Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizeivirus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.12.2011, 02:59   #1
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Hallo,
Ich hab mir vor ein paar Stunden das bekannte Bundespolizeivirus eingefangen und hab Windows sofort im abgesicherten Modus gestartet um einen Virusscan via Antivir durchzuführen. Dieser hat 9 Viren gefunden und gelöscht. Danach hab ich nochmal CCleaner laufen lassen und habe anschließend unter msconfig den Start des Virus unter dem Namen verhindert. Es ließ sich auf die Anwendung rundll32.exe zurückführen. Ich hab veruscht diesen in der registry zu löschen, doch vergebens. Naja ich hab zu guter letzt Malwarebyte seine Arbeit verrichten lassen. Jetzt wollte ich wissen ob sich nun noch andere Viren auf meinem Rechner befinden und ob das mit rundll32.exe nun geklärt ist.
Danke Schonmal für die Antwort.

MfG RamboGS

Hier ist der Malwarebyte-Scan:
Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7622

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 03:51:28
mbam-log-2011-12-20 (03-51-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 419141
Laufzeit: 59 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FFAFC99C-9AFD-FEED-E45A-26A6DEEB2A7F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFAFC99C-9AFD-FEED-E45A-26A6DEEB2A7F} (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender (Trojan.Agent.Gen) -> Value: Windows Defender -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\uninstall fun web products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\Local\Temp\0.32845481590782644.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\Roaming\Google\chrome.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
         

Alt 20.12.2011, 14:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.
__________________

__________________

Alt 20.12.2011, 16:11   #3
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8403

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

20.12.2011 17:08:56
mbam-log-2011-12-20 (17-08-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 419687
Laufzeit: 57 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Users\Rambo\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\5f519126-1611527f (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
         
__________________

Alt 20.12.2011, 20:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.12.2011, 23:34   #5
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Hier der Eset Log:
Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=71a72eb7ce42f9488dac170795387e7d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:21:53
# local_time=2011-12-21 12:21:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13784 13784 0 0
# compatibility_mode=5893 16776573 100 94 13814 76044529 0 0
# compatibility_mode=8192 67108863 100 0 3773 3773 0 0
# scanned=241123
# found=1
# cleaned=0
# scan_time=8634
C:\Users\Rambo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\44149a02-18e3e84c	a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean)	00000000000000000000000000000000	I	I
         


Alt 21.12.2011, 09:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Bundespolizeivirus

Alt 21.12.2011, 15:43   #7
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2011 16:22:11 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rambo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,44 Gb Available Physical Memory | 80,62% Memory free
15,98 Gb Paging File | 14,31 Gb Available in Paging File | 89,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 560,32 Gb Total Space | 249,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 371,09 Gb Total Space | 370,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
 
Computer Name: RAMBO-PC | User Name: Rambo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.21 16:20:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe
PRC - [2011.12.09 12:40:08 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
PRC - [2011.12.09 12:40:07 | 000,577,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
PRC - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
PRC - [2009.10.21 05:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
PRC - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 07:39:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.11.02 07:39:08 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.11.02 07:39:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.11.02 07:38:55 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.11.02 07:38:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.11.02 07:38:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.11.02 07:38:47 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.11.02 07:38:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.12.01 14:13:08 | 000,035,880 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.06.10 16:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\smart6\dbios\DBIOS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.26 22:30:00 | 004,213,816 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.19 03:31:26 | 000,072,304 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2009.10.15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.10.02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.06.17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.14 23:09:02 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.01.27 09:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009.10.26 16:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.10.26 16:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.12.21 16:16:52 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.07.19 18:58:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011.02.01 22:41:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 95 EF F9 9E 33 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.23 16:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.16 18:02:02 | 000,000,000 | ---D | M]
 
[2011.01.06 18:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rambo\AppData\Roaming\mozilla\Extensions
[2011.11.12 17:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions
[2011.01.17 00:58:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.02 08:02:27 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Rambo\AppData\Roaming\mozilla\Firefox\Profiles\ts2hm3og.default\extensions\firefox@tvunetworks.com
[2011.12.15 19:44:06 | 000,001,052 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml
[2011.07.08 16:01:21 | 000,003,930 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml
[2011.11.23 16:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\RAMBO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TS2HM3OG.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.25 13:16:46 | 002,409,984 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFp530.dll
[2011.02.25 13:21:50 | 001,467,904 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv530.dll
[2011.01.25 10:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.02.13 02:25:56 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rambo\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Flatcast Producer Plugin 5.3.0.717 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFp530.dll
CHR - plugin: Flatcast Viewer Plugin 5.3.0.717 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv530.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rambo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_1\
CHR - Extension: Chuck Anderson = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp\3_1\
CHR - Extension: Google Mail = C:\Users\Rambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\RunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe ()
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6D8630A-1325-477B-A009-E2D357A534F7}: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D026880B-4607-49FD-B3BC-2D37E37C1833}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell - "" = AutoRun
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Rambo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.32845481590782644.exe.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Rambo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\PROGRA~2\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GAINWARD - hkey= - key= - C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co.)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickFinder Scheduler - hkey= - key= - C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.bdmpeg - bdmpega64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.mjpg - bdmjpeg64.dll ()
Drivers32:64bit: vidc.mpeg - bdmpegv64.dll ()
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - C:\Windows\SysWow64\bdmjpeg.dll ()
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.21 16:20:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe
[2011.12.20 21:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.20 21:54:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Rambo\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 19:13:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Avira
[2011.12.20 19:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.20 19:08:18 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.20 19:08:18 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.20 19:08:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.20 19:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.20 19:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.20 19:06:22 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4EE07DE1-5F45-43A3-AC71-B842F348E519}
[2011.12.20 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{095996F7-E2EF-427B-A9A5-ADBD8FAC607A}
[2011.12.20 18:46:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.20 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\Google
[2011.12.20 15:45:48 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{35316C30-A55A-43BE-B4CE-CF18B867FC46}
[2011.12.20 02:48:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Malwarebytes
[2011.12.20 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.20 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.20 02:48:24 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.20 02:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.20 02:13:56 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CBB5335D-1610-4A85-8B0C-BB02A2A28032}
[2011.12.20 00:45:40 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3BD5C8C6-22F4-43E9-80E4-E1073DEE692D}
[2011.12.19 23:37:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{89B606F5-CD36-418A-BE21-EB4F3BAB18E1}
[2011.12.19 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BC7CF223-3F90-42B7-8713-2B4CFC488128}
[2011.12.19 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CA8D8C93-FB75-44FA-B5B1-7EB399F0F804}
[2011.12.19 19:41:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8F420AE7-6656-4864-B57B-66FE2C40B6B0}
[2011.12.19 19:39:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.19 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A8AA975A-7271-4B1A-A678-579982398396}
[2011.12.19 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A742976C-D652-4ABA-A682-241EC45C6A9A}
[2011.12.18 21:11:07 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{74C22AF2-4F84-4BAA-BF1D-BEF83327EF9B}
[2011.12.18 21:10:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{171E54D7-C145-4B8A-A81E-D54B0836CAF0}
[2011.12.16 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FC771171-F8BA-436C-B808-43F3AB8F7BA3}
[2011.12.16 15:16:25 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{62E519EA-EC86-488E-9D74-9C03673735AB}
[2011.12.16 13:43:41 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0203BD67-6A08-4661-B3D7-FBD0FCF3EA92}
[2011.12.16 13:43:29 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{94782109-4E98-4FBD-B8ED-BB1CCC408B0D}
[2011.12.15 18:44:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7CE9E8D6-5501-4340-BA01-3299C1FAEE3E}
[2011.12.15 18:43:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DD8942A1-4CC6-45BE-950E-CDC713E447B5}
[2011.12.15 15:12:41 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2B67161A-C36D-4A13-9A17-2BC38C4023EF}
[2011.12.15 15:12:29 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BECD5FAB-D702-4ACF-8AC5-4B969FF18E4F}
[2011.12.15 07:09:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0CF471CC-4DEF-486C-9DEA-7968F06F79CD}
[2011.12.15 07:08:57 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C37BA41F-4C66-423E-9AF3-C755CACC4EB3}
[2011.12.14 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7726ED76-0371-43A2-AE4D-18BADAFD2960}
[2011.12.14 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6BBADADA-C8CF-4D61-9110-A798874D5A0D}
[2011.12.13 22:14:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6C936644-2CC5-41BD-A504-16B3ED26127B}
[2011.12.13 22:14:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{84F7C21F-C6DA-48BC-9B62-82936FA6AFF1}
[2011.12.13 18:15:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{E1EECA4A-AD5C-4D7E-A01D-5AE6B8BF8311}
[2011.12.13 18:15:42 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7716FD1E-D4FC-435E-A52C-2635B58176F7}
[2011.12.12 17:34:49 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6C5F8C6E-C191-4C29-900B-6222FAFF4B82}
[2011.12.12 17:34:37 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{1741313D-72EB-4190-AC5F-2285A096E1B9}
[2011.12.12 15:16:12 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{248DBDC1-ECF3-498C-84A4-CE72F29FE5EC}
[2011.12.12 15:16:01 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{B49A44AB-64E3-4B1A-BC63-44AD19148B9D}
[2011.12.12 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4AFC9339-2B95-48C6-993B-2BF1883E01C9}
[2011.12.12 12:11:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{EF8AEBCD-D092-4CDA-B7CB-D62335216147}
[2011.12.11 23:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011.12.11 23:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2011.12.11 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A8B5DF0D-BAAA-49CB-AF8C-45F59C332B65}
[2011.12.11 13:23:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5AB9515D-18E4-4844-8209-AE142038AB9E}
[2011.12.08 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{70759B8E-CDC3-488A-9606-DE7A6F822161}
[2011.12.08 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{954FFC7E-3592-4731-9801-B1CE7F192440}
[2011.12.07 20:53:49 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{F6D8EF02-351E-45B5-8FF7-1243A912358E}
[2011.12.07 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{AB32AA3B-2F87-4C83-AE5B-1E429DF42460}
[2011.12.07 15:28:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8E205421-458A-453E-9985-180D0FE7FEE0}
[2011.12.07 15:28:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{92B4FABC-1DC6-4799-B3EA-8E63522D7D5B}
[2011.12.06 14:40:45 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{B7177CD1-7002-4E77-8126-A1BFA52FDFC7}
[2011.12.06 14:40:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DC2517CD-4BC0-4740-AE1B-072F450CC580}
[2011.12.05 10:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{34C86A36-635D-495B-AF47-F5F76914CDEE}
[2011.12.05 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3E606C8F-9471-49FB-9C8C-DD27BD218B06}
[2011.12.04 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{0178E64A-5F3E-481F-9179-12FADC0E6EF8}
[2011.12.04 17:13:21 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C497CD4F-8564-4E9A-8240-7BC11AFCB7AB}
[2011.12.04 12:15:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C5E7FFC0-D3C3-4789-993B-0034755FA269}
[2011.12.04 12:15:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{10B8F5C8-A5A3-4B48-AC03-E74CFC344740}
[2011.12.03 19:04:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{AB74ED35-C7CF-41CE-8AC4-EE9C3397455B}
[2011.12.03 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{22D76FCE-93F3-4035-B6BA-61FEE24CDE45}
[2011.12.03 13:30:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{690FE88E-6911-4A80-96DC-4ED35ACE0DF8}
[2011.12.03 13:29:55 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{14538A51-F455-4A10-A91C-0C3B5660A693}
[2011.12.02 23:49:20 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{442D96A2-64CC-47B7-ACCA-87F31BC2CF7C}
[2011.12.02 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{263FD923-9C34-44BA-99C1-40C6EC88758D}
[2011.12.02 17:20:50 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7BD731E4-2871-4727-BA3F-A70B78DC6109}
[2011.12.02 17:20:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C9079060-B69C-4E87-A521-DC88DD7745C6}
[2011.12.01 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A34B06D4-5BE7-44A0-8546-7F3EC842DE15}
[2011.12.01 14:20:53 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2FF6DC2E-60A7-49A0-AB5D-849CCD881342}
[2011.11.30 16:27:39 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{509863D9-A032-4209-A68E-836861B739E0}
[2011.11.30 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BDDDE4AD-AC5E-4BE3-AFE3-6E72C3E31B03}
[2011.11.29 22:13:30 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D8B8565D-8836-468E-B870-BE744D1DBE0E}
[2011.11.29 22:13:18 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{4E98CA36-47EA-40C5-B050-A8E24F14497E}
[2011.11.29 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{8B7AC40E-A7B4-4A01-A905-4A37B1616EC9}
[2011.11.29 18:52:58 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{813A3D31-85EB-49CD-835D-ED95A4D3504C}
[2011.11.29 15:32:42 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5464647D-94A6-4289-A1C0-A59FD31E111F}
[2011.11.29 15:32:31 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{9EBB26C7-7E74-48BA-ADC3-4F269E3312E4}
[2011.11.29 14:47:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DCA25978-5609-400A-AFFA-FF6228267698}
[2011.11.29 14:47:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{2A2E6537-9B31-46C3-AF3C-8D7BD1453105}
[2011.11.29 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{1725965A-5E4B-478F-BC10-CB2CD03217A8}
[2011.11.29 10:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CED33FFA-D025-422B-988F-AAF45A5C6FDD}
[2011.11.28 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\vlc
[2011.11.28 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.11.28 16:29:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FF3BBD32-2898-46C8-8DEF-D2B5BD204AD3}
[2011.11.28 16:28:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{DBBAD3B4-9EA3-4CB0-8A84-956D20A33B99}
[2011.11.27 13:58:52 | 000,000,000 | ---D | C] -- C:\Users\Rambo\Documents\Assassin's Creed Revelations
[2011.11.26 23:27:18 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011.11.26 23:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ
[2011.11.26 23:27:12 | 000,000,000 | ---D | C] -- C:\Users\Rambo\Documents\VirtualDJ
[2011.11.26 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6673048C-702C-4DE6-8F41-687335503F40}
[2011.11.26 10:30:02 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{81A5166D-95E4-4308-8B3F-0C115F381AC8}
[2011.11.25 20:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.25 20:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.11.25 20:09:48 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D7ADA500-ECE6-465E-BF64-6F8EAF421078}
[2011.11.25 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.11.25 20:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.25 20:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.11.25 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D55929D7-92FB-4FBD-A5B3-769270B0EE01}
[2011.11.25 17:44:33 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{5E57868A-246C-49FC-9365-598CD174AEEB}
[2011.11.25 13:35:02 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6133694F-5388-4D78-9653-9F6B7BE1E7A6}
[2011.11.25 00:53:14 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{7C781908-2063-4B2A-9407-CF183098ED30}
[2011.11.25 00:53:03 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{EE8C8B73-027D-4B55-82DE-06DD7327EEBF}
[2011.11.24 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{BCB5C562-6754-4B21-9C1A-B506BF8FEECF}
[2011.11.24 17:58:27 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{3423836E-F9F1-4FDC-8516-23671E64E1F2}
[2011.11.24 15:29:06 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{A49CEE66-EA3C-4E65-A921-BC7FC7AEA563}
[2011.11.24 15:28:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{FCD45803-87AC-41B0-9080-DA415FB27FFF}
[2011.11.23 16:42:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.23 16:15:31 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{43747F8A-E708-46AE-8427-C2F544514A44}
[2011.11.23 16:15:19 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{D6DA9891-4CBB-497B-859A-60303B65844C}
[2011.11.23 00:08:26 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{C94F4D6E-80D5-4DCE-9ED5-68743FB59586}
[2011.11.23 00:08:15 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{6390E8A4-F95F-4788-B3F5-E95A6CCD436D}
[2011.11.22 20:53:34 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{CCC78BE0-F80B-4CCC-803A-17153C81D583}
[2011.11.22 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{39C1B0F6-179C-49A3-84A7-C18E846184CC}
[2011.11.22 14:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{77135A6E-DE8C-4BA1-96E3-FCD652F177BB}
[2011.11.22 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Rambo\AppData\Local\{451F7E57-7949-4F2A-AE96-EA973EA13BF2}
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.21 16:24:58 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 16:24:57 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.21 16:20:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rambo\Desktop\OTL.exe
[2011.12.21 16:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.21 16:16:20 | 2140,737,535 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 01:49:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000UA.job
[2011.12.20 21:55:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Rambo\Desktop\esetsmartinstaller_enu.exe
[2011.12.20 19:08:33 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.20 18:59:29 | 000,000,848 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.12.20 18:49:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000Core.job
[2011.12.20 18:46:14 | 000,002,318 | ---- | M] () -- C:\Users\Rambo\Desktop\Google Chrome.lnk
[2011.12.20 02:48:28 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.18 14:19:13 | 375,403,873 | ---- | M] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 11 (ger sub) [x264, AAC] [AD2B8B4E].mkv
[2011.12.12 00:12:51 | 375,302,845 | ---- | M] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 10 (ger sub) [x264, AAC] [9E25A1D0].mkv
[2011.12.11 23:29:35 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011.12.11 14:20:36 | 000,017,200 | ---- | M] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc
[2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.03 19:09:51 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.03 19:09:51 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.03 19:09:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.03 19:09:51 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.03 19:09:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.28 16:27:49 | 004,882,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.26 23:27:18 | 000,001,056 | ---- | M] () -- C:\Users\Rambo\Desktop\VirtualDJ Home FREE.lnk
[2011.11.24 20:16:23 | 000,164,267 | ---- | M] () -- C:\Users\Rambo\Desktop\One_Piece.jpg
[2011.11.23 16:49:14 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.20 19:08:33 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.20 18:46:14 | 000,002,318 | ---- | C] () -- C:\Users\Rambo\Desktop\Google Chrome.lnk
[2011.12.20 18:45:37 | 375,403,873 | ---- | C] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 11 (ger sub) [x264, AAC] [AD2B8B4E].mkv
[2011.12.20 18:44:34 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000UA.job
[2011.12.20 18:44:33 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1108714154-2074935787-2652410400-1000Core.job
[2011.12.20 02:48:28 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 00:07:16 | 375,302,845 | ---- | C] () -- C:\Users\Rambo\Desktop\[Dango]Mashiro-Iro Symphony 10 (ger sub) [x264, AAC] [9E25A1D0].mkv
[2011.12.11 23:29:35 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2011.12.11 14:20:36 | 000,017,200 | ---- | C] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc
[2011.11.26 23:27:18 | 000,001,056 | ---- | C] () -- C:\Users\Rambo\Desktop\VirtualDJ Home FREE.lnk
[2011.11.24 20:16:23 | 000,164,267 | ---- | C] () -- C:\Users\Rambo\Desktop\One_Piece.jpg
[2011.11.23 16:49:14 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.23 16:49:14 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.11.20 05:18:24 | 000,000,130 | ---- | C] () -- C:\Windows\Wininit.INI
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.04.10 00:54:44 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.14 03:11:30 | 000,128,023 | ---- | C] () -- C:\Windows\hpwins27.dat
[2011.02.14 03:11:30 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat
[2011.01.15 19:41:38 | 000,007,605 | ---- | C] () -- C:\Users\Rambo\AppData\Local\Resmon.ResmonCfg
[2011.01.15 18:22:08 | 000,000,132 | ---- | C] () -- C:\Users\Rambo\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.01.14 17:02:35 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011.01.08 01:57:24 | 000,000,000 | ---- | C] () -- C:\Users\Rambo\AppData\Roaming\chrtmp
[2011.01.06 16:15:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.01.06 16:12:09 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll
[2011.01.05 19:57:31 | 000,072,304 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2011.01.05 19:53:32 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.05.06 11:26:23 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2009.08.27 08:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe
 
========== LOP Check ==========
 
[2011.08.17 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\.minecraft
[2011.04.25 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ashampoo
[2011.01.07 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DAEMON Tools Lite
[2011.07.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Day 1 Studios
[2011.08.01 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoft
[2011.06.07 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.20 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\GameRanger
[2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze
[2011.07.22 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\ICQ
[2011.01.27 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Leadertech
[2011.01.16 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\mp3DirectCut
[2011.05.07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\OpenOffice.org
[2011.04.20 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\PunkBuster
[2011.04.10 02:57:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Software4u
[2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.07.08 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\TS3Client
[2011.04.15 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ubisoft
[2011.07.24 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Utherverse
[2011.10.14 15:38:12 | 000,032,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.17 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\.minecraft
[2011.09.28 14:04:05 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Adobe
[2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Adobe Mini Bridge CS5
[2011.01.14 14:25:04 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Apple Computer
[2011.04.25 16:24:09 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ashampoo
[2011.12.20 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Avira
[2011.04.15 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Corel
[2011.01.07 00:33:25 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DAEMON Tools Lite
[2011.07.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Day 1 Studios
[2011.08.01 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoft
[2011.06.07 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.20 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\GameRanger
[2011.12.20 03:51:28 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Google
[2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze
[2011.02.14 03:14:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\HP
[2011.07.22 23:36:52 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\ICQ
[2011.01.05 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Identities
[2011.01.05 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\InstallShield
[2011.01.05 20:25:29 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Intel Corporation
[2011.01.27 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Leadertech
[2011.01.06 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Macromedia
[2011.12.20 02:48:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Media Center Programs
[2011.08.29 03:45:47 | 000,000,000 | --SD | M] -- C:\Users\Rambo\AppData\Roaming\Microsoft
[2011.11.02 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Mozilla
[2011.01.16 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\mp3DirectCut
[2011.11.10 05:21:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\NVIDIA
[2011.05.07 14:02:23 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\OpenOffice.org
[2011.04.20 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\PunkBuster
[2011.01.09 18:23:08 | 000,000,000 | RH-D | M] -- C:\Users\Rambo\AppData\Roaming\SecuROM
[2011.04.10 02:57:17 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Software4u
[2011.01.15 18:20:15 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.07.08 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\TS3Client
[2011.04.15 15:37:44 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Ubisoft
[2011.07.24 23:50:24 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Utherverse
[2011.11.28 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\vlc
[2011.01.06 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.31 10:41:54 | 000,810,496 | ---- | M] (Synatix GmbH) -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2011.01.27 16:29:20 | 001,020,928 | ---- | M] (Synatix GmbH) -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\ytdl.exe
[2011.08.29 03:45:47 | 000,010,134 | R--- | M] () -- C:\Users\Rambo\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.02.24 16:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Rambo\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---

Alt 21.12.2011, 15:51   #8
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Was ist eigentlich Gutscheinmieze??

Alt 21.12.2011, 18:11   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Das ist Müll. Hast du dir wahrscheinlich beim Installieren von irgendeinem Programm eingehandelt mit der Methode: Augen zu und durch!
Man muss bei jeder Softwareinstallation alles genau durchlesen und die benutzerdefinierte Methode nehmen, damit man so einen Müll wie Gutscheinmieze oder Toolbars abwählen kann. Und Finger lässt man auch von so einem Schrott wie Softonic!

Zitat:
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager
Aus welcher Quelle stammt CS4/CS5?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 18:30   #10
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Das ist schon etwas länger her hatte die Testversion für 30 Tage..
Mittlerweile nicht mehr benutzbar, hatte es aus der offiziellen Seite

Alt 21.12.2011, 19:00   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2011.12.15 19:44:06 | 000,001,052 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml
[2011.07.08 16:01:21 | 000,003,930 | ---- | M] () -- C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell - "" = AutoRun
O33 - MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\Shell\AutoRun\command - "" = F:\Autorun.exe
MsConfig:64bit - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
[2011.12.11 14:20:36 | 000,017,200 | ---- | M] () -- C:\Users\Rambo\Desktop\vagigidihe.dlc
[2011.08.16 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rambo\AppData\Roaming\Gutscheinmieze
:Files
C:\Users\Rambo\AppData\Local\{*
C:\Program Files\Bonjour
C:\Program Files (x86)\Bonjour
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 21:08   #12
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\icqplugin.xml not found.
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\startsear.xml not found.
File C:\Users\Rambo\AppData\Roaming\Mozilla\Firefox\Profiles\ts2hm3og.default\searchplugins\sweetim.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{294c0380-186d-11e0-9529-806e6f6e6963}\ not found.
File E:\Run.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95032a01-1a7f-11e0-bdbb-1c6f6590ec65}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeCS4ServiceManager\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeCS5ServiceManager\ not found.
File C:\Users\Rambo\Desktop\vagigidihe.dlc not found.
Folder C:\Users\Rambo\AppData\Roaming\Gutscheinmieze\ not found.
========== FILES ==========
File\Folder C:\Users\Rambo\AppData\Local\{* not found.
File\Folder C:\Program Files\Bonjour not found.
File\Folder C:\Program Files (x86)\Bonjour not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rambo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1065094 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6482353 bytes
->Flash cache emptied: 343 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12212011_215809

Files\Folders moved on Reboot...
File\Folder C:\Users\Rambo\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
Zuerst hat sich das Antivirusprogramm eingemischt, da ich vergessen hab es zu deaktivieren habs dann halt nochmal wiederholt
steht deshalb bei den meisten "not found!"? :S

Alt 21.12.2011, 21:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.12.2011, 21:33   #14
RamboGS
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Code:
ATTFilter
22:30:18.0265 1300	TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:30:18.0385 1300	============================================================
22:30:18.0385 1300	Current date / time: 2011/12/21 22:30:18.0385
22:30:18.0385 1300	SystemInfo:
22:30:18.0385 1300	
22:30:18.0385 1300	OS Version: 6.1.7601 ServicePack: 1.0
22:30:18.0385 1300	Product type: Workstation
22:30:18.0385 1300	ComputerName: RAMBO-PC
22:30:18.0385 1300	UserName: Rambo
22:30:18.0385 1300	Windows directory: C:\Windows
22:30:18.0385 1300	System windows directory: C:\Windows
22:30:18.0385 1300	Running under WOW64
22:30:18.0385 1300	Processor architecture: Intel x64
22:30:18.0385 1300	Number of processors: 4
22:30:18.0385 1300	Page size: 0x1000
22:30:18.0385 1300	Boot type: Normal boot
22:30:18.0385 1300	============================================================
22:30:19.0721 1300	Initialize success
22:31:04.0244 4680	============================================================
22:31:04.0244 4680	Scan started
22:31:04.0244 4680	Mode: Manual; SigCheck; TDLFS; 
22:31:04.0244 4680	============================================================
22:31:04.0443 4680	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:31:04.0521 4680	1394ohci - ok
22:31:04.0540 4680	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:31:04.0554 4680	ACPI - ok
22:31:04.0581 4680	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:31:04.0614 4680	AcpiPmi - ok
22:31:04.0644 4680	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:04.0670 4680	adp94xx - ok
22:31:04.0696 4680	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:31:04.0719 4680	adpahci - ok
22:31:04.0742 4680	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:31:04.0760 4680	adpu320 - ok
22:31:04.0825 4680	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:31:04.0902 4680	AFD - ok
22:31:04.0913 4680	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:31:04.0933 4680	agp440 - ok
22:31:04.0965 4680	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:31:04.0983 4680	aliide - ok
22:31:05.0004 4680	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:31:05.0022 4680	amdide - ok
22:31:05.0040 4680	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:31:05.0107 4680	AmdK8 - ok
22:31:05.0124 4680	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:31:05.0175 4680	AmdPPM - ok
22:31:05.0186 4680	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:31:05.0208 4680	amdsata - ok
22:31:05.0241 4680	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:05.0266 4680	amdsbs - ok
22:31:05.0287 4680	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:31:05.0299 4680	amdxata - ok
22:31:05.0369 4680	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:31:05.0422 4680	AppID - ok
22:31:05.0470 4680	AppleCharger    (301aa64f9643bc453d90a66c4c0e7204) C:\Windows\system32\DRIVERS\AppleCharger.sys
22:31:05.0517 4680	AppleCharger - ok
22:31:05.0557 4680	appliandMP - ok
22:31:05.0575 4680	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:31:05.0594 4680	arc - ok
22:31:05.0610 4680	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:31:05.0629 4680	arcsas - ok
22:31:05.0653 4680	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:05.0722 4680	AsyncMac - ok
22:31:05.0762 4680	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:31:05.0771 4680	atapi - ok
22:31:05.0811 4680	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
22:31:05.0833 4680	avgntflt - ok
22:31:05.0850 4680	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
22:31:05.0871 4680	avipbb - ok
22:31:05.0895 4680	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
22:31:05.0911 4680	avkmgr - ok
22:31:05.0946 4680	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:31:06.0029 4680	b06bdrv - ok
22:31:06.0075 4680	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:31:06.0130 4680	b57nd60a - ok
22:31:06.0179 4680	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:31:06.0261 4680	Beep - ok
22:31:06.0305 4680	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:06.0319 4680	blbdrive - ok
22:31:06.0351 4680	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:31:06.0367 4680	bowser - ok
22:31:06.0384 4680	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:06.0428 4680	BrFiltLo - ok
22:31:06.0458 4680	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:06.0492 4680	BrFiltUp - ok
22:31:06.0521 4680	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:31:06.0557 4680	Brserid - ok
22:31:06.0573 4680	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:06.0604 4680	BrSerWdm - ok
22:31:06.0619 4680	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:06.0651 4680	BrUsbMdm - ok
22:31:06.0682 4680	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:06.0697 4680	BrUsbSer - ok
22:31:06.0729 4680	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:06.0760 4680	BTHMODEM - ok
22:31:06.0791 4680	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:31:06.0838 4680	cdfs - ok
22:31:06.0885 4680	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:31:06.0936 4680	cdrom - ok
22:31:06.0967 4680	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:31:07.0027 4680	circlass - ok
22:31:07.0060 4680	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:31:07.0083 4680	CLFS - ok
22:31:07.0118 4680	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:07.0134 4680	CmBatt - ok
22:31:07.0167 4680	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:31:07.0180 4680	cmdide - ok
22:31:07.0224 4680	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:31:07.0272 4680	CNG - ok
22:31:07.0297 4680	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:31:07.0306 4680	Compbatt - ok
22:31:07.0336 4680	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:31:07.0391 4680	CompositeBus - ok
22:31:07.0433 4680	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:07.0454 4680	crcdisk - ok
22:31:07.0523 4680	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:31:07.0581 4680	CSC - ok
22:31:07.0656 4680	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:31:07.0727 4680	DfsC - ok
22:31:07.0737 4680	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:31:07.0765 4680	discache - ok
22:31:07.0790 4680	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:31:07.0801 4680	Disk - ok
22:31:07.0852 4680	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
22:31:07.0898 4680	Dot4 - ok
22:31:07.0933 4680	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
22:31:07.0970 4680	Dot4Print - ok
22:31:08.0005 4680	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
22:31:08.0046 4680	dot4usb - ok
22:31:08.0079 4680	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:31:08.0104 4680	drmkaud - ok
22:31:08.0166 4680	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:31:08.0183 4680	dtsoftbus01 - ok
22:31:08.0244 4680	dump_wmimmc - ok
22:31:08.0297 4680	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:31:08.0336 4680	DXGKrnl - ok
22:31:08.0369 4680	E1G60           (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:31:08.0387 4680	E1G60 - ok
22:31:08.0418 4680	EagleX64 - ok
22:31:08.0499 4680	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:31:08.0643 4680	ebdrv - ok
22:31:08.0695 4680	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:31:08.0715 4680	elxstor - ok
22:31:08.0746 4680	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:31:08.0792 4680	ErrDev - ok
22:31:08.0823 4680	etdrv           (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
22:31:08.0838 4680	etdrv - ok
22:31:08.0865 4680	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:31:08.0918 4680	exfat - ok
22:31:08.0938 4680	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:31:08.0998 4680	fastfat - ok
22:31:09.0021 4680	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:31:09.0033 4680	fdc - ok
22:31:09.0068 4680	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:31:09.0078 4680	FileInfo - ok
22:31:09.0081 4680	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:31:09.0127 4680	Filetrace - ok
22:31:09.0143 4680	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:09.0159 4680	flpydisk - ok
22:31:09.0190 4680	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:31:09.0221 4680	FltMgr - ok
22:31:09.0252 4680	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:31:09.0252 4680	FsDepends - ok
22:31:09.0268 4680	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:31:09.0283 4680	Fs_Rec - ok
22:31:09.0315 4680	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:31:09.0346 4680	fvevol - ok
22:31:09.0377 4680	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:09.0393 4680	gagp30kx - ok
22:31:09.0424 4680	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
22:31:09.0439 4680	gdrv - ok
22:31:09.0471 4680	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:31:09.0486 4680	GEARAspiWDM - ok
22:31:09.0530 4680	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
22:31:09.0549 4680	GVTDrv64 - ok
22:31:09.0566 4680	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:31:09.0631 4680	hcw85cir - ok
22:31:09.0697 4680	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:31:09.0740 4680	HdAudAddService - ok
22:31:09.0763 4680	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:31:09.0798 4680	HDAudBus - ok
22:31:09.0819 4680	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:09.0852 4680	HidBatt - ok
22:31:09.0872 4680	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:31:09.0915 4680	HidBth - ok
22:31:09.0934 4680	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:31:09.0980 4680	HidIr - ok
22:31:10.0018 4680	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:31:10.0044 4680	HidUsb - ok
22:31:10.0073 4680	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:31:10.0097 4680	HpSAMD - ok
22:31:10.0153 4680	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:31:10.0253 4680	HTTP - ok
22:31:10.0291 4680	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:31:10.0299 4680	hwpolicy - ok
22:31:10.0322 4680	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:31:10.0337 4680	i8042prt - ok
22:31:10.0361 4680	iaStor          (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
22:31:10.0374 4680	iaStor - ok
22:31:10.0396 4680	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:31:10.0421 4680	iaStorV - ok
22:31:10.0448 4680	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:31:10.0464 4680	iirsp - ok
22:31:10.0541 4680	IntcAzAudAddService (163f94ebf8f8a98616a6b804af08d736) C:\Windows\system32\drivers\RTKVHD64.sys
22:31:10.0603 4680	IntcAzAudAddService - ok
22:31:10.0634 4680	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:31:10.0634 4680	intelide - ok
22:31:10.0673 4680	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:31:10.0700 4680	intelppm - ok
22:31:10.0736 4680	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:10.0801 4680	IpFilterDriver - ok
22:31:10.0812 4680	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:31:10.0829 4680	IPMIDRV - ok
22:31:10.0852 4680	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:31:10.0897 4680	IPNAT - ok
22:31:10.0917 4680	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:31:10.0933 4680	IRENUM - ok
22:31:10.0955 4680	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:31:10.0964 4680	isapnp - ok
22:31:10.0973 4680	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:31:10.0989 4680	iScsiPrt - ok
22:31:11.0016 4680	JRAID           (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
22:31:11.0026 4680	JRAID - ok
22:31:11.0047 4680	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:31:11.0057 4680	kbdclass - ok
22:31:11.0135 4680	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:31:11.0156 4680	kbdhid - ok
22:31:11.0175 4680	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:31:11.0191 4680	KSecDD - ok
22:31:11.0227 4680	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:31:11.0245 4680	KSecPkg - ok
22:31:11.0261 4680	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:31:11.0303 4680	ksthunk - ok
22:31:11.0337 4680	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:31:11.0398 4680	lltdio - ok
22:31:11.0423 4680	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:11.0436 4680	LSI_FC - ok
22:31:11.0455 4680	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:11.0467 4680	LSI_SAS - ok
22:31:11.0490 4680	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:11.0501 4680	LSI_SAS2 - ok
22:31:11.0518 4680	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:11.0530 4680	LSI_SCSI - ok
22:31:11.0545 4680	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:31:11.0592 4680	luafv - ok
22:31:11.0617 4680	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:31:11.0627 4680	megasas - ok
22:31:11.0653 4680	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:31:11.0669 4680	MegaSR - ok
22:31:11.0685 4680	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:31:11.0732 4680	Modem - ok
22:31:11.0763 4680	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:31:11.0794 4680	monitor - ok
22:31:11.0825 4680	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:31:11.0841 4680	mouclass - ok
22:31:11.0857 4680	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:31:11.0872 4680	mouhid - ok
22:31:11.0903 4680	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:31:11.0919 4680	mountmgr - ok
22:31:11.0950 4680	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:31:11.0981 4680	mpio - ok
22:31:12.0099 4680	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:31:12.0153 4680	mpsdrv - ok
22:31:12.0192 4680	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:31:12.0269 4680	MRxDAV - ok
22:31:12.0307 4680	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:31:12.0331 4680	mrxsmb - ok
22:31:12.0360 4680	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:31:12.0388 4680	mrxsmb10 - ok
22:31:12.0406 4680	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:31:12.0428 4680	mrxsmb20 - ok
22:31:12.0449 4680	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:31:12.0464 4680	msahci - ok
22:31:12.0493 4680	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:31:12.0514 4680	msdsm - ok
22:31:12.0531 4680	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:31:12.0571 4680	Msfs - ok
22:31:12.0593 4680	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:31:12.0638 4680	mshidkmdf - ok
22:31:12.0658 4680	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:31:12.0669 4680	msisadrv - ok
22:31:12.0688 4680	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:31:12.0723 4680	MSKSSRV - ok
22:31:12.0737 4680	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:31:12.0764 4680	MSPCLOCK - ok
22:31:12.0773 4680	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:31:12.0806 4680	MSPQM - ok
22:31:12.0851 4680	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:31:12.0870 4680	MsRPC - ok
22:31:12.0897 4680	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:31:12.0906 4680	mssmbios - ok
22:31:12.0928 4680	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:31:12.0966 4680	MSTEE - ok
22:31:12.0984 4680	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:31:13.0002 4680	MTConfig - ok
22:31:13.0030 4680	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:31:13.0045 4680	Mup - ok
22:31:13.0086 4680	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:31:13.0127 4680	NativeWifiP - ok
22:31:13.0166 4680	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:31:13.0191 4680	NDIS - ok
22:31:13.0208 4680	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:31:13.0239 4680	NdisCap - ok
22:31:13.0261 4680	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:31:13.0287 4680	NdisTapi - ok
22:31:13.0318 4680	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:31:13.0346 4680	Ndisuio - ok
22:31:13.0383 4680	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:31:13.0432 4680	NdisWan - ok
22:31:13.0460 4680	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:31:13.0525 4680	NDProxy - ok
22:31:13.0570 4680	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:31:13.0626 4680	NetBIOS - ok
22:31:13.0655 4680	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:31:13.0690 4680	NetBT - ok
22:31:13.0718 4680	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:31:13.0729 4680	nfrd960 - ok
22:31:13.0755 4680	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:31:13.0802 4680	Npfs - ok
22:31:13.0834 4680	NPPTNT2 - ok
22:31:13.0855 4680	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:31:13.0915 4680	nsiproxy - ok
22:31:13.0964 4680	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:31:14.0023 4680	Ntfs - ok
22:31:14.0033 4680	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:31:14.0068 4680	Null - ok
22:31:14.0095 4680	nusb3hub        (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:31:14.0108 4680	nusb3hub - ok
22:31:14.0137 4680	nusb3xhc        (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:31:14.0151 4680	nusb3xhc - ok
22:31:14.0181 4680	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
22:31:14.0194 4680	NVHDA - ok
22:31:14.0413 4680	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:31:14.0537 4680	nvlddmkm - ok
22:31:14.0569 4680	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:31:14.0584 4680	nvraid - ok
22:31:14.0620 4680	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:31:14.0633 4680	nvstor - ok
22:31:14.0693 4680	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:31:14.0718 4680	nv_agp - ok
22:31:14.0757 4680	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:31:14.0792 4680	ohci1394 - ok
22:31:14.0831 4680	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:31:14.0853 4680	Parport - ok
22:31:14.0876 4680	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:31:14.0895 4680	partmgr - ok
22:31:14.0922 4680	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:31:14.0946 4680	pci - ok
22:31:14.0970 4680	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:31:14.0985 4680	pciide - ok
22:31:15.0087 4680	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:31:15.0118 4680	pcmcia - ok
22:31:15.0139 4680	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:31:15.0160 4680	pcw - ok
22:31:15.0192 4680	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:31:15.0267 4680	PEAUTH - ok
22:31:15.0363 4680	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:31:15.0433 4680	PptpMiniport - ok
22:31:15.0457 4680	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:31:15.0493 4680	Processor - ok
22:31:15.0539 4680	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:31:15.0599 4680	Psched - ok
22:31:15.0640 4680	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:31:15.0702 4680	ql2300 - ok
22:31:15.0718 4680	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:31:15.0733 4680	ql40xx - ok
22:31:15.0769 4680	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:31:15.0797 4680	QWAVEdrv - ok
22:31:15.0824 4680	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:31:15.0877 4680	RasAcd - ok
22:31:15.0917 4680	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:31:15.0966 4680	RasAgileVpn - ok
22:31:15.0999 4680	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:31:16.0037 4680	Rasl2tp - ok
22:31:16.0056 4680	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:31:16.0085 4680	RasPppoe - ok
22:31:16.0101 4680	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:31:16.0130 4680	RasSstp - ok
22:31:16.0166 4680	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:31:16.0207 4680	rdbss - ok
22:31:16.0219 4680	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:31:16.0234 4680	rdpbus - ok
22:31:16.0261 4680	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:31:16.0287 4680	RDPCDD - ok
22:31:16.0323 4680	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:31:16.0364 4680	RDPDR - ok
22:31:16.0388 4680	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:31:16.0444 4680	RDPENCDD - ok
22:31:16.0464 4680	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:31:16.0489 4680	RDPREFMP - ok
22:31:16.0525 4680	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:31:16.0548 4680	RdpVideoMiniport - ok
22:31:16.0588 4680	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:31:16.0645 4680	RDPWD - ok
22:31:16.0674 4680	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:31:16.0693 4680	rdyboost - ok
22:31:16.0718 4680	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:31:16.0765 4680	rspndr - ok
22:31:16.0813 4680	RTL8167         (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:31:16.0833 4680	RTL8167 - ok
22:31:16.0885 4680	RTL8187         (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
22:31:16.0932 4680	RTL8187 - ok
22:31:16.0960 4680	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:31:17.0010 4680	s3cap - ok
22:31:17.0056 4680	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:31:17.0082 4680	sbp2port - ok
22:31:17.0128 4680	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:31:17.0185 4680	scfilter - ok
22:31:17.0212 4680	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:31:17.0257 4680	secdrv - ok
22:31:17.0280 4680	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:31:17.0306 4680	Serenum - ok
22:31:17.0326 4680	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:31:17.0353 4680	Serial - ok
22:31:17.0397 4680	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:31:17.0441 4680	sermouse - ok
22:31:17.0480 4680	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:31:17.0510 4680	sffdisk - ok
22:31:17.0531 4680	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:31:17.0563 4680	sffp_mmc - ok
22:31:17.0573 4680	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:31:17.0599 4680	sffp_sd - ok
22:31:17.0622 4680	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:31:17.0661 4680	sfloppy - ok
22:31:17.0707 4680	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:31:17.0723 4680	SiSRaid2 - ok
22:31:17.0745 4680	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:31:17.0762 4680	SiSRaid4 - ok
22:31:17.0796 4680	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:31:17.0839 4680	Smb - ok
22:31:17.0852 4680	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:31:17.0861 4680	spldr - ok
22:31:17.0908 4680	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:31:17.0945 4680	srv - ok
22:31:17.0969 4680	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:31:18.0004 4680	srv2 - ok
22:31:18.0030 4680	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:31:18.0060 4680	srvnet - ok
22:31:18.0117 4680	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:31:18.0132 4680	stexstor - ok
22:31:18.0164 4680	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:31:18.0180 4680	storflt - ok
22:31:18.0195 4680	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:31:18.0211 4680	storvsc - ok
22:31:18.0211 4680	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:31:18.0227 4680	swenum - ok
22:31:18.0258 4680	Synth3dVsc - ok
22:31:18.0273 4680	TBPanel - ok
22:31:18.0352 4680	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:31:18.0445 4680	Tcpip - ok
22:31:18.0477 4680	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:31:18.0500 4680	TCPIP6 - ok
22:31:18.0530 4680	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:31:18.0594 4680	tcpipreg - ok
22:31:18.0619 4680	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:31:18.0692 4680	TDPIPE - ok
22:31:18.0702 4680	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:31:18.0771 4680	TDTCP - ok
22:31:18.0804 4680	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:31:18.0831 4680	tdx - ok
22:31:18.0852 4680	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:31:18.0863 4680	TermDD - ok
22:31:18.0897 4680	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:31:18.0955 4680	tssecsrv - ok
22:31:18.0987 4680	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:31:19.0013 4680	TsUsbFlt - ok
22:31:19.0021 4680	tsusbhub - ok
22:31:19.0048 4680	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:31:19.0087 4680	tunnel - ok
22:31:19.0097 4680	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:31:19.0108 4680	uagp35 - ok
22:31:19.0143 4680	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:31:19.0189 4680	udfs - ok
22:31:19.0213 4680	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:31:19.0225 4680	uliagpkx - ok
22:31:19.0242 4680	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:31:19.0255 4680	umbus - ok
22:31:19.0273 4680	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:31:19.0293 4680	UmPass - ok
22:31:19.0328 4680	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:31:19.0359 4680	USBAAPL64 - ok
22:31:19.0375 4680	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:31:19.0390 4680	usbccgp - ok
22:31:19.0437 4680	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:31:19.0484 4680	usbcir - ok
22:31:19.0499 4680	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:31:19.0546 4680	usbehci - ok
22:31:19.0562 4680	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:31:19.0593 4680	usbhub - ok
22:31:19.0609 4680	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:31:19.0624 4680	usbohci - ok
22:31:19.0671 4680	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:31:19.0687 4680	usbprint - ok
22:31:19.0727 4680	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:31:19.0766 4680	usbscan - ok
22:31:19.0795 4680	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:31:19.0834 4680	USBSTOR - ok
22:31:19.0851 4680	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:31:19.0873 4680	usbuhci - ok
22:31:19.0896 4680	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:31:19.0915 4680	vdrvroot - ok
22:31:19.0937 4680	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:31:19.0963 4680	vga - ok
22:31:19.0979 4680	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:31:20.0013 4680	VgaSave - ok
22:31:20.0021 4680	VGPU - ok
22:31:20.0054 4680	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:31:20.0084 4680	vhdmp - ok
22:31:20.0220 4680	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:31:20.0240 4680	viaide - ok
22:31:20.0267 4680	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:31:20.0299 4680	vmbus - ok
22:31:20.0321 4680	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:31:20.0345 4680	VMBusHID - ok
22:31:20.0372 4680	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:31:20.0387 4680	volmgr - ok
22:31:20.0424 4680	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:31:20.0458 4680	volmgrx - ok
22:31:20.0478 4680	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:31:20.0501 4680	volsnap - ok
22:31:20.0537 4680	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:31:20.0564 4680	vsmraid - ok
22:31:20.0591 4680	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:31:20.0624 4680	vwifibus - ok
22:31:20.0647 4680	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:31:20.0671 4680	vwififlt - ok
22:31:20.0692 4680	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:31:20.0710 4680	WacomPen - ok
22:31:20.0742 4680	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:20.0773 4680	WANARP - ok
22:31:20.0789 4680	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:31:20.0804 4680	Wanarpv6 - ok
22:31:20.0836 4680	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:31:20.0851 4680	Wd - ok
22:31:20.0882 4680	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:31:20.0906 4680	Wdf01000 - ok
22:31:20.0943 4680	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:31:20.0969 4680	WfpLwf - ok
22:31:20.0979 4680	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:31:20.0989 4680	WIMMount - ok
22:31:21.0023 4680	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:31:21.0057 4680	WinUsb - ok
22:31:21.0098 4680	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:31:21.0115 4680	WmiAcpi - ok
22:31:21.0140 4680	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:31:21.0193 4680	ws2ifsl - ok
22:31:21.0240 4680	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:31:21.0301 4680	WudfPf - ok
22:31:21.0354 4680	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:31:21.0414 4680	WUDFRd - ok
22:31:21.0442 4680	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:31:21.0557 4680	\Device\Harddisk0\DR0 - ok
22:31:21.0561 4680	Boot (0x1200)   (111b889059f59baf2a027ab8e8a9aeb0) \Device\Harddisk0\DR0\Partition0
22:31:21.0563 4680	\Device\Harddisk0\DR0\Partition0 - ok
22:31:21.0606 4680	Boot (0x1200)   (178ed5e6bcd287522d36e7062ee7a2cb) \Device\Harddisk0\DR0\Partition1
22:31:21.0608 4680	\Device\Harddisk0\DR0\Partition1 - ok
22:31:21.0633 4680	Boot (0x1200)   (a1c62e14465ae65a96c7356efa71d9c7) \Device\Harddisk0\DR0\Partition2
22:31:21.0635 4680	\Device\Harddisk0\DR0\Partition2 - ok
22:31:21.0635 4680	============================================================
22:31:21.0635 4680	Scan finished
22:31:21.0636 4680	============================================================
22:31:21.0648 1664	Detected object count: 0
22:31:21.0648 1664	Actual detected object count: 0
         

Alt 22.12.2011, 07:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizeivirus - Standard

Bundespolizeivirus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Bundespolizeivirus
anti-malware, antivir, appdata, code, dateien, defender, dll, exploit.drop.2, explorer, google, löschen, malwarebytes, microsoft, namen, rechner, registry, roaming, rundll, rundll32.exe, searchscopes, setup, software, temp, trojan.agent.ge, trojan.vundo, viren, virusscan, windows



Ähnliche Themen: Bundespolizeivirus


  1. Bundespolizeivirus auf Windows XP - Fix benötigt
    Log-Analyse und Auswertung - 27.12.2017 (11)
  2. Bundespolizeivirus otlpe log
    Log-Analyse und Auswertung - 03.06.2014 (9)
  3. Bundespolizeivirus geht nicht weg
    Log-Analyse und Auswertung - 01.01.2014 (23)
  4. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 14.10.2013 (1)
  5. Bundespolizeivirus hat Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (1)
  6. Bundespolizeivirus, Ukash
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (27)
  7. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (2)
  8. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (1)
  9. Bundespolizeivirus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (9)
  10. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  11. Bundespolizeivirus .. zahle 100€
    Log-Analyse und Auswertung - 25.03.2012 (1)
  12. Neuer Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (5)
  13. Neuer Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (17)
  14. Bundespolizeivirus (Win 7)
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (32)
  15. Befall mit Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (18)
  16. Bundespolizeivirus
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (3)
  17. bundespolizeivirus logs
    Log-Analyse und Auswertung - 15.08.2011 (3)

Zum Thema Bundespolizeivirus - Hallo, Ich hab mir vor ein paar Stunden das bekannte Bundespolizeivirus eingefangen und hab Windows sofort im abgesicherten Modus gestartet um einen Virusscan via Antivir durchzuführen. Dieser hat 9 Viren - Bundespolizeivirus...
Archiv
Du betrachtest: Bundespolizeivirus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.