:30 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Skinhead\Desktop\Dokumente
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,15% Memory free
8,00 Gb Paging File | 6,40 Gb Available in Paging File | 80,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,17 Gb Total Space | 1311,47 Gb Free Space | 93,87% Space Free | Partition Type: NTFS
Drive D: | 4,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SCHORSCHI | User Name: Skinhead | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Skinhead\Desktop\Dokumente\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
PRC - C:\Windows\SysWOW64\ASDR.exe ()
PRC - C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe (TODO: <Company name>)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OLED.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\SysInfo.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\OvrClk.dll ()
MOD - C:\Program Files (x86)\ASUS\Direct Console\LED.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ATKFUSService) -- C:\Windows\SysNative\ATKFUSService.exe (ASUSTeK COMPUTER INC.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ASDR) -- C:\Windows\SysWOW64\ASDR.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (EIO64) -- C:\Windows\SysNative\drivers\EIO64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (IOMap) -- C:\Windows\SysNative\drivers\IOMap64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (atkdisplf) -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.21 20:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.03 01:50:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.28 10:20:49 | 000,000,000 | ---D | M]
 
[2011.06.24 15:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skinhead\AppData\Roaming\mozilla\Extensions
[2011.10.28 10:20:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.28 14:26:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.06.24 21:47:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.28 10:20:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.10.03 01:50:23 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.03 01:50:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 01:50:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.03 01:50:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.03 01:50:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 01:50:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 01:50:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [avupdate] C:\Users\Skinhead\AppData\Roaming\jashla.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412A6EC9-6E58-4FBB-8D18-9195EFCA503E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.10 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{D4C04AD3-252A-4571-893D-BF10B8CB928F}
[2011.11.10 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2DCAB914-61FF-48F0-91ED-1BDE9F216E93}
[2011.11.09 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{ACEB42AA-D523-432D-BEF6-3AB7FC99A698}
[2011.11.09 20:50:35 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{3ABEE733-312E-4E51-AC06-A0E37626EABA}
[2011.11.09 18:42:51 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F98F0EB9-8326-4D4A-9672-E727CA585D40}
[2011.11.09 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{EB827C61-6370-4B72-9724-195BEB1288E7}
[2011.11.09 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{0A969EC5-954A-4F1C-9FB2-F2525324AEB0}
[2011.11.09 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{EBD1C2A4-96AD-4498-99C6-22F11F7FB714}
[2011.11.09 14:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.09 12:06:06 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{DF03AAB7-3710-4F5C-9D74-88496C7A499E}
[2011.11.08 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{8F2C14A8-2CC0-4462-B78F-B72DD358B2EB}
[2011.11.08 21:40:29 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F3EB5E15-EF80-4816-AA84-B6BF11EDE48D}
[2011.11.07 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2DCCDEFF-E7F8-45D5-913B-BAC29606DB4B}
[2011.11.07 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{7F40DE8C-54FD-44AE-97DB-F81877235213}
[2011.11.07 15:46:08 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{969D61F6-C2EA-4352-A08F-CBC6FE404744}
[2011.11.07 15:45:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2691D98A-7F75-4408-B3D2-57E56A91CA8B}
[2011.11.07 00:24:42 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{266F9D67-0FEA-4DBF-8904-D7E1D165D113}
[2011.11.07 00:24:31 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{38EE765B-645F-43BF-A609-F41C7302F771}
[2011.11.06 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{47DC539A-9960-4507-94AC-2DEE277FDBBE}
[2011.11.06 20:22:05 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{B8EDC192-803A-4ED8-8697-3B97310A79D1}
[2011.11.06 13:54:26 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{658E8811-51F5-41FA-BA37-889C25D6EEC9}
[2011.11.06 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{080446AF-5D73-4414-831B-8FE6EC51B2AB}
[2011.11.05 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{681CE882-6AC2-44CE-81E2-B06A74DCCD12}
[2011.11.05 15:00:44 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CFE9DFB4-C7CB-4C60-8BD1-1D5E384981D6}
[2011.11.04 14:52:49 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E191E191-90C9-4AFD-AA6A-E7B150D9B3DE}
[2011.11.04 14:52:32 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{452ECA83-3BBE-414D-84B4-D5D16BFBAF3F}
[2011.11.03 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{C9EA4F4E-D53B-495D-9C97-F883A9C77DA7}
[2011.11.03 20:18:41 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{EA14A11F-71A9-45FA-80B5-2BC9B7388151}
[2011.11.03 17:04:35 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{DFCBE90C-E6D4-46FE-B4F8-673FBA4116D9}
[2011.11.03 17:04:24 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6B29E367-8E67-4369-81D2-87825944475D}
[2011.11.03 14:41:56 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2609F749-3C48-47EF-A58F-D73D92FCC606}
[2011.11.03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E4859773-93B5-4BF3-B89A-2AAEF7B917D2}
[2011.11.02 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CD171D58-3231-4AE3-B06A-11DC7D014A10}
[2011.11.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6BB20E04-4491-4A53-B007-3414A930F23B}
[2011.11.01 17:14:56 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A4B1CE31-5F2A-4ECF-B84C-DCEBFE059555}
[2011.11.01 17:14:44 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{7B3C8A73-DDBE-4035-90DB-30000AA8CC54}
[2011.11.01 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F505DEAE-0D1B-4C35-B072-109204A2AE54}
[2011.10.31 21:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.10.31 15:06:34 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{C653513B-EC17-443A-B54D-0F764ED8D688}
[2011.10.31 15:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{698C2681-3001-47CF-812A-0200EF2CC161}
[2011.10.30 19:53:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CA98E587-8A5A-4972-8830-076112DE0FAF}
[2011.10.30 19:53:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F9D71461-93D8-4A58-AB43-E1AC6AE7634B}
[2011.10.29 17:49:47 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Roaming\.minecraft
[2011.10.29 14:28:11 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6C27BB97-E2FD-4C90-866E-942F5B67E9F9}
[2011.10.28 10:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.10.28 10:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.10.28 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.10.28 10:26:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.10.28 10:21:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.28 10:14:25 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{486C6F31-D7CD-4652-A038-BB9482E6DDC7}
[2011.10.28 10:14:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{CD49091A-6C31-4DE4-A6C1-0A06A5BF950D}
[2011.10.17 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{15E3DF37-5A69-4BCA-B8E3-391FBC16EF95}
[2011.10.17 15:20:21 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F003B939-E9BF-4450-B800-AC48348A046B}
[2011.10.16 21:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.10.16 21:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.10.16 19:00:06 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{1EBAB55E-331E-4560-BA85-01DD27AC3F3D}
[2011.10.16 18:59:55 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{2C898E0E-79A5-4662-AB5A-95AB4F749C7E}
[2011.10.16 17:23:16 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{138EEB47-B47F-4933-861D-FD1DFA9466B9}
[2011.10.16 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{342DC22C-1DED-4BAC-81B1-4BA2C58829B7}
[2011.10.16 15:58:32 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{067BE829-928F-4F63-9DE7-0C6AC9C662FD}
[2011.10.14 14:13:50 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F3C35706-7001-4E2E-B210-44A91D79BD30}
[2011.10.14 14:13:38 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{B90B0624-CE21-4B66-B5E9-BE0482858DFF}
[2011.10.14 06:50:43 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A39EE134-BE92-4445-AAF9-2E836E3C205F}
[2011.10.13 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{5B0B6821-BC0F-482C-A050-C3122AC00AC5}
[2011.10.13 18:10:46 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{A3C48E67-326D-4245-BD40-68D1519299E4}
[2011.10.13 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{E1BE8B7C-671E-45E7-8D49-BA593E9BDE65}
[2011.10.13 14:56:39 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{60DD20CB-01E3-4689-8436-587C2E990D11}
[2011.10.12 13:48:12 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{82CEB80B-0C6B-46F4-B866-C2BE40131916}
[2011.10.12 13:48:00 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{F1437164-C5C1-4CCB-87B2-A11123DF7CA2}
[2011.10.12 10:28:03 | 000,000,000 | ---D | C] -- C:\Users\Skinhead\AppData\Local\{6A72974A-D835-4CFB-8CCB-D81ADD4B88A9}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.10 16:39:37 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 16:39:37 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 16:34:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.10 16:32:30 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.10 16:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.10 16:31:57 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.09 23:22:36 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.09 23:22:36 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.09 23:22:36 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.09 23:22:36 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.09 23:22:36 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.09 12:04:59 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.07 00:01:37 | 000,005,873 | ---- | M] () -- C:\Users\Skinhead\.recently-used.xbel
[2011.10.31 21:12:26 | 000,001,252 | ---- | M] () -- C:\Users\Skinhead\Desktop\Minecraft.lnk
[2011.10.29 18:12:49 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011.10.28 10:28:40 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.07 00:01:37 | 000,005,873 | ---- | C] () -- C:\Users\Skinhead\.recently-used.xbel
[2011.10.31 21:12:26 | 000,001,252 | ---- | C] () -- C:\Users\Skinhead\Desktop\Minecraft.lnk
[2011.10.29 18:12:38 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\TES Construction Set (Oblivion).lnk
[2011.10.28 10:28:40 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.10.28 10:17:53 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.09.26 22:51:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.07.16 01:05:53 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.07.16 01:05:53 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.07.16 01:05:36 | 000,031,177 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.07.16 00:55:39 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.16 00:55:39 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011.07.16 00:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011.07.16 00:54:14 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.09 15:34:12 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.24 00:59:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.24 00:59:37 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.24 00:59:37 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.05.07 01:22:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.07 01:05:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.07 01:04:59 | 000,023,468 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.27 10:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\ASDR.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.10.31 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\.minecraft
[2011.09.27 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Azureus
[2011.07.16 01:06:29 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\DeviceVm
[2011.11.07 00:01:37 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\gtk-2.0
[2011.09.02 14:45:10 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SharePod
[2011.10.03 23:08:01 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SoftGrid Client
[2011.07.09 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\TP
[2011.07.20 17:34:34 | 000,030,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.31 21:16:53 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\.minecraft
[2011.07.17 03:25:00 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Adobe
[2011.10.14 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Apple Computer
[2011.07.16 00:55:02 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\ATI
[2011.07.23 05:22:43 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Avira
[2011.09.27 23:33:20 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Azureus
[2011.07.16 01:06:29 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\DeviceVm
[2011.08.01 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\DivX
[2011.11.07 00:01:37 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\gtk-2.0
[2011.06.24 15:02:09 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Identities
[2011.06.24 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Macromedia
[2011.07.23 16:58:44 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Malwarebytes
[2010.11.21 08:00:23 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Media Center Programs
[2011.09.20 15:26:20 | 000,000,000 | --SD | M] -- C:\Users\Skinhead\AppData\Roaming\Microsoft
[2011.06.24 15:09:17 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Mozilla
[2011.09.02 14:45:10 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SharePod
[2011.07.01 00:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Skype
[2011.10.03 23:08:01 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\SoftGrid Client
[2011.09.01 23:05:42 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\Toribash
[2011.07.09 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\TP
[2011.06.24 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Skinhead\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.23 15:27:58 | 000,270,142 | ---- | M] () -- C:\Users\Skinhead\AppData\Roaming\.minecraft\Minecraft.exe
[2011.09.11 15:03:11 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Skinhead\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.09.27 21:07:09 | 009,044,408 | ---- | M] (Vuze Inc.) -- C:\Users\Skinhead\AppData\Roaming\Azureus\tmp\AZU7035126968704263985.tmp\Vuze_4.7.0.0_win32.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---


Komplizierter Mist

Alt 10.11.2011, 21:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [avupdate] C:\Users\Skinhead\AppData\Roaming\jashla.exe File not found
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2011, 23:05   #9
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Ausgeführt sir!

Das sagt er mir :
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Skinhead
->Temp folder emptied: 3097035915 bytes
->Temporary Internet Files folder emptied: 105754399 bytes
->Java cache emptied: 2896662 bytes
->FireFox cache emptied: 225607968 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 326800 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 113369990 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 78376 bytes
 
Total Files Cleaned = 3.382,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11102011_225116

Files\Folders moved on Reboot...
C:\Users\Skinhead\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Wenn das damit schon erledigt wär, ein herzliches DANKESCHÖN für die schnelle Hilfe h:

Alt 11.11.2011, 10:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.11.2011, 23:24   #11
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Waär durch, hier das Log, ich hoffe ich hab alles richtig gemacht

Code:
ATTFilter
23:17:44.0463 2628	TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
23:17:44.0724 2628	============================================================
23:17:44.0724 2628	Current date / time: 2011/11/13 23:17:44.0724
23:17:44.0724 2628	SystemInfo:
23:17:44.0724 2628	
23:17:44.0724 2628	OS Version: 6.1.7601 ServicePack: 1.0
23:17:44.0724 2628	Product type: Workstation
23:17:44.0724 2628	ComputerName: SCHORSCHI
23:17:44.0725 2628	UserName: Skinhead
23:17:44.0725 2628	Windows directory: C:\Windows
23:17:44.0725 2628	System windows directory: C:\Windows
23:17:44.0725 2628	Running under WOW64
23:17:44.0725 2628	Processor architecture: Intel x64
23:17:44.0725 2628	Number of processors: 6
23:17:44.0725 2628	Page size: 0x1000
23:17:44.0725 2628	Boot type: Normal boot
23:17:44.0725 2628	============================================================
23:17:45.0626 2628	Initialize success
23:18:48.0016 6992	============================================================
23:18:48.0016 6992	Scan started
23:18:48.0016 6992	Mode: Manual; SigCheck; TDLFS; 
23:18:48.0016 6992	============================================================
23:18:48.0549 6992	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:18:48.0617 6992	1394ohci - ok
23:18:48.0632 6992	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:18:48.0642 6992	ACPI - ok
23:18:48.0648 6992	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:18:48.0725 6992	AcpiPmi - ok
23:18:48.0754 6992	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:18:48.0784 6992	adp94xx - ok
23:18:48.0794 6992	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:18:48.0809 6992	adpahci - ok
23:18:48.0826 6992	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:18:48.0838 6992	adpu320 - ok
23:18:48.0881 6992	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:18:48.0940 6992	AFD - ok
23:18:48.0962 6992	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:18:48.0985 6992	agp440 - ok
23:18:49.0003 6992	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:18:49.0015 6992	aliide - ok
23:18:49.0031 6992	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:18:49.0042 6992	amdide - ok
23:18:49.0050 6992	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:18:49.0072 6992	AmdK8 - ok
23:18:49.0283 6992	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
23:18:49.0467 6992	amdkmdag - ok
23:18:49.0571 6992	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:18:49.0612 6992	amdkmdap - ok
23:18:49.0635 6992	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:18:49.0667 6992	AmdPPM - ok
23:18:49.0701 6992	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:18:49.0712 6992	amdsata - ok
23:18:49.0745 6992	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:18:49.0777 6992	amdsbs - ok
23:18:49.0796 6992	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:18:49.0808 6992	amdxata - ok
23:18:49.0880 6992	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:18:50.0038 6992	AppID - ok
23:18:50.0066 6992	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:18:50.0076 6992	arc - ok
23:18:50.0084 6992	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:18:50.0095 6992	arcsas - ok
23:18:50.0113 6992	AsIO - ok
23:18:50.0147 6992	asusgsb         (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
23:18:50.0184 6992	asusgsb - ok
23:18:50.0218 6992	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:50.0370 6992	AsyncMac - ok
23:18:50.0404 6992	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:18:50.0426 6992	atapi - ok
23:18:50.0491 6992	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
23:18:50.0721 6992	AtiHDAudioService - ok
23:18:50.0741 6992	atkdisplf       (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
23:18:50.0764 6992	atkdisplf - ok
23:18:50.0841 6992	atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
23:18:50.0875 6992	atksgt - ok
23:18:50.0921 6992	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:18:50.0938 6992	avgntflt - ok
23:18:50.0954 6992	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:18:50.0972 6992	avipbb - ok
23:18:51.0010 6992	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:18:51.0051 6992	b06bdrv - ok
23:18:51.0074 6992	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:18:51.0101 6992	b57nd60a - ok
23:18:51.0125 6992	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:18:51.0168 6992	Beep - ok
23:18:51.0201 6992	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:18:51.0237 6992	blbdrive - ok
23:18:51.0262 6992	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:18:51.0317 6992	bowser - ok
23:18:51.0328 6992	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:18:51.0357 6992	BrFiltLo - ok
23:18:51.0364 6992	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:18:51.0383 6992	BrFiltUp - ok
23:18:51.0405 6992	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:18:51.0448 6992	Brserid - ok
23:18:51.0455 6992	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:18:51.0482 6992	BrSerWdm - ok
23:18:51.0488 6992	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:18:51.0500 6992	BrUsbMdm - ok
23:18:51.0507 6992	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:18:51.0525 6992	BrUsbSer - ok
23:18:51.0532 6992	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:18:51.0553 6992	BTHMODEM - ok
23:18:51.0570 6992	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:18:51.0610 6992	cdfs - ok
23:18:51.0634 6992	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:18:51.0663 6992	cdrom - ok
23:18:51.0686 6992	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:18:51.0715 6992	circlass - ok
23:18:51.0747 6992	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:18:51.0758 6992	CLFS - ok
23:18:51.0771 6992	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:18:51.0788 6992	CmBatt - ok
23:18:51.0795 6992	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:18:51.0804 6992	cmdide - ok
23:18:51.0822 6992	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:18:51.0852 6992	CNG - ok
23:18:51.0864 6992	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:18:51.0873 6992	Compbatt - ok
23:18:51.0900 6992	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:18:51.0954 6992	CompositeBus - ok
23:18:51.0968 6992	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:18:51.0980 6992	crcdisk - ok
23:18:52.0003 6992	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:18:52.0053 6992	DfsC - ok
23:18:52.0070 6992	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:18:52.0114 6992	discache - ok
23:18:52.0130 6992	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:18:52.0141 6992	Disk - ok
23:18:52.0185 6992	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:18:52.0235 6992	drmkaud - ok
23:18:52.0261 6992	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:18:52.0298 6992	DXGKrnl - ok
23:18:52.0386 6992	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:18:52.0465 6992	ebdrv - ok
23:18:52.0504 6992	EIO64           (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
23:18:52.0538 6992	EIO64 - ok
23:18:52.0560 6992	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:18:52.0583 6992	elxstor - ok
23:18:52.0590 6992	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:18:52.0621 6992	ErrDev - ok
23:18:52.0635 6992	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:18:52.0669 6992	exfat - ok
23:18:52.0685 6992	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:18:52.0714 6992	fastfat - ok
23:18:52.0730 6992	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:18:52.0753 6992	fdc - ok
23:18:52.0772 6992	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:18:52.0783 6992	FileInfo - ok
23:18:52.0796 6992	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:18:52.0845 6992	Filetrace - ok
23:18:52.0851 6992	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:18:52.0861 6992	flpydisk - ok
23:18:52.0887 6992	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:18:52.0902 6992	FltMgr - ok
23:18:52.0926 6992	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:18:52.0936 6992	FsDepends - ok
23:18:52.0947 6992	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:18:52.0956 6992	Fs_Rec - ok
23:18:52.0971 6992	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:18:52.0981 6992	fvevol - ok
23:18:52.0999 6992	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:18:53.0010 6992	gagp30kx - ok
23:18:53.0053 6992	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:18:53.0074 6992	GEARAspiWDM - ok
23:18:53.0098 6992	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:18:53.0127 6992	hcw85cir - ok
23:18:53.0174 6992	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:18:53.0229 6992	HdAudAddService - ok
23:18:53.0253 6992	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:18:53.0282 6992	HDAudBus - ok
23:18:53.0289 6992	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:18:53.0299 6992	HidBatt - ok
23:18:53.0306 6992	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:18:53.0339 6992	HidBth - ok
23:18:53.0346 6992	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:18:53.0404 6992	HidIr - ok
23:18:53.0442 6992	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:18:53.0461 6992	HidUsb - ok
23:18:53.0483 6992	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:18:53.0497 6992	HpSAMD - ok
23:18:53.0522 6992	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:18:53.0578 6992	HTTP - ok
23:18:53.0597 6992	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:18:53.0604 6992	hwpolicy - ok
23:18:53.0625 6992	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:18:53.0638 6992	i8042prt - ok
23:18:53.0678 6992	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:18:53.0706 6992	iaStorV - ok
23:18:53.0950 6992	igfx            (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:18:54.0196 6992	igfx - ok
23:18:54.0221 6992	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:18:54.0233 6992	iirsp - ok
23:18:54.0244 6992	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:18:54.0256 6992	intelide - ok
23:18:54.0272 6992	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:18:54.0294 6992	intelppm - ok
23:18:54.0346 6992	IOMap           (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
23:18:54.0366 6992	IOMap - ok
23:18:54.0378 6992	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:18:54.0431 6992	IpFilterDriver - ok
23:18:54.0439 6992	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:18:54.0467 6992	IPMIDRV - ok
23:18:54.0488 6992	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:18:54.0523 6992	IPNAT - ok
23:18:54.0549 6992	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:18:54.0576 6992	IRENUM - ok
23:18:54.0582 6992	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:18:54.0592 6992	isapnp - ok
23:18:54.0614 6992	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:18:54.0630 6992	iScsiPrt - ok
23:18:54.0648 6992	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:18:54.0659 6992	kbdclass - ok
23:18:54.0670 6992	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:18:54.0681 6992	kbdhid - ok
23:18:54.0703 6992	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:18:54.0714 6992	KSecDD - ok
23:18:54.0733 6992	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:18:54.0746 6992	KSecPkg - ok
23:18:54.0760 6992	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:18:54.0786 6992	ksthunk - ok
23:18:54.0848 6992	lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
23:18:54.0877 6992	lirsgt - ok
23:18:54.0896 6992	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:18:54.0967 6992	lltdio - ok
23:18:54.0993 6992	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:18:55.0004 6992	LSI_FC - ok
23:18:55.0011 6992	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:18:55.0023 6992	LSI_SAS - ok
23:18:55.0030 6992	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:18:55.0040 6992	LSI_SAS2 - ok
23:18:55.0049 6992	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:18:55.0060 6992	LSI_SCSI - ok
23:18:55.0075 6992	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:18:55.0109 6992	luafv - ok
23:18:55.0119 6992	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:18:55.0129 6992	megasas - ok
23:18:55.0139 6992	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:18:55.0153 6992	MegaSR - ok
23:18:55.0184 6992	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:18:55.0192 6992	MEIx64 - ok
23:18:55.0201 6992	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:18:55.0234 6992	Modem - ok
23:18:55.0258 6992	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:18:55.0273 6992	monitor - ok
23:18:55.0293 6992	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:18:55.0303 6992	mouclass - ok
23:18:55.0323 6992	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:18:55.0350 6992	mouhid - ok
23:18:55.0373 6992	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:18:55.0380 6992	mountmgr - ok
23:18:55.0387 6992	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:18:55.0400 6992	mpio - ok
23:18:55.0422 6992	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:18:55.0490 6992	mpsdrv - ok
23:18:55.0500 6992	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:18:55.0517 6992	MRxDAV - ok
23:18:55.0540 6992	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:18:55.0574 6992	mrxsmb - ok
23:18:55.0614 6992	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:18:55.0642 6992	mrxsmb10 - ok
23:18:55.0655 6992	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:18:55.0674 6992	mrxsmb20 - ok
23:18:55.0681 6992	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:18:55.0690 6992	msahci - ok
23:18:55.0714 6992	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:18:55.0727 6992	msdsm - ok
23:18:55.0750 6992	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:18:55.0782 6992	Msfs - ok
23:18:55.0795 6992	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:18:55.0834 6992	mshidkmdf - ok
23:18:55.0846 6992	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:18:55.0854 6992	msisadrv - ok
23:18:55.0887 6992	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:18:55.0913 6992	MSKSSRV - ok
23:18:55.0921 6992	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:18:55.0946 6992	MSPCLOCK - ok
23:18:55.0961 6992	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:18:56.0029 6992	MSPQM - ok
23:18:56.0047 6992	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:18:56.0063 6992	MsRPC - ok
23:18:56.0079 6992	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:18:56.0085 6992	mssmbios - ok
23:18:56.0104 6992	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:18:56.0140 6992	MSTEE - ok
23:18:56.0147 6992	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:18:56.0179 6992	MTConfig - ok
23:18:56.0218 6992	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
23:18:56.0234 6992	MTsensor - ok
23:18:56.0253 6992	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:18:56.0267 6992	Mup - ok
23:18:56.0299 6992	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:18:56.0334 6992	NativeWifiP - ok
23:18:56.0363 6992	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:18:56.0387 6992	NDIS - ok
23:18:56.0411 6992	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:18:56.0442 6992	NdisCap - ok
23:18:56.0471 6992	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:18:56.0501 6992	NdisTapi - ok
23:18:56.0524 6992	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:18:56.0565 6992	Ndisuio - ok
23:18:56.0586 6992	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:18:56.0623 6992	NdisWan - ok
23:18:56.0636 6992	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:18:56.0674 6992	NDProxy - ok
23:18:56.0692 6992	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:18:56.0744 6992	NetBIOS - ok
23:18:56.0763 6992	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:18:56.0792 6992	NetBT - ok
23:18:56.0818 6992	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:18:56.0829 6992	nfrd960 - ok
23:18:56.0856 6992	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:18:56.0898 6992	Npfs - ok
23:18:56.0913 6992	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:18:56.0951 6992	nsiproxy - ok
23:18:57.0004 6992	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:18:57.0043 6992	Ntfs - ok
23:18:57.0059 6992	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:18:57.0098 6992	Null - ok
23:18:57.0137 6992	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:18:57.0182 6992	nusb3hub - ok
23:18:57.0204 6992	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:18:57.0264 6992	nusb3xhc - ok
23:18:57.0322 6992	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:18:57.0393 6992	NVENETFD - ok
23:18:57.0441 6992	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
23:18:57.0479 6992	NVHDA - ok
23:18:57.0751 6992	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:18:57.0993 6992	nvlddmkm - ok
23:18:58.0038 6992	NVNET           (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:18:58.0053 6992	NVNET - ok
23:18:58.0086 6992	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:18:58.0097 6992	nvraid - ok
23:18:58.0114 6992	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:18:58.0122 6992	nvstor - ok
23:18:58.0145 6992	nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
23:18:58.0152 6992	nvstor64 - ok
23:18:58.0186 6992	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:18:58.0198 6992	nv_agp - ok
23:18:58.0205 6992	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:18:58.0225 6992	ohci1394 - ok
23:18:58.0291 6992	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:18:58.0327 6992	Parport - ok
23:18:58.0348 6992	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:18:58.0368 6992	partmgr - ok
23:18:58.0394 6992	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:18:58.0409 6992	pci - ok
23:18:58.0423 6992	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:18:58.0439 6992	pciide - ok
23:18:58.0460 6992	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:18:58.0485 6992	pcmcia - ok
23:18:58.0507 6992	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:18:58.0526 6992	pcw - ok
23:18:58.0552 6992	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:18:58.0602 6992	PEAUTH - ok
23:18:58.0652 6992	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:18:58.0696 6992	PptpMiniport - ok
23:18:58.0704 6992	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:18:58.0739 6992	Processor - ok
23:18:58.0761 6992	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:18:58.0801 6992	Psched - ok
23:18:58.0857 6992	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:18:58.0904 6992	ql2300 - ok
23:18:58.0912 6992	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:18:58.0925 6992	ql40xx - ok
23:18:58.0947 6992	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:18:58.0975 6992	QWAVEdrv - ok
23:18:58.0982 6992	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:18:59.0017 6992	RasAcd - ok
23:18:59.0047 6992	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:18:59.0073 6992	RasAgileVpn - ok
23:18:59.0089 6992	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:18:59.0133 6992	Rasl2tp - ok
23:18:59.0152 6992	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:18:59.0187 6992	RasPppoe - ok
23:18:59.0203 6992	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:18:59.0243 6992	RasSstp - ok
23:18:59.0264 6992	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:18:59.0295 6992	rdbss - ok
23:18:59.0311 6992	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:18:59.0328 6992	rdpbus - ok
23:18:59.0351 6992	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:18:59.0374 6992	RDPCDD - ok
23:18:59.0402 6992	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:18:59.0425 6992	RDPENCDD - ok
23:18:59.0438 6992	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:18:59.0474 6992	RDPREFMP - ok
23:18:59.0483 6992	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:18:59.0524 6992	RDPWD - ok
23:18:59.0549 6992	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:18:59.0563 6992	rdyboost - ok
23:18:59.0608 6992	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:18:59.0636 6992	rspndr - ok
23:18:59.0674 6992	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:18:59.0689 6992	RTL8167 - ok
23:18:59.0715 6992	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:18:59.0727 6992	sbp2port - ok
23:18:59.0745 6992	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:18:59.0780 6992	scfilter - ok
23:18:59.0804 6992	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:18:59.0837 6992	secdrv - ok
23:18:59.0863 6992	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:18:59.0882 6992	Serenum - ok
23:18:59.0913 6992	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:18:59.0960 6992	Serial - ok
23:18:59.0992 6992	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:19:00.0011 6992	sermouse - ok
23:19:00.0047 6992	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:00.0058 6992	sffdisk - ok
23:19:00.0065 6992	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:00.0086 6992	sffp_mmc - ok
23:19:00.0093 6992	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:00.0112 6992	sffp_sd - ok
23:19:00.0119 6992	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:19:00.0129 6992	sfloppy - ok
23:19:00.0169 6992	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:19:00.0191 6992	Sftfs - ok
23:19:00.0227 6992	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:19:00.0240 6992	Sftplay - ok
23:19:00.0254 6992	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:19:00.0262 6992	Sftredir - ok
23:19:00.0281 6992	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:19:00.0289 6992	Sftvol - ok
23:19:00.0314 6992	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:19:00.0324 6992	SiSRaid2 - ok
23:19:00.0342 6992	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:19:00.0353 6992	SiSRaid4 - ok
23:19:00.0381 6992	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:00.0442 6992	Smb - ok
23:19:00.0462 6992	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:00.0470 6992	spldr - ok
23:19:00.0512 6992	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:00.0560 6992	srv - ok
23:19:00.0584 6992	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:00.0620 6992	srv2 - ok
23:19:00.0635 6992	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:00.0652 6992	srvnet - ok
23:19:00.0693 6992	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:19:00.0705 6992	stexstor - ok
23:19:00.0740 6992	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:19:00.0752 6992	swenum - ok
23:19:00.0844 6992	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:19:00.0911 6992	Tcpip - ok
23:19:00.0948 6992	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:00.0974 6992	TCPIP6 - ok
23:19:00.0998 6992	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:01.0038 6992	tcpipreg - ok
23:19:01.0063 6992	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:01.0096 6992	TDPIPE - ok
23:19:01.0103 6992	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:19:01.0129 6992	TDTCP - ok
23:19:01.0140 6992	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:01.0179 6992	tdx - ok
23:19:01.0194 6992	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:19:01.0204 6992	TermDD - ok
23:19:01.0224 6992	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:01.0262 6992	tssecsrv - ok
23:19:01.0296 6992	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:01.0322 6992	TsUsbFlt - ok
23:19:01.0343 6992	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:19:01.0364 6992	TsUsbGD - ok
23:19:01.0378 6992	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:01.0406 6992	tunnel - ok
23:19:01.0422 6992	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:19:01.0433 6992	uagp35 - ok
23:19:01.0452 6992	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:01.0501 6992	udfs - ok
23:19:01.0527 6992	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:01.0538 6992	uliagpkx - ok
23:19:01.0552 6992	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:19:01.0579 6992	umbus - ok
23:19:01.0600 6992	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:19:01.0623 6992	UmPass - ok
23:19:01.0670 6992	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:19:01.0709 6992	USBAAPL64 - ok
23:19:01.0761 6992	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:19:01.0803 6992	usbaudio - ok
23:19:01.0826 6992	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:01.0864 6992	usbccgp - ok
23:19:01.0885 6992	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:01.0905 6992	usbcir - ok
23:19:01.0926 6992	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:01.0940 6992	usbehci - ok
23:19:01.0967 6992	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:01.0995 6992	usbhub - ok
23:19:02.0029 6992	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:02.0047 6992	usbohci - ok
23:19:02.0071 6992	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:19:02.0095 6992	usbprint - ok
23:19:02.0110 6992	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:02.0146 6992	USBSTOR - ok
23:19:02.0171 6992	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:19:02.0195 6992	usbuhci - ok
23:19:02.0220 6992	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:02.0232 6992	vdrvroot - ok
23:19:02.0251 6992	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:02.0267 6992	vga - ok
23:19:02.0294 6992	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:02.0357 6992	VgaSave - ok
23:19:02.0380 6992	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:02.0395 6992	vhdmp - ok
23:19:02.0493 6992	VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys
23:19:02.0539 6992	VIAHdAudAddService - ok
23:19:02.0585 6992	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:02.0613 6992	viaide - ok
23:19:02.0644 6992	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:02.0663 6992	volmgr - ok
23:19:02.0691 6992	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:02.0711 6992	volmgrx - ok
23:19:02.0734 6992	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:19:02.0761 6992	volsnap - ok
23:19:02.0789 6992	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:19:02.0802 6992	vsmraid - ok
23:19:02.0824 6992	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:19:02.0848 6992	vwifibus - ok
23:19:02.0868 6992	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:19:02.0878 6992	WacomPen - ok
23:19:02.0901 6992	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0927 6992	WANARP - ok
23:19:02.0930 6992	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:02.0953 6992	Wanarpv6 - ok
23:19:03.0003 6992	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:19:03.0012 6992	Wd - ok
23:19:03.0035 6992	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:03.0056 6992	Wdf01000 - ok
23:19:03.0086 6992	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:03.0112 6992	WfpLwf - ok
23:19:03.0135 6992	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:03.0144 6992	WIMMount - ok
23:19:03.0201 6992	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:03.0211 6992	WmiAcpi - ok
23:19:03.0242 6992	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:03.0280 6992	ws2ifsl - ok
23:19:03.0310 6992	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:03.0337 6992	WudfPf - ok
23:19:03.0378 6992	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:03.0405 6992	WUDFRd - ok
23:19:03.0445 6992	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:19:04.0392 6992	\Device\Harddisk0\DR0 - ok
23:19:04.0399 6992	Boot (0x1200)   (54ba4c37d203c2b279e01a9f91269268) \Device\Harddisk0\DR0\Partition0
23:19:04.0400 6992	\Device\Harddisk0\DR0\Partition0 - ok
23:19:04.0437 6992	Boot (0x1200)   (48b45adb4982eba28b09dd60a2b20799) \Device\Harddisk0\DR0\Partition1
23:19:04.0439 6992	\Device\Harddisk0\DR0\Partition1 - ok
23:19:04.0439 6992	============================================================
23:19:04.0439 6992	Scan finished
23:19:04.0439 6992	============================================================
23:19:04.0461 0372	Detected object count: 0
23:19:04.0462 0372	Actual detected object count: 0
23:19:14.0023 7436	============================================================
23:19:14.0023 7436	Scan started
23:19:14.0023 7436	Mode: Manual; SigCheck; TDLFS; 
23:19:14.0023 7436	============================================================
23:19:14.0362 7436	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:19:14.0380 7436	1394ohci - ok
23:19:14.0401 7436	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:19:14.0414 7436	ACPI - ok
23:19:14.0421 7436	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:19:14.0433 7436	AcpiPmi - ok
23:19:14.0455 7436	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:19:14.0466 7436	adp94xx - ok
23:19:14.0475 7436	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:19:14.0485 7436	adpahci - ok
23:19:14.0493 7436	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:19:14.0500 7436	adpu320 - ok
23:19:14.0536 7436	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:19:14.0546 7436	AFD - ok
23:19:14.0564 7436	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:19:14.0571 7436	agp440 - ok
23:19:14.0584 7436	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:19:14.0590 7436	aliide - ok
23:19:14.0598 7436	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:19:14.0605 7436	amdide - ok
23:19:14.0619 7436	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:19:14.0627 7436	AmdK8 - ok
23:19:14.0767 7436	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
23:19:14.0838 7436	amdkmdag - ok
23:19:14.0875 7436	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:19:14.0886 7436	amdkmdap - ok
23:19:14.0906 7436	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:19:14.0914 7436	AmdPPM - ok
23:19:14.0939 7436	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:19:14.0946 7436	amdsata - ok
23:19:14.0959 7436	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:19:14.0967 7436	amdsbs - ok
23:19:14.0979 7436	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:19:14.0985 7436	amdxata - ok
23:19:14.0995 7436	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:19:15.0017 7436	AppID - ok
23:19:15.0029 7436	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:19:15.0036 7436	arc - ok
23:19:15.0043 7436	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:19:15.0050 7436	arcsas - ok
23:19:15.0054 7436	AsIO - ok
23:19:15.0075 7436	asusgsb         (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
23:19:15.0082 7436	asusgsb - ok
23:19:15.0090 7436	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:15.0114 7436	AsyncMac - ok
23:19:15.0133 7436	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:19:15.0139 7436	atapi - ok
23:19:15.0175 7436	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
23:19:15.0182 7436	AtiHDAudioService - ok
23:19:15.0194 7436	atkdisplf       (fb4187c282cb467e5e606913a1fa79a3) C:\Windows\system32\drivers\ATKDispLowFilter.sys
23:19:15.0200 7436	atkdisplf - ok
23:19:15.0238 7436	atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
23:19:15.0251 7436	atksgt - ok
23:19:15.0285 7436	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
23:19:15.0292 7436	avgntflt - ok
23:19:15.0307 7436	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
23:19:15.0314 7436	avipbb - ok
23:19:15.0340 7436	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:19:15.0354 7436	b06bdrv - ok
23:19:15.0372 7436	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:15.0385 7436	b57nd60a - ok
23:19:15.0412 7436	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:19:15.0444 7436	Beep - ok
23:19:15.0466 7436	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:15.0474 7436	blbdrive - ok
23:19:15.0505 7436	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:19:15.0512 7436	bowser - ok
23:19:15.0519 7436	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:19:15.0528 7436	BrFiltLo - ok
23:19:15.0534 7436	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:19:15.0544 7436	BrFiltUp - ok
23:19:15.0559 7436	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:15.0569 7436	Brserid - ok
23:19:15.0575 7436	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:15.0585 7436	BrSerWdm - ok
23:19:15.0591 7436	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:15.0601 7436	BrUsbMdm - ok
23:19:15.0607 7436	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:15.0614 7436	BrUsbSer - ok
23:19:15.0621 7436	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:19:15.0631 7436	BTHMODEM - ok
23:19:15.0647 7436	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:15.0671 7436	cdfs - ok
23:19:15.0689 7436	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:19:15.0697 7436	cdrom - ok
23:19:15.0706 7436	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:19:15.0715 7436	circlass - ok
23:19:15.0747 7436	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:15.0756 7436	CLFS - ok
23:19:15.0770 7436	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:19:15.0779 7436	CmBatt - ok
23:19:15.0785 7436	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:19:15.0792 7436	cmdide - ok
23:19:15.0811 7436	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:19:15.0826 7436	CNG - ok
23:19:15.0841 7436	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:19:15.0848 7436	Compbatt - ok
23:19:15.0866 7436	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:19:15.0876 7436	CompositeBus - ok
23:19:15.0884 7436	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:19:15.0890 7436	crcdisk - ok
23:19:15.0914 7436	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:19:15.0937 7436	DfsC - ok
23:19:15.0959 7436	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:15.0982 7436	discache - ok
23:19:15.0997 7436	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:19:16.0003 7436	Disk - ok
23:19:16.0041 7436	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:16.0050 7436	drmkaud - ok
23:19:16.0081 7436	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:16.0096 7436	DXGKrnl - ok
23:19:16.0184 7436	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:19:16.0225 7436	ebdrv - ok
23:19:16.0260 7436	EIO64           (343ada10d948db29251f2d9c809af204) C:\Windows\system32\DRIVERS\EIO64.sys
23:19:16.0279 7436	EIO64 - ok
23:19:16.0306 7436	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:19:16.0326 7436	elxstor - ok
23:19:16.0333 7436	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:19:16.0343 7436	ErrDev - ok
23:19:16.0358 7436	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:16.0389 7436	exfat - ok
23:19:16.0408 7436	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:16.0433 7436	fastfat - ok
23:19:16.0441 7436	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:19:16.0449 7436	fdc - ok
23:19:16.0473 7436	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:16.0480 7436	FileInfo - ok
23:19:16.0497 7436	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:16.0520 7436	Filetrace - ok
23:19:16.0527 7436	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:19:16.0535 7436	flpydisk - ok
23:19:16.0555 7436	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:19:16.0564 7436	FltMgr - ok
23:19:16.0582 7436	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:16.0589 7436	FsDepends - ok
23:19:16.0604 7436	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:16.0610 7436	Fs_Rec - ok
23:19:16.0628 7436	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:16.0638 7436	fvevol - ok
23:19:16.0656 7436	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:19:16.0662 7436	gagp30kx - ok
23:19:16.0698 7436	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:16.0703 7436	GEARAspiWDM - ok
23:19:16.0721 7436	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:16.0728 7436	hcw85cir - ok
23:19:16.0750 7436	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:19:16.0761 7436	HdAudAddService - ok
23:19:16.0777 7436	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:19:16.0787 7436	HDAudBus - ok
23:19:16.0793 7436	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:19:16.0801 7436	HidBatt - ok
23:19:16.0808 7436	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:19:16.0818 7436	HidBth - ok
23:19:16.0831 7436	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:19:16.0840 7436	HidIr - ok
23:19:16.0855 7436	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:16.0862 7436	HidUsb - ok
23:19:16.0885 7436	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:19:16.0891 7436	HpSAMD - ok
23:19:16.0923 7436	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:19:16.0952 7436	HTTP - ok
23:19:16.0966 7436	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:19:16.0973 7436	hwpolicy - ok
23:19:16.0994 7436	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:17.0003 7436	i8042prt - ok
23:19:17.0033 7436	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:19:17.0043 7436	iaStorV - ok
23:19:17.0255 7436	igfx            (8cb8667f5a3b5515f2585f3254f3aaf7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:17.0360 7436	igfx - ok
23:19:17.0380 7436	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:19:17.0386 7436	iirsp - ok
23:19:17.0396 7436	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:19:17.0402 7436	intelide - ok
23:19:17.0408 7436	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:17.0417 7436	intelppm - ok
23:19:17.0438 7436	IOMap           (a01c412699b6f21645b2885c2bae4454) C:\Windows\system32\drivers\IOMap64.sys
23:19:17.0444 7436	IOMap - ok
23:19:17.0452 7436	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:17.0475 7436	IpFilterDriver - ok
23:19:17.0484 7436	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:19:17.0492 7436	IPMIDRV - ok
23:19:17.0499 7436	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:17.0524 7436	IPNAT - ok
23:19:17.0542 7436	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:17.0553 7436	IRENUM - ok
23:19:17.0559 7436	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:19:17.0566 7436	isapnp - ok
23:19:17.0585 7436	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:19:17.0593 7436	iScsiPrt - ok
23:19:17.0608 7436	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:19:17.0614 7436	kbdclass - ok
23:19:17.0630 7436	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:19:17.0638 7436	kbdhid - ok
23:19:17.0652 7436	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:19:17.0659 7436	KSecDD - ok
23:19:17.0670 7436	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:17.0678 7436	KSecPkg - ok
23:19:17.0697 7436	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:17.0721 7436	ksthunk - ok
23:19:17.0741 7436	lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
23:19:17.0747 7436	lirsgt - ok
23:19:17.0767 7436	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:17.0791 7436	lltdio - ok
23:19:17.0831 7436	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:19:17.0838 7436	LSI_FC - ok
23:19:17.0846 7436	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:19:17.0854 7436	LSI_SAS - ok
23:19:17.0860 7436	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:19:17.0867 7436	LSI_SAS2 - ok
23:19:17.0874 7436	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:19:17.0881 7436	LSI_SCSI - ok
23:19:17.0902 7436	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:17.0927 7436	luafv - ok
23:19:17.0951 7436	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:19:17.0957 7436	megasas - ok
23:19:17.0966 7436	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:19:17.0974 7436	MegaSR - ok
23:19:18.0000 7436	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:18.0005 7436	MEIx64 - ok
23:19:18.0014 7436	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:18.0038 7436	Modem - ok
23:19:18.0063 7436	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:18.0073 7436	monitor - ok
23:19:18.0087 7436	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:18.0093 7436	mouclass - ok
23:19:18.0106 7436	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:18.0114 7436	mouhid - ok
23:19:18.0134 7436	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:19:18.0141 7436	mountmgr - ok
23:19:18.0149 7436	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:19:18.0156 7436	mpio - ok
23:19:18.0172 7436	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:18.0196 7436	mpsdrv - ok
23:19:18.0221 7436	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:19:18.0234 7436	MRxDAV - ok
23:19:18.0257 7436	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:18.0265 7436	mrxsmb - ok
23:19:18.0297 7436	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:18.0306 7436	mrxsmb10 - ok
23:19:18.0338 7436	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:18.0346 7436	mrxsmb20 - ok
23:19:18.0353 7436	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:19:18.0359 7436	msahci - ok
23:19:18.0376 7436	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:19:18.0383 7436	msdsm - ok
23:19:18.0401 7436	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:18.0424 7436	Msfs - ok
23:19:18.0456 7436	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:18.0497 7436	mshidkmdf - ok
23:19:18.0518 7436	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:19:18.0524 7436	msisadrv - ok
23:19:18.0534 7436	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:18.0557 7436	MSKSSRV - ok
23:19:18.0564 7436	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:18.0588 7436	MSPCLOCK - ok
23:19:18.0600 7436	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:18.0622 7436	MSPQM - ok
23:19:18.0642 7436	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:19:18.0652 7436	MsRPC - ok
23:19:18.0674 7436	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:19:18.0680 7436	mssmbios - ok
23:19:18.0699 7436	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:18.0722 7436	MSTEE - ok
23:19:18.0729 7436	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:19:18.0737 7436	MTConfig - ok
23:19:18.0769 7436	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
23:19:18.0774 7436	MTsensor - ok
23:19:18.0792 7436	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:18.0799 7436	Mup - ok
23:19:18.0816 7436	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:18.0829 7436	NativeWifiP - ok
23:19:18.0857 7436	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:19:18.0872 7436	NDIS - ok
23:19:18.0895 7436	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:18.0918 7436	NdisCap - ok
23:19:18.0933 7436	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:18.0957 7436	NdisTapi - ok
23:19:18.0975 7436	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:18.0998 7436	Ndisuio - ok
23:19:19.0015 7436	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:19.0038 7436	NdisWan - ok
23:19:19.0054 7436	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:19:19.0076 7436	NDProxy - ok
23:19:19.0088 7436	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:19.0112 7436	NetBIOS - ok
23:19:19.0126 7436	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:19:19.0150 7436	NetBT - ok
23:19:19.0170 7436	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:19:19.0176 7436	nfrd960 - ok
23:19:19.0196 7436	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:19.0219 7436	Npfs - ok
23:19:19.0232 7436	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:19.0255 7436	nsiproxy - ok
23:19:19.0324 7436	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:19:19.0360 7436	Ntfs - ok
23:19:19.0378 7436	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:19.0401 7436	Null - ok
23:19:19.0433 7436	nusb3hub        (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:19:19.0440 7436	nusb3hub - ok
23:19:19.0466 7436	nusb3xhc        (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:19:19.0473 7436	nusb3xhc - ok
23:19:19.0501 7436	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:19:19.0511 7436	NVENETFD - ok
23:19:19.0548 7436	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
23:19:19.0554 7436	NVHDA - ok
23:19:19.0776 7436	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:19.0920 7436	nvlddmkm - ok
23:19:19.0958 7436	NVNET           (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
23:19:19.0967 7436	NVNET - ok
23:19:19.0995 7436	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:19:20.0002 7436	nvraid - ok
23:19:20.0024 7436	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:19:20.0031 7436	nvstor - ok
23:19:20.0054 7436	nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
23:19:20.0060 7436	nvstor64 - ok
23:19:20.0096 7436	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:19:20.0102 7436	nv_agp - ok
23:19:20.0109 7436	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:19:20.0117 7436	ohci1394 - ok
23:19:20.0144 7436	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:19:20.0153 7436	Parport - ok
23:19:20.0168 7436	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:19:20.0174 7436	partmgr - ok
23:19:20.0192 7436	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:19:20.0200 7436	pci - ok
23:19:20.0210 7436	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:19:20.0217 7436	pciide - ok
23:19:20.0236 7436	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:19:20.0244 7436	pcmcia - ok
23:19:20.0261 7436	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:20.0267 7436	pcw - ok
23:19:20.0295 7436	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:20.0324 7436	PEAUTH - ok
23:19:20.0362 7436	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:20.0385 7436	PptpMiniport - ok
23:19:20.0399 7436	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:19:20.0407 7436	Processor - ok
23:19:20.0427 7436	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:19:20.0450 7436	Psched - ok
23:19:20.0488 7436	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:19:20.0509 7436	ql2300 - ok
23:19:20.0517 7436	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:19:20.0524 7436	ql40xx - ok
23:19:20.0547 7436	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:20.0558 7436	QWAVEdrv - ok
23:19:20.0565 7436	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:20.0588 7436	RasAcd - ok
23:19:20.0602 7436	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:20.0627 7436	RasAgileVpn - ok
23:19:20.0644 7436	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:20.0668 7436	Rasl2tp - ok
23:19:20.0685 7436	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:20.0708 7436	RasPppoe - ok
23:19:20.0725 7436	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:20.0749 7436	RasSstp - ok
23:19:20.0775 7436	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:20.0800 7436	rdbss - ok
23:19:20.0822 7436	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:19:20.0831 7436	rdpbus - ok
23:19:20.0851 7436	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:20.0875 7436	RDPCDD - ok
23:19:20.0891 7436	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:20.0914 7436	RDPENCDD - ok
23:19:20.0927 7436	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:20.0951 7436	RDPREFMP - ok
23:19:20.0959 7436	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:19:20.0984 7436	RDPWD - ok
23:19:21.0005 7436	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:19:21.0012 7436	rdyboost - ok
23:19:21.0042 7436	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:21.0066 7436	rspndr - ok
23:19:21.0097 7436	RTL8167         (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:19:21.0106 7436	RTL8167 - ok
23:19:21.0126 7436	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:19:21.0134 7436	sbp2port - ok
23:19:21.0157 7436	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:21.0179 7436	scfilter - ok
23:19:21.0194 7436	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:21.0218 7436	secdrv - ok
23:19:21.0242 7436	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:19:21.0250 7436	Serenum - ok
23:19:21.0268 7436	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:19:21.0276 7436	Serial - ok
23:19:21.0293 7436	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:19:21.0300 7436	sermouse - ok
23:19:21.0326 7436	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:21.0335 7436	sffdisk - ok
23:19:21.0341 7436	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:21.0351 7436	sffp_mmc - ok
23:19:21.0357 7436	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:21.0367 7436	sffp_sd - ok
23:19:21.0373 7436	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:19:21.0381 7436	sfloppy - ok
23:19:21.0415 7436	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:19:21.0428 7436	Sftfs - ok
23:19:21.0462 7436	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:19:21.0469 7436	Sftplay - ok
23:19:21.0489 7436	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:19:21.0494 7436	Sftredir - ok
23:19:21.0515 7436	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:19:21.0520 7436	Sftvol - ok
23:19:21.0559 7436	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:19:21.0565 7436	SiSRaid2 - ok
23:19:21.0577 7436	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:19:21.0584 7436	SiSRaid4 - ok
23:19:21.0604 7436	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:21.0628 7436	Smb - ok
23:19:21.0652 7436	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:21.0658 7436	spldr - ok
23:19:21.0719 7436	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:21.0740 7436	srv - ok
23:19:21.0789 7436	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:21.0816 7436	srv2 - ok
23:19:21.0859 7436	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:21.0870 7436	srvnet - ok
23:19:21.0917 7436	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:19:21.0925 7436	stexstor - ok
23:19:21.0975 7436	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:19:21.0994 7436	swenum - ok
23:19:22.0087 7436	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:19:22.0125 7436	Tcpip - ok
23:19:22.0149 7436	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:22.0175 7436	TCPIP6 - ok
23:19:22.0199 7436	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:22.0222 7436	tcpipreg - ok
23:19:22.0243 7436	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:22.0265 7436	TDPIPE - ok
23:19:22.0272 7436	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:19:22.0297 7436	TDTCP - ok
23:19:22.0320 7436	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:22.0343 7436	tdx - ok
23:19:22.0362 7436	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:19:22.0368 7436	TermDD - ok
23:19:22.0393 7436	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:22.0415 7436	tssecsrv - ok
23:19:22.0431 7436	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:22.0438 7436	TsUsbFlt - ok
23:19:22.0456 7436	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:19:22.0463 7436	TsUsbGD - ok
23:19:22.0491 7436	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:22.0514 7436	tunnel - ok
23:19:22.0535 7436	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:19:22.0542 7436	uagp35 - ok
23:19:22.0564 7436	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:22.0590 7436	udfs - ok
23:19:22.0629 7436	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:22.0636 7436	uliagpkx - ok
23:19:22.0654 7436	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:19:22.0662 7436	umbus - ok
23:19:22.0680 7436	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:19:22.0688 7436	UmPass - ok
23:19:22.0727 7436	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:19:22.0733 7436	USBAAPL64 - ok
23:19:22.0762 7436	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:19:22.0772 7436	usbaudio - ok
23:19:22.0795 7436	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:22.0803 7436	usbccgp - ok
23:19:22.0821 7436	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:22.0831 7436	usbcir - ok
23:19:22.0850 7436	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:22.0858 7436	usbehci - ok
23:19:22.0880 7436	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:22.0889 7436	usbhub - ok
23:19:22.0909 7436	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:22.0916 7436	usbohci - ok
23:19:22.0930 7436	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:19:22.0939 7436	usbprint - ok
23:19:22.0957 7436	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:22.0965 7436	USBSTOR - ok
23:19:22.0996 7436	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:19:23.0003 7436	usbuhci - ok
23:19:23.0023 7436	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:23.0029 7436	vdrvroot - ok
23:19:23.0077 7436	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:23.0105 7436	vga - ok
23:19:23.0131 7436	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:23.0163 7436	VgaSave - ok
23:19:23.0183 7436	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:23.0191 7436	vhdmp - ok
23:19:23.0248 7436	VIAHdAudAddService (ba1da5cd689e9473d99731a2e1ff2fb5) C:\Windows\system32\drivers\viahduaa.sys
23:19:23.0275 7436	VIAHdAudAddService - ok
23:19:23.0299 7436	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:23.0305 7436	viaide - ok
23:19:23.0325 7436	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:23.0332 7436	volmgr - ok
23:19:23.0350 7436	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:23.0360 7436	volmgrx - ok
23:19:23.0381 7436	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:19:23.0390 7436	volsnap - ok
23:19:23.0415 7436	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:19:23.0423 7436	vsmraid - ok
23:19:23.0439 7436	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:19:23.0448 7436	vwifibus - ok
23:19:23.0472 7436	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:19:23.0480 7436	WacomPen - ok
23:19:23.0505 7436	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:23.0528 7436	WANARP - ok
23:19:23.0531 7436	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:23.0554 7436	Wanarpv6 - ok
23:19:23.0585 7436	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:19:23.0591 7436	Wd - ok
23:19:23.0617 7436	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:23.0630 7436	Wdf01000 - ok
23:19:23.0647 7436	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:23.0671 7436	WfpLwf - ok
23:19:23.0684 7436	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:23.0690 7436	WIMMount - ok
23:19:23.0717 7436	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:19:23.0724 7436	WmiAcpi - ok
23:19:23.0746 7436	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:23.0770 7436	ws2ifsl - ok
23:19:23.0792 7436	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:23.0814 7436	WudfPf - ok
23:19:23.0838 7436	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:23.0861 7436	WUDFRd - ok
23:19:23.0883 7436	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:19:24.0819 7436	\Device\Harddisk0\DR0 - ok
23:19:24.0826 7436	Boot (0x1200)   (54ba4c37d203c2b279e01a9f91269268) \Device\Harddisk0\DR0\Partition0
23:19:24.0827 7436	\Device\Harddisk0\DR0\Partition0 - ok
23:19:24.0864 7436	Boot (0x1200)   (48b45adb4982eba28b09dd60a2b20799) \Device\Harddisk0\DR0\Partition1
23:19:24.0866 7436	\Device\Harddisk0\DR0\Partition1 - ok
23:19:24.0867 7436	============================================================
23:19:24.0867 7436	Scan finished
23:19:24.0867 7436	============================================================
23:19:24.0921 7620	Detected object count: 0
23:19:24.0921 7620	Actual detected object count: 0
         

Alt 14.11.2011, 13:19   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.11.2011, 20:27   #13
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Done
[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-14.02 - Skinhead 14.11.2011  19:57:15.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2787 [GMT 1:00]
ausgeführt von:: c:\users\Skinhead\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-14 bis 2011-11-14  ))))))))))))))))))))))))))))))
.
.
2011-11-14 19:03 . 2011-11-14 19:03	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{590EB800-B89C-4D29-A6AC-563703D36B7F}\offreg.dll
2011-11-14 19:00 . 2011-11-14 19:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-11 15:10 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{590EB800-B89C-4D29-A6AC-563703D36B7F}\mpengine.dll
2011-11-10 21:51 . 2011-11-10 21:51	--------	d-----w-	C:\_OTL
2011-11-09 13:18 . 2011-11-09 13:18	--------	d-----w-	c:\program files (x86)\ESET
2011-11-08 20:45 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-08 20:45 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 20:45 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-08 20:45 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-10-31 20:41 . 2011-10-31 20:40	627600	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-31 20:40 . 2011-10-31 20:40	--------	d-----w-	c:\program files\Java
2011-10-29 16:49 . 2011-10-31 20:16	--------	d-----w-	c:\users\Skinhead\AppData\Roaming\.minecraft
2011-10-28 09:27 . 2011-10-28 09:28	--------	d-----w-	c:\program files\iTunes
2011-10-28 09:27 . 2011-10-28 09:28	--------	d-----w-	c:\program files (x86)\iTunes
2011-10-28 09:27 . 2011-10-28 09:27	--------	d-----w-	c:\program files\iPod
2011-10-28 09:26 . 2011-10-28 09:26	--------	d-----w-	c:\program files\Bonjour
2011-10-28 09:26 . 2011-10-28 09:26	--------	d-----w-	c:\program files (x86)\Bonjour
2011-10-28 09:21 . 2011-10-28 09:21	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-28 09:20 . 2011-10-03 03:06	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-28 09:19 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-28 09:19 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-16 20:24 . 2011-10-16 20:24	--------	d-----w-	c:\windows\SysWow64\Wat
2011-10-16 20:24 . 2011-10-16 20:24	--------	d-----w-	c:\windows\system32\Wat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2011-06-24 20:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-12 09:34	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 09:34	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-09-26 21:51 . 2011-09-26 21:51	53248	----a-w-	c:\windows\SysWow64\unrar.dll
2011-09-26 20:57 . 2011-09-26 21:51	4358144	----a-w-	c:\windows\uncsetup.exe
2011-08-31 15:00 . 2011-07-23 15:58	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-30 21:05 . 2011-08-30 21:05	96104	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	85864	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05	61288	----a-w-	c:\windows\system32\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05	212840	----a-w-	c:\windows\system32\dnssdX.dll
2011-08-30 21:05 . 2011-08-30 21:05	83816	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	73064	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05	50536	----a-w-	c:\windows\SysWow64\jdns_sd.dll
2011-08-30 21:05 . 2011-08-30 21:05	178536	----a-w-	c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-12 09:34	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 09:34	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 09:34	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 09:34	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-24 06:53 . 2011-06-24 14:24	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 05:37 . 2011-10-12 09:34	1188864	----a-w-	c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 09:34	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2011-08-17 05:26 . 2011-10-12 09:34	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-12 09:34	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-12 09:34	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-12 09:34	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-08-11 2861696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 136176]
R3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 17:18]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 17:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Skinhead\AppData\Roaming\Mozilla\Firefox\Profiles\yyttfpot.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{ED3219B0-8C17-452A-AF77-FFF11F03FE50}_is1 - c:\users\Skinhead\AppData\Roaming\.minecraft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\0b\0e\02(¯"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-14  20:23:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-14 19:23
.
Vor Suchlauf: 10 Verzeichnis(se), 1.412.930.465.792 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 1.412.631.162.880 Bytes frei
.
- - End Of File - - AABB1903E573ED5D91C515B1B14ED316
         
--- --- ---

Alt 14.11.2011, 20:36   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.11.2011, 20:49   #15
Dude 69
 
TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Standard

TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-14 20:40:43
-----------------------------
20:40:43.598 OS Version: Windows x64 6.1.7601 Service Pack 1
20:40:43.598 Number of processors: 6 586 0xA00
20:40:43.599 ComputerName: SCHORSCHI UserName: Skinhead
20:40:46.052 Initialze error C000010E - driver not loaded
20:40:49.834 AVAST engine defs: 11111400
20:40:53.983 Service scanning
20:40:58.721 Modules scanning
20:40:58.725 Disk 0 trace - called modules:
20:40:58.730
20:41:00.452 AVAST engine scan C:\Windows
20:41:06.137 AVAST engine scan C:\Windows\system32
20:42:38.231 AVAST engine scan C:\Windows\system32\drivers
20:42:47.532 AVAST engine scan C:\Users\Skinhead
20:46:15.619 AVAST engine scan C:\ProgramData
20:46:51.639 Scan finished successfully
20:48:52.349 The log file has been saved successfully to "C:\Users\Skinhead\Desktop\aswMBR.txt"

Bitteschön!

Antwort

Themen zu TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe
adobe, antivir, autorun, avira, bho, bonjour, browser, bundes, bundestrojaner, desktop, firefox, format, frage, google earth, home, internet, launch, logfile, maleware, malware, mozilla, otl logfile, programm, realtek, registry, scan, sched.exe, software, tr/ransom.du.55, usb, usb 3.0, vdeck.exe, virus, webcheck, windows



Ähnliche Themen: TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe


  1. TR/Expl.Pdfka.cqi nach Neuinstallation weg?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (3)
  2. JS: pdfka-gen [Expl]" Bedrohung gefunden über Avast
    Log-Analyse und Auswertung - 19.03.2013 (20)
  3. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  4. EXP/JS.Pdfka.kkk
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (26)
  5. Bundespolizei Trojaner - mahmud.exe?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2011 (1)
  6. mahmud.exe, wahrscheinlich noch mehr...
    Log-Analyse und Auswertung - 08.12.2011 (12)
  7. cmd.exe und mahmud.exe - Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (12)
  8. Trojaner EXP/Pdfka.QG
    Log-Analyse und Auswertung - 30.11.2011 (25)
  9. Virus 'EXP/Pdfka.QG' [exploit] gefunden.
    Log-Analyse und Auswertung - 26.11.2011 (7)
  10. EXP/Pdfka.QG habe ich ein Virus oder Trojaner auf dem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2011 (1)
  11. BKA Trojaner (mahmud.exe) win xp sp3 32bit
    Log-Analyse und Auswertung - 23.10.2011 (1)
  12. Trojaner JS/Exploit.Pdfka.OXB.Gen öffnet Pop-Up im OnlineBanking
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (4)
  13. JS/Exploit.Pdfka.OMG.Gen Trojaner entdeckt aber auch beseitigt?
    Log-Analyse und Auswertung - 04.01.2011 (19)
  14. Avira AntiVir findet Pdfka.V
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (17)
  15. Virus Fund: JS:Pdfka-AJM [Expl]
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (3)
  16. 'EXP/Pdfka.bmq' [exploit] Fund
    Plagegeister aller Art und deren Bekämpfung - 19.02.2010 (10)
  17. Freescan malware, JS fake AV-A und JS Pdfka- N
    Plagegeister aller Art und deren Bekämpfung - 03.01.2009 (6)

Zum Thema TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe - Moin, Als ich neulich so durch Facebook surfte und einen Link zu einen lustigen Foto anklickte, und zur Seite Pic2lol.com gelangte kam eine Meldung von Adobe Reader, er könne eine - TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe...
Archiv
Du betrachtest: TR/Ransom.DU.55'+EXP/Pdfka.QG'+contacts[1].exe+mahmud.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.