Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.09.2012, 14:48   #1
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Hallo liebe Leute.

Ich habe folgendes Problem. Ich nutze Windows 7 64 bit, Avast free Antivirus und die Comodo Firewall in der neuesten Version. Vom 03.09 bis zum 24.09 war ich im Urlaub. Als ich den Computer nach dem Urlaub eingeschaltet habe, wurde erstmal ein neues Netzwerk gefunden. Mir wurden mehrere Optionen geboten (zu Hause, Im Internetcafe, Flughafen). Ich wählte "Zu Hause".

Später fiel mir auf, daß das Wartungscenter mir anzeigte, dass Avast deaktiviert ist. Nämlich die Visthaux.exe Datei, um genau zu sein. Somit konnte ich keine Virendefinitionen mehr herunterladen und auch nicht das Programm updaten. Da hatte ich bereits einen Trojaner/Virus im Verdacht. Ich machte einen Check mit MBRCheck, aber der zeigte mir Standard-Windows 7 Code an. Sämtliche Versuche, die Visthaux.exe Datei im Wartungscenter zu aktivieren, brachten nix. Die Eingabe wurde einfach ignoriert.

Schlau, wie ich bin, hatte ich mit Acronis True Image Home (Western Digital Edition) ein Image meiner C Partition auf D gespeichert. Als ich die Recovery starten wollte kam die nächste Überraschung. Der erste Sektor meiner Festplatte konnte nicht gelesen werden. Ich wählte "ignorieren" und das Image wurde neu aufgespielt. Nach einem Reboot war Visthaux.exe immer noch deaktiviert.

Ich dachte, wenn es komplex ist, dann denke simpel. Also habe ich den Windows Scripting Host mit Hilfe von xp-antispy ausgeschaltet. Nach einem Reboot lief Avast auf einmal wieder. Ich habe den Verdacht, dass da ein VBScript im Hintergrund lief. Das hat erstmal dafür gesorgt, daß ich Avast wieder benutzen kann, der Übeltäter ist aber immer noch auf meinem System und ich weiß nicht, was der sonst noch so kann.

Ich glaube, daß jemand in meiner Wohnung war und den Schädling aufgespielt hat. Jemand, der Informationen sucht. Es geht da um eine Scheidung mit Rechtsstreitigkeiten. Leider habe ich hier ein kleines Büchlein liegen mit sämtlichen Passwörtern. Ich hätte ja nie gedacht, daß die mal jemand zu sehen bekommt. Das ist jedoch nur eine Vermutung - der Trojaner kann auch anders auf mein System gekommen sein.

Ich glaube, daß der Trojaner eine Maßanfertigung ist. Daher wird er auch von meinem Scanner nicht erkannt.

Was soll ich jetzt machen? Avast habe ich bereits kontaktiert, aber vor Montag wird das wohl nichts. Außerdem habe ich den Verdacht, daß meine Kommunikation jedweder Art kontrolliert wird. Daher weiß ich nicht, ob ich überhaupt eine Antwort-Mail erhalten werde.

Am Rande: Die Personen, welche mit der Scheidung zu tun haben, wurden auch gehackt (Symbian Handy, Unix System und Linux). Ich gehe also nicht davon aus, daß ich mir "zufällig" was eingefangen habe.

Über Hilfe jeder Art wäre ich sehr dankbar.

subvision

edit: Welche Logs werden gebraucht? Ich mache, was ich kann.

OTL Logs

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.09.2012 16:37:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,89% Memory free
7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,91 Gb Total Space | 22,85 Gb Free Space | 45,78% Space Free | Partition Type: NTFS
Drive D: | 415,75 Gb Total Space | 271,35 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
 
Computer Name: X4 | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.30 16:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
PRC - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.08.23 10:17:30 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe
PRC - [2012.08.23 10:17:30 | 000,874,192 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe
PRC - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.30 13:11:55 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.28 18:43:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.28 14:19:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.09.28 13:54:28 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C E6 90 83 6F 9D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.0
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: d:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.28 14:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.28 13:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.28 14:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.28 14:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.09.28 13:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2012.09.28 14:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\bensm4a1.default\extensions
[2012.09.28 14:26:28 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\bensm4a1.default\extensions\firefox@ghostery.com
[2012.09.28 14:26:24 | 000,213,554 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.09.28 14:26:28 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\stealthyextension@gmail.com.xpi
[2012.09.28 14:26:28 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.09.28 14:13:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.28 14:16:24 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2012.09.29 20:47:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast] d:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D00864E-26A5-474A-A715-EE62AAFC2273}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.30 16:35:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2012.09.30 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Macromedia
[2012.09.30 13:11:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.09.30 13:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.09.30 13:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.09.29 20:47:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.09.29 20:39:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.29 20:39:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.29 20:39:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.29 20:34:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.09.29 20:34:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.29 19:16:49 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Canneverbe Limited
[2012.09.29 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.09.29 13:44:56 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.29 13:44:55 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.29 13:44:53 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.09.29 13:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.09.29 13:44:42 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\TuneUp Software
[2012.09.29 13:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.09.29 13:43:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.29 13:43:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.29 12:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.09.29 12:42:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.09.29 12:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.29 12:26:58 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.09.29 12:26:24 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.09.28 23:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.09.28 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Nexus Mod Manager
[2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Network Monitor 3
[2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Received Files
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Games
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Drivers
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Curse
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Meine empfangenen Dateien
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\LogiShrd
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\GTA San Andreas User Files
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Games for Windows - LIVE Demos
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ForceField Shared Files
[2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ArmA 2 Other Profiles
[2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Youcam
[2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\The Lord of the Rings Online
[2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ArmA 2
[2012.09.28 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\STALKER-SHOC
[2012.09.28 18:45:13 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\S.T.A.L.K.E.R. - Call Of Pripyat
[2012.09.28 18:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.09.28 18:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.09.28 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Skype
[2012.09.28 18:31:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.28 18:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.28 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.28 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.09.28 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Logishrd
[2012.09.28 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.09.28 18:07:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2012.09.28 18:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.09.28 18:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.09.28 18:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.09.28 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012.09.28 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Logitech
[2012.09.28 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Logishrd
[2012.09.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Macromedia
[2012.09.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Adobe
[2012.09.28 17:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
[2012.09.28 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\FastStone
[2012.09.28 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.09.28 16:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
[2012.09.28 14:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.09.28 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2012.09.28 14:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.09.28 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Winamp
[2012.09.28 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2012.09.28 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012.09.28 14:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.09.28 14:46:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.09.28 14:39:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.09.28 14:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.09.28 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Thunderbird
[2012.09.28 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Thunderbird
[2012.09.28 14:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012.09.28 14:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.09.28 14:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.09.28 14:16:58 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.09.28 14:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.28 14:16:57 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.09.28 14:16:55 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.09.28 14:16:55 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.09.28 14:16:54 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.09.28 14:16:51 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.09.28 14:16:51 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.09.28 14:16:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.09.28 14:16:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.28 14:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.28 14:09:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\AMD
[2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\ATI
[2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\ATI
[2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.09.28 14:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.09.28 14:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.09.28 14:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.09.28 14:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.09.28 14:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.09.28 14:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.09.28 14:06:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.09.28 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.09.28 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.09.28 14:05:17 | 000,000,000 | ---D | C] -- C:\AMD
[2012.09.28 13:59:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Mozilla
[2012.09.28 13:59:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Mozilla
[2012.09.28 13:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.09.28 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.28 13:54:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2012.09.28 13:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2012.09.28 13:54:44 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.09.28 13:54:44 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.09.28 13:54:43 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2012.09.28 13:54:43 | 001,908,736 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2012.09.28 13:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012.09.28 13:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2012.09.28 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012.09.28 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012.09.28 13:54:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.09.28 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.09.28 13:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012.09.28 13:52:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2012.09.28 13:52:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DATA
[2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\Searches
[2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.09.28 13:47:41 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Identities
[2012.09.28 13:47:39 | 000,000,000 | R--D | C] -- C:\Users\Micha\Contacts
[2012.09.28 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\VirtualStore
[2012.09.28 13:47:32 | 000,000,000 | --SD | C] -- C:\Users\Micha\AppData\Roaming\Microsoft
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Videos
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Saved Games
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Pictures
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Music
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Links
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Favorites
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Downloads
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Documents
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Desktop
[2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Vorlagen
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Verlauf
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Temporary Internet Files
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Startmenü
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\SendTo
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Recent
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Netzwerkumgebung
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Lokale Einstellungen
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Videos
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Musik
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Eigene Dateien
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Bilder
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Druckumgebung
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Cookies
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Anwendungsdaten
[2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Anwendungsdaten
[2012.09.28 13:47:32 | 000,000,000 | -H-D | C] -- C:\Users\Micha\AppData
[2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Temp
[2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Microsoft
[2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Media Center Programs
[2012.09.28 13:47:21 | 000,000,000 | ---D | C] -- C:\Recovery
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.09.28 13:47:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.09.28 13:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.09.28 13:40:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.30 16:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe
[2012.09.30 15:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.30 15:24:20 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 15:24:20 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.30 15:23:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.30 15:23:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.30 15:23:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.30 15:23:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.30 15:23:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.30 15:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.30 15:16:41 | 3219,738,624 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.29 20:47:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.29 19:35:50 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.29 13:44:50 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.28 22:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.28 22:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.09.28 18:42:12 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.28 14:55:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.09.28 14:48:36 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.09.28 14:16:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.09.28 14:08:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.09.28 13:54:44 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.09.28 13:54:44 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.09.28 13:52:29 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.09.28 13:43:12 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.09.28 13:43:12 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.09.19 11:29:46 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.19 11:29:40 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2012.09.30 13:11:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.29 20:39:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.29 20:39:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.29 20:39:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.29 20:39:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.29 20:39:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.29 19:16:41 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.09.29 13:44:50 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.09.29 13:44:50 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.29 12:28:09 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.09.29 12:25:53 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.09.29 12:25:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.09.29 12:25:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.09.29 12:25:08 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.09.28 22:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.09.28 22:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.09.28 18:45:16 | 000,148,124 | ---- | C] () -- C:\Users\Micha\Documents\Spiele.7z
[2012.09.28 18:45:16 | 000,007,016 | ---- | C] () -- C:\Users\Micha\Documents\stalke~1.ltx
[2012.09.28 18:42:12 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.09.28 16:57:30 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.09.28 14:55:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.09.28 14:48:36 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012.09.28 14:37:41 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.09.28 14:16:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.09.28 14:08:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 13:59:48 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.28 13:55:16 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2012.09.28 13:52:29 | 000,214,528 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012.09.28 13:52:29 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.09.28 13:52:29 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012.09.28 13:52:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.09.28 13:52:29 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012.09.28 13:48:54 | 000,001,405 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.09.28 13:48:49 | 000,001,439 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.09.28 13:43:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.09.28 13:43:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.09.28 13:40:15 | 3219,738,624 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.29 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Canneverbe Limited
[2012.09.28 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech
[2012.09.28 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thunderbird
[2012.09.29 13:44:42 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.09.2012 16:37:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Micha\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,89% Memory free
7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,91 Gb Total Space | 22,85 Gb Free Space | 45,78% Space Free | Partition Type: NTFS
Drive D: | 415,75 Gb Total Space | 271,35 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
 
Computer Name: X4 | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "d:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "d:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4810C109-80D8-4E37-AA9F-5C66B60C7F9E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4AD636A3-B1E6-4148-8399-0170D8CBBACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{570DC54A-1FBC-44F7-8414-6072FF5F0F8B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{574AEA13-709C-4211-AD28-6A5A7E3BB341}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6CE8704B-3211-4C70-887D-B9CEF08992BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F49495F-4D67-457E-9E38-58D5A0637D59}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7976E497-245A-4F1C-9677-11CAC9466A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{83B9CAFB-69D0-4F95-972A-9001D39A9434}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8470297F-3376-4224-8727-0D978BAF4CE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88976B1E-79C6-42E4-AF0D-1E42E6226170}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9ABA5117-7CB4-431C-99C2-D531B39A22F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4B4993B-559C-47D4-9558-FA3543E38D0C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B56EF66B-A1C6-4EFE-95DF-D99E52766ED8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7181ACC-C4D5-4512-AAF3-B2CAE8AB7190}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BAA119F3-441C-4C55-988A-27AEA27A9900}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C2A4D13A-961E-4BFB-9AE3-6B6E190F1376}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC9E314B-95DC-40B7-9942-214414DE0C1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7F8C559-0DFD-49B6-9416-0C102797FE9B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E5A21E87-89BD-49CC-8454-2B33C59220FD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EEB6A9BB-A7DD-4821-A010-9FE92B58FD90}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F92A4524-02D8-460E-BCE2-C846E112E68D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E7F6679-510D-42F2-88CC-7A9C65A86751}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2CCABDB8-759B-4713-9E07-97839453F8A8}" = protocol=6 | dir=out | app=system | 
"{471575DE-E82A-4121-8B9A-04371AD35BB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{549295BD-B95E-4E30-97C2-626203387B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{55384AE6-C304-4442-B979-B753A4C52D66}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{57565851-D5B5-446A-97C5-07B334F0DDA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{690F4192-D01A-4F37-BDDD-7036766F3A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76EE8F32-E271-46B3-B54C-5A60A795353E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B222F82-E2BD-44D6-A7D8-D807F503F45B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AD9E1445-4E34-4E02-824B-BB389CB9F4E0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | 
"{C7BD812F-76C2-4CD8-AEF6-8D163282BF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC0788E7-C70D-4ED1-9D48-AD1A53362A49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DE5392CB-F939-4182-9CBA-3FD663E2C455}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E39B3A45-4C07-48D1-9769-8D7E093C8A41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3BFCA2C-CA17-44B7-85BE-5D86CA526A20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4026AA7-03A1-446D-82BE-EF18B8612121}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EF77F35D-C983-4399-9F22-7866E80DFC54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2A46565-3D03-4FFC-8614-269514F5083F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC6E344C-38E4-466C-8CA5-3800385B3CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FLV Player" = FLV Player 2.0 (build 25)
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.09.2012 17:06:40 | Computer Name = X4 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version: 
7.0.14563.0, Zeitstempel: 0x5040c2cd  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x742f6a34
ID
 des fehlerhaften Prozesses: 0x744  Startzeit der fehlerhaften Anwendung: 0x01cd9dbcd0297eb9
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 6538cdd5-09b0-11e2-bb78-00e04c53cc0c
 
Error - 29.09.2012 07:12:53 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:13:00 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:13:05 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:13:05 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:13:06 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:14:02 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:14:11 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 29.09.2012 07:20:42 | Computer Name = X4 | Source = ESENT | ID = 215
Description = WinMail (3312) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 29.09.2012 07:20:49 | Computer Name = X4 | Source = ESENT | ID = 215
Description = WinMail (3548) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
[ System Events ]
Error - 30.09.2012 05:04:57 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.09.2012 05:05:35 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   CFRMD
 
Error - 30.09.2012 05:07:40 | Computer Name = X4 | Source = WMPNetworkSvc | ID = 866287
Description = 
 
Error - 30.09.2012 09:14:57 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.09.2012 09:15:35 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   CFRMD
 
Error - 30.09.2012 09:15:38 | Computer Name = X4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1115
 
Error - 30.09.2012 09:15:38 | Computer Name = X4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%13
 
Error - 30.09.2012 09:16:40 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 30.09.2012 09:17:16 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   CFRMD
 
Error - 30.09.2012 09:19:18 | Computer Name = X4 | Source = WMPNetworkSvc | ID = 866287
Description = 
 
 
< End of report >
         
--- --- ---

Oh, hatte ich vergessen, zu erwähnen. WLan hab ich ausgestellt.

Die Kaspersky Rescue CD 10 kann nicht gebootet werden. Vielleicht hilft das ja jemandem weiter, mir zu helfen.

Habe 2 Kopien vom ISO-Image gemacht und beide laufen nicht. Was habe ich mir da bloß eingefangen?

Geändert von subvision (30.09.2012 um 15:11 Uhr)

Alt 02.10.2012, 06:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Hi,


Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 02.10.2012, 12:49   #3
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Ich habe definitiv einen Trojaner auf dem System. Gestern hatte ich einen Bluescreen mit der Meldung "System files have been changed" oder so ähnlich. Bei meinem Glück befindet sich der Trojaner im BIOS und/oder in der Firmware meiner Geräte. Darum bootet die Kasperski Rescue Disk 10 auch nicht.

Zu aswmbr.exe: Ich wurde nicht gefragt, ob ich mit neuen Definitionen arbeiten will. Es kam einfach keine Meldung. Das ist das Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 13:41:53
-----------------------------
13:41:53.515    OS Version: Windows x64 6.1.7601 Service Pack 1
13:41:53.515    Number of processors: 4 586 0x503
13:41:53.515    ComputerName: X4  UserName: Micha
13:41:53.936    Initialize success
13:41:53.998    AVAST engine defs: 12100200
13:42:30.019    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:42:30.019    Disk 0 Vendor: WDC_WD5000AAKS-00WWPA0 01.03B01 Size: 476940MB BusType: 3
13:42:30.034    Disk 0 MBR read successfully
13:42:30.034    Disk 0 MBR scan
13:42:30.050    Disk 0 Windows 7 default MBR code
13:42:30.050    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:42:30.066    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        51106 MB offset 206848
13:42:30.066    Disk 0 Partition - 00     05     Extended            425730 MB offset 104872320
13:42:30.081    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       425730 MB offset 104872383
13:42:30.097    Disk 0 scanning C:\Windows\system32\drivers
13:42:35.416    Service scanning
13:42:46.945    Modules scanning
13:42:46.960    Disk 0 trace - called modules:
13:42:46.976    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
13:42:47.007    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a13060]
13:42:47.023    3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004795520]
13:42:47.023    5 ACPI.sys[fffff88000f897a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800479b060]
13:42:47.335    AVAST engine scan C:\Windows
13:42:48.692    AVAST engine scan C:\Windows\system32
13:44:08.502    AVAST engine scan C:\Windows\system32\drivers
13:44:14.367    AVAST engine scan C:\Users\Micha
13:44:49.779    AVAST engine scan C:\ProgramData
13:45:01.994    Scan finished successfully
13:45:14.396    Disk 0 MBR has been saved successfully to "C:\Users\Micha\Desktop\MBR.dat"
13:45:14.427    The log file has been saved successfully to "C:\Users\Micha\Desktop\aswMBR.txt"
         
edit: Ich habe Windows neu aufgesetzt und die 100mb Partition sowie die c Partition gekillt und neu erstellt. Und der erste Sektor der Partition C wurde sofort verseucht. Das is wohl ein etwas schwieriger Fall. Versuche ich, ein Image von c zurückzurufen, sagt mir Acronis True Image Home, daß der erste Sektor nicht gelesen werden kann.
__________________

Alt 02.10.2012, 12:54   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Hi,

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 12:58   #5
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Code:
ATTFilter
13:55:49.0588 4016  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:55:50.0711 4016  ============================================================
13:55:50.0711 4016  Current date / time: 2012/10/02 13:55:50.0711
13:55:50.0711 4016  SystemInfo:
13:55:50.0711 4016  
13:55:50.0711 4016  OS Version: 6.1.7601 ServicePack: 1.0
13:55:50.0711 4016  Product type: Workstation
13:55:50.0711 4016  ComputerName: X4
13:55:50.0727 4016  UserName: Micha
13:55:50.0727 4016  Windows directory: C:\Windows
13:55:50.0727 4016  System windows directory: C:\Windows
13:55:50.0727 4016  Running under WOW64
13:55:50.0727 4016  Processor architecture: Intel x64
13:55:50.0727 4016  Number of processors: 4
13:55:50.0727 4016  Page size: 0x1000
13:55:50.0727 4016  Boot type: Normal boot
13:55:50.0727 4016  ============================================================
13:55:51.0554 4016  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:51.0569 4016  ============================================================
13:55:51.0569 4016  \Device\Harddisk0\DR0:
13:55:51.0569 4016  MBR partitions:
13:55:51.0569 4016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:55:51.0569 4016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
13:55:51.0569 4016  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
13:55:51.0569 4016  ============================================================
13:55:51.0601 4016  C: <-> \Device\Harddisk0\DR0\Partition2
13:55:51.0616 4016  D: <-> \Device\Harddisk0\DR0\Partition3
13:55:51.0616 4016  ============================================================
13:55:51.0616 4016  Initialize success
13:55:51.0616 4016  ============================================================
13:55:54.0377 1508  ============================================================
13:55:54.0377 1508  Scan started
13:55:54.0377 1508  Mode: Manual; 
13:55:54.0377 1508  ============================================================
13:55:54.0877 1508  ================ Scan system memory ========================
13:55:54.0877 1508  System memory - ok
13:55:54.0877 1508  ================ Scan services =============================
13:55:55.0017 1508  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:55:55.0033 1508  1394ohci - ok
13:55:55.0064 1508  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:55:55.0064 1508  ACPI - ok
13:55:55.0095 1508  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:55:55.0095 1508  AcpiPmi - ok
13:55:55.0189 1508  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:55.0204 1508  AdobeFlashPlayerUpdateSvc - ok
13:55:55.0235 1508  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:55:55.0235 1508  adp94xx - ok
13:55:55.0267 1508  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:55:55.0267 1508  adpahci - ok
13:55:55.0282 1508  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:55:55.0282 1508  adpu320 - ok
13:55:55.0298 1508  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:55:55.0298 1508  AeLookupSvc - ok
13:55:55.0329 1508  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
13:55:55.0345 1508  AFD - ok
13:55:55.0360 1508  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:55:55.0360 1508  agp440 - ok
13:55:55.0376 1508  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
13:55:55.0376 1508  ALG - ok
13:55:55.0391 1508  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:55:55.0391 1508  aliide - ok
13:55:55.0438 1508  [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:55:55.0438 1508  AMD External Events Utility - ok
13:55:55.0501 1508  AMD FUEL Service - ok
13:55:55.0516 1508  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
13:55:55.0516 1508  amdide - ok
13:55:55.0532 1508  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
13:55:55.0532 1508  amdiox64 - ok
13:55:55.0563 1508  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:55:55.0563 1508  AmdK8 - ok
13:55:55.0735 1508  [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:55:55.0922 1508  amdkmdag - ok
13:55:55.0953 1508  [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:55:55.0953 1508  amdkmdap - ok
13:55:55.0969 1508  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:55:55.0969 1508  AmdPPM - ok
13:55:55.0984 1508  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:55:55.0984 1508  amdsata - ok
13:55:56.0015 1508  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:55:56.0015 1508  amdsbs - ok
13:55:56.0031 1508  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:55:56.0031 1508  amdxata - ok
13:55:56.0047 1508  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:55:56.0062 1508  AODDriver4.1 - ok
13:55:56.0093 1508  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
13:55:56.0093 1508  AppID - ok
13:55:56.0125 1508  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:55:56.0125 1508  AppIDSvc - ok
13:55:56.0140 1508  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
13:55:56.0156 1508  Appinfo - ok
13:55:56.0171 1508  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:55:56.0171 1508  arc - ok
13:55:56.0171 1508  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:55:56.0171 1508  arcsas - ok
13:55:56.0203 1508  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
13:55:56.0203 1508  aswFsBlk - ok
13:55:56.0234 1508  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:55:56.0234 1508  aswMonFlt - ok
13:55:56.0249 1508  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
13:55:56.0249 1508  aswRdr - ok
13:55:56.0265 1508  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:55:56.0281 1508  aswSnx - ok
13:55:56.0296 1508  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:55:56.0296 1508  aswSP - ok
13:55:56.0312 1508  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
13:55:56.0312 1508  aswTdi - ok
13:55:56.0327 1508  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:56.0327 1508  AsyncMac - ok
13:55:56.0359 1508  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
13:55:56.0359 1508  atapi - ok
13:55:56.0405 1508  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:55:56.0405 1508  AtiHDAudioService - ok
13:55:56.0468 1508  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:55:56.0483 1508  AudioEndpointBuilder - ok
13:55:56.0499 1508  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:55:56.0515 1508  AudioSrv - ok
13:55:56.0530 1508  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus d:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:55:56.0530 1508  avast! Antivirus - ok
13:55:56.0593 1508  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:55:56.0593 1508  AxInstSV - ok
13:55:56.0639 1508  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:55:56.0655 1508  b06bdrv - ok
13:55:56.0671 1508  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:55:56.0671 1508  b57nd60a - ok
13:55:56.0717 1508  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:55:56.0717 1508  BDESVC - ok
13:55:56.0733 1508  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:55:56.0733 1508  Beep - ok
13:55:56.0795 1508  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
13:55:56.0811 1508  BFE - ok
13:55:56.0842 1508  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
13:55:56.0858 1508  BITS - ok
13:55:56.0873 1508  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:55:56.0873 1508  blbdrive - ok
13:55:56.0905 1508  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:55:56.0905 1508  bowser - ok
13:55:56.0920 1508  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:55:56.0920 1508  BrFiltLo - ok
13:55:56.0920 1508  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:55:56.0920 1508  BrFiltUp - ok
13:55:56.0936 1508  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
13:55:56.0951 1508  BridgeMP - ok
13:55:56.0967 1508  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
13:55:56.0967 1508  Browser - ok
13:55:56.0983 1508  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:55:56.0983 1508  Brserid - ok
13:55:56.0998 1508  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:55:56.0998 1508  BrSerWdm - ok
13:55:56.0998 1508  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:55:56.0998 1508  BrUsbMdm - ok
13:55:56.0998 1508  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:55:56.0998 1508  BrUsbSer - ok
13:55:57.0014 1508  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:55:57.0014 1508  BTHMODEM - ok
13:55:57.0029 1508  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
13:55:57.0029 1508  bthserv - ok
13:55:57.0045 1508  catchme - ok
13:55:57.0061 1508  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:55:57.0061 1508  cdfs - ok
13:55:57.0092 1508  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:55:57.0092 1508  cdrom - ok
13:55:57.0139 1508  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
13:55:57.0139 1508  CertPropSvc - ok
13:55:57.0170 1508  [ 34B4DB818E86C2822C2AF43108D660F1 ] CFRMD           C:\Windows\system32\DRIVERS\CFRMD.sys
13:55:57.0170 1508  CFRMD - ok
13:55:57.0185 1508  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:55:57.0185 1508  circlass - ok
13:55:57.0201 1508  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
13:55:57.0217 1508  CLFS - ok
13:55:57.0279 1508  [ 9A5E6527E49415D6ED1572719AFE2EF0 ] CLPSLauncher    C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
13:55:57.0279 1508  CLPSLauncher - ok
13:55:57.0341 1508  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:57.0341 1508  clr_optimization_v2.0.50727_32 - ok
13:55:57.0373 1508  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:55:57.0373 1508  clr_optimization_v2.0.50727_64 - ok
13:55:57.0435 1508  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:57.0435 1508  clr_optimization_v4.0.30319_32 - ok
13:55:57.0482 1508  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:55:57.0482 1508  clr_optimization_v4.0.30319_64 - ok
13:55:57.0529 1508  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:55:57.0529 1508  CmBatt - ok
13:55:57.0622 1508  [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:55:57.0638 1508  cmdAgent - ok
13:55:57.0653 1508  [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
13:55:57.0653 1508  cmdGuard - ok
13:55:57.0669 1508  [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
13:55:57.0669 1508  cmdHlp - ok
13:55:57.0700 1508  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:55:57.0700 1508  cmdide - ok
13:55:57.0731 1508  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
13:55:57.0747 1508  CNG - ok
13:55:57.0747 1508  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:55:57.0763 1508  Compbatt - ok
13:55:57.0778 1508  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:55:57.0794 1508  CompositeBus - ok
13:55:57.0794 1508  COMSysApp - ok
13:55:57.0794 1508  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:55:57.0809 1508  crcdisk - ok
13:55:57.0825 1508  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:55:57.0841 1508  Creative ALchemy AL6 Licensing Service - ok
13:55:57.0856 1508  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:55:57.0856 1508  Creative Audio Engine Licensing Service - ok
13:55:57.0887 1508  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:55:57.0887 1508  CryptSvc - ok
13:55:57.0919 1508  [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:55:57.0934 1508  CTAudSvcService - ok
13:55:57.0965 1508  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:55:57.0965 1508  DcomLaunch - ok
13:55:57.0997 1508  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
13:55:58.0012 1508  defragsvc - ok
13:55:58.0028 1508  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:55:58.0028 1508  DfsC - ok
13:55:58.0059 1508  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:55:58.0075 1508  Dhcp - ok
13:55:58.0090 1508  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
13:55:58.0090 1508  discache - ok
13:55:58.0106 1508  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:55:58.0106 1508  Disk - ok
13:55:58.0137 1508  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:55:58.0137 1508  Dnscache - ok
13:55:58.0168 1508  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:55:58.0168 1508  dot3svc - ok
13:55:58.0199 1508  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
13:55:58.0199 1508  DPS - ok
13:55:58.0231 1508  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:55:58.0231 1508  drmkaud - ok
13:55:58.0262 1508  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:55:58.0277 1508  DXGKrnl - ok
13:55:58.0309 1508  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
13:55:58.0309 1508  EapHost - ok
13:55:58.0418 1508  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:55:58.0465 1508  ebdrv - ok
13:55:58.0480 1508  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
13:55:58.0480 1508  EFS - ok
13:55:58.0543 1508  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:55:58.0558 1508  ehRecvr - ok
13:55:58.0589 1508  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
13:55:58.0589 1508  ehSched - ok
13:55:58.0621 1508  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:55:58.0636 1508  elxstor - ok
13:55:58.0667 1508  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:55:58.0667 1508  ErrDev - ok
13:55:58.0714 1508  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
13:55:58.0730 1508  EventSystem - ok
13:55:58.0761 1508  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
13:55:58.0761 1508  exfat - ok
13:55:58.0777 1508  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:55:58.0777 1508  fastfat - ok
13:55:58.0823 1508  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
13:55:58.0839 1508  Fax - ok
13:55:58.0855 1508  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:55:58.0855 1508  fdc - ok
13:55:58.0886 1508  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:55:58.0886 1508  fdPHost - ok
13:55:58.0901 1508  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:55:58.0901 1508  FDResPub - ok
13:55:58.0901 1508  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:55:58.0901 1508  FileInfo - ok
13:55:58.0917 1508  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:55:58.0917 1508  Filetrace - ok
13:55:58.0933 1508  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:55:58.0933 1508  flpydisk - ok
13:55:58.0948 1508  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:55:58.0964 1508  FltMgr - ok
13:55:59.0011 1508  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
13:55:59.0042 1508  FontCache - ok
13:55:59.0089 1508  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:55:59.0089 1508  FontCache3.0.0.0 - ok
13:55:59.0104 1508  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:55:59.0104 1508  FsDepends - ok
13:55:59.0135 1508  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:55:59.0135 1508  Fs_Rec - ok
13:55:59.0182 1508  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:55:59.0182 1508  fvevol - ok
13:55:59.0198 1508  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:55:59.0198 1508  gagp30kx - ok
13:55:59.0229 1508  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
13:55:59.0245 1508  gpsvc - ok
13:55:59.0245 1508  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:55:59.0245 1508  hcw85cir - ok
13:55:59.0260 1508  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:55:59.0276 1508  HdAudAddService - ok
13:55:59.0291 1508  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:55:59.0307 1508  HDAudBus - ok
13:55:59.0323 1508  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:55:59.0323 1508  HidBatt - ok
13:55:59.0323 1508  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:55:59.0323 1508  HidBth - ok
13:55:59.0323 1508  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:55:59.0338 1508  HidIr - ok
13:55:59.0354 1508  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
13:55:59.0354 1508  hidserv - ok
13:55:59.0385 1508  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:55:59.0401 1508  HidUsb - ok
13:55:59.0463 1508  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:55:59.0463 1508  hkmsvc - ok
13:55:59.0525 1508  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:55:59.0572 1508  HomeGroupListener - ok
13:55:59.0603 1508  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:55:59.0619 1508  HomeGroupProvider - ok
13:55:59.0650 1508  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:55:59.0650 1508  HpSAMD - ok
13:55:59.0713 1508  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:55:59.0728 1508  HTTP - ok
13:55:59.0775 1508  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:55:59.0775 1508  hwpolicy - ok
13:55:59.0791 1508  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:55:59.0791 1508  i8042prt - ok
13:55:59.0822 1508  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:55:59.0837 1508  iaStorV - ok
13:55:59.0884 1508  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:59.0900 1508  idsvc - ok
13:55:59.0931 1508  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:55:59.0931 1508  iirsp - ok
13:55:59.0947 1508  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
13:55:59.0962 1508  IKEEXT - ok
13:56:00.0009 1508  [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
13:56:00.0009 1508  inspect - ok
13:56:00.0025 1508  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
13:56:00.0025 1508  intelide - ok
13:56:00.0040 1508  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:56:00.0040 1508  intelppm - ok
13:56:00.0071 1508  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:56:00.0071 1508  IPBusEnum - ok
13:56:00.0103 1508  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:00.0103 1508  IpFilterDriver - ok
13:56:00.0134 1508  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:56:00.0149 1508  iphlpsvc - ok
13:56:00.0181 1508  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:56:00.0181 1508  IPMIDRV - ok
13:56:00.0181 1508  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:56:00.0181 1508  IPNAT - ok
13:56:00.0196 1508  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:56:00.0196 1508  IRENUM - ok
13:56:00.0227 1508  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:56:00.0227 1508  isapnp - ok
13:56:00.0259 1508  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:56:00.0259 1508  iScsiPrt - ok
13:56:00.0274 1508  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:56:00.0274 1508  kbdclass - ok
13:56:00.0290 1508  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:56:00.0290 1508  kbdhid - ok
13:56:00.0305 1508  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
13:56:00.0305 1508  KeyIso - ok
13:56:00.0337 1508  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:56:00.0337 1508  KSecDD - ok
13:56:00.0352 1508  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:56:00.0352 1508  KSecPkg - ok
13:56:00.0352 1508  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:56:00.0352 1508  ksthunk - ok
13:56:00.0383 1508  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:56:00.0383 1508  KtmRm - ok
13:56:00.0430 1508  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:56:00.0446 1508  LanmanServer - ok
13:56:00.0477 1508  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:56:00.0493 1508  LanmanWorkstation - ok
13:56:00.0571 1508  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:56:00.0586 1508  LBTServ - ok
13:56:00.0617 1508  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:56:00.0617 1508  LHidFilt - ok
13:56:00.0633 1508  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:56:00.0633 1508  lltdio - ok
13:56:00.0664 1508  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:56:00.0680 1508  lltdsvc - ok
13:56:00.0680 1508  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:56:00.0695 1508  lmhosts - ok
13:56:00.0711 1508  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:56:00.0711 1508  LMouFilt - ok
13:56:00.0727 1508  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:56:00.0727 1508  LSI_FC - ok
13:56:00.0727 1508  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:56:00.0727 1508  LSI_SAS - ok
13:56:00.0742 1508  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:56:00.0742 1508  LSI_SAS2 - ok
13:56:00.0742 1508  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:56:00.0742 1508  LSI_SCSI - ok
13:56:00.0773 1508  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:56:00.0773 1508  luafv - ok
13:56:00.0773 1508  [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
13:56:00.0773 1508  LUsbFilt - ok
13:56:00.0805 1508  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:56:00.0805 1508  Mcx2Svc - ok
13:56:00.0820 1508  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:56:00.0820 1508  megasas - ok
13:56:00.0836 1508  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:56:00.0836 1508  MegaSR - ok
13:56:00.0867 1508  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
13:56:00.0867 1508  MMCSS - ok
13:56:00.0867 1508  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
13:56:00.0867 1508  Modem - ok
13:56:00.0883 1508  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:56:00.0883 1508  monitor - ok
13:56:00.0898 1508  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
13:56:00.0898 1508  mouclass - ok
13:56:00.0914 1508  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:56:00.0914 1508  mouhid - ok
13:56:00.0929 1508  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:56:00.0929 1508  mountmgr - ok
13:56:00.0992 1508  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:56:00.0992 1508  MozillaMaintenance - ok
13:56:01.0023 1508  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:56:01.0023 1508  mpio - ok
13:56:01.0039 1508  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:56:01.0039 1508  mpsdrv - ok
13:56:01.0085 1508  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:56:01.0117 1508  MpsSvc - ok
13:56:01.0148 1508  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:56:01.0148 1508  MRxDAV - ok
13:56:01.0179 1508  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:01.0179 1508  mrxsmb - ok
13:56:01.0210 1508  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:01.0210 1508  mrxsmb10 - ok
13:56:01.0241 1508  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:01.0241 1508  mrxsmb20 - ok
13:56:01.0288 1508  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:56:01.0288 1508  msahci - ok
13:56:01.0304 1508  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:56:01.0304 1508  msdsm - ok
13:56:01.0319 1508  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
13:56:01.0319 1508  MSDTC - ok
13:56:01.0351 1508  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:56:01.0351 1508  Msfs - ok
13:56:01.0366 1508  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:56:01.0366 1508  mshidkmdf - ok
13:56:01.0382 1508  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:56:01.0382 1508  msisadrv - ok
13:56:01.0429 1508  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:56:01.0429 1508  MSiSCSI - ok
13:56:01.0444 1508  msiserver - ok
13:56:01.0444 1508  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:56:01.0444 1508  MSKSSRV - ok
13:56:01.0460 1508  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:01.0460 1508  MSPCLOCK - ok
13:56:01.0475 1508  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:56:01.0475 1508  MSPQM - ok
13:56:01.0491 1508  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:56:01.0491 1508  MsRPC - ok
13:56:01.0507 1508  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:56:01.0507 1508  mssmbios - ok
13:56:01.0522 1508  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:56:01.0522 1508  MSTEE - ok
13:56:01.0522 1508  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:56:01.0522 1508  MTConfig - ok
13:56:01.0553 1508  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
13:56:01.0553 1508  MTsensor - ok
13:56:01.0569 1508  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:56:01.0569 1508  Mup - ok
13:56:01.0616 1508  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
13:56:01.0616 1508  napagent - ok
13:56:01.0631 1508  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:56:01.0647 1508  NativeWifiP - ok
13:56:01.0678 1508  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:56:01.0678 1508  NDIS - ok
13:56:01.0694 1508  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:01.0694 1508  NdisCap - ok
13:56:01.0694 1508  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:01.0694 1508  NdisTapi - ok
13:56:01.0725 1508  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:01.0725 1508  Ndisuio - ok
13:56:01.0741 1508  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:01.0741 1508  NdisWan - ok
13:56:01.0772 1508  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:56:01.0772 1508  NDProxy - ok
13:56:01.0772 1508  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:56:01.0772 1508  NetBIOS - ok
13:56:01.0787 1508  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:56:01.0803 1508  NetBT - ok
13:56:01.0803 1508  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
13:56:01.0803 1508  Netlogon - ok
13:56:01.0834 1508  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
13:56:01.0834 1508  Netman - ok
13:56:01.0850 1508  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
13:56:01.0865 1508  netprofm - ok
13:56:01.0897 1508  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:56:01.0897 1508  NetTcpPortSharing - ok
13:56:01.0912 1508  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:56:01.0912 1508  nfrd960 - ok
13:56:01.0943 1508  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:56:01.0959 1508  NlaSvc - ok
13:56:01.0975 1508  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:56:01.0975 1508  Npfs - ok
13:56:01.0975 1508  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
13:56:01.0990 1508  nsi - ok
13:56:01.0990 1508  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:56:01.0990 1508  nsiproxy - ok
13:56:02.0037 1508  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:56:02.0068 1508  Ntfs - ok
13:56:02.0084 1508  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
13:56:02.0084 1508  Null - ok
13:56:02.0099 1508  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:56:02.0099 1508  nvraid - ok
13:56:02.0131 1508  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:56:02.0131 1508  nvstor - ok
13:56:02.0146 1508  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:56:02.0146 1508  nv_agp - ok
13:56:02.0177 1508  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:56:02.0177 1508  ohci1394 - ok
13:56:02.0209 1508  [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17             C:\Windows\system32\drivers\P17.sys
13:56:02.0240 1508  P17 - ok
13:56:02.0271 1508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:56:02.0271 1508  p2pimsvc - ok
13:56:02.0287 1508  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:56:02.0302 1508  p2psvc - ok
13:56:02.0318 1508  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:56:02.0318 1508  Parport - ok
13:56:02.0333 1508  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:56:02.0349 1508  partmgr - ok
13:56:02.0349 1508  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:56:02.0365 1508  PcaSvc - ok
13:56:02.0380 1508  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
13:56:02.0380 1508  pci - ok
13:56:02.0396 1508  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
13:56:02.0396 1508  pciide - ok
13:56:02.0411 1508  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:56:02.0411 1508  pcmcia - ok
13:56:02.0411 1508  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:56:02.0411 1508  pcw - ok
13:56:02.0427 1508  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:56:02.0427 1508  PEAUTH - ok
13:56:02.0505 1508  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:56:02.0505 1508  PerfHost - ok
13:56:02.0552 1508  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
13:56:02.0583 1508  pla - ok
13:56:02.0614 1508  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:56:02.0645 1508  PlugPlay - ok
13:56:02.0661 1508  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:56:02.0677 1508  PNRPAutoReg - ok
13:56:02.0723 1508  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:56:02.0723 1508  PNRPsvc - ok
13:56:02.0770 1508  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:56:02.0786 1508  PolicyAgent - ok
13:56:02.0801 1508  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
13:56:02.0817 1508  Power - ok
13:56:02.0833 1508  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:56:02.0848 1508  PptpMiniport - ok
13:56:02.0864 1508  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:56:02.0864 1508  Processor - ok
13:56:02.0895 1508  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:56:02.0895 1508  ProfSvc - ok
13:56:02.0911 1508  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:56:02.0911 1508  ProtectedStorage - ok
13:56:02.0942 1508  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:56:02.0942 1508  Psched - ok
13:56:02.0973 1508  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:56:03.0004 1508  ql2300 - ok
13:56:03.0020 1508  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:56:03.0020 1508  ql40xx - ok
13:56:03.0051 1508  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
13:56:03.0051 1508  QWAVE - ok
13:56:03.0051 1508  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:56:03.0051 1508  QWAVEdrv - ok
13:56:03.0067 1508  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:56:03.0067 1508  RasAcd - ok
13:56:03.0098 1508  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:03.0098 1508  RasAgileVpn - ok
13:56:03.0113 1508  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
13:56:03.0113 1508  RasAuto - ok
13:56:03.0145 1508  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:03.0145 1508  Rasl2tp - ok
13:56:03.0176 1508  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
13:56:03.0176 1508  RasMan - ok
13:56:03.0191 1508  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:03.0191 1508  RasPppoe - ok
13:56:03.0191 1508  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:56:03.0191 1508  RasSstp - ok
13:56:03.0223 1508  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:56:03.0223 1508  rdbss - ok
13:56:03.0223 1508  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:56:03.0223 1508  rdpbus - ok
13:56:03.0238 1508  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:03.0238 1508  RDPCDD - ok
13:56:03.0254 1508  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:56:03.0254 1508  RDPENCDD - ok
13:56:03.0254 1508  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:56:03.0269 1508  RDPREFMP - ok
13:56:03.0285 1508  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:56:03.0285 1508  RDPWD - ok
13:56:03.0301 1508  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:56:03.0301 1508  rdyboost - ok
13:56:03.0332 1508  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:56:03.0332 1508  RemoteAccess - ok
13:56:03.0347 1508  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:56:03.0347 1508  RemoteRegistry - ok
13:56:03.0363 1508  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:56:03.0363 1508  RpcEptMapper - ok
13:56:03.0394 1508  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
13:56:03.0394 1508  RpcLocator - ok
13:56:03.0425 1508  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
13:56:03.0425 1508  RpcSs - ok
13:56:03.0457 1508  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:56:03.0457 1508  rspndr - ok
13:56:03.0472 1508  [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
13:56:03.0472 1508  RTL8023x64 - ok
13:56:03.0519 1508  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:56:03.0519 1508  RTL8167 - ok
13:56:03.0535 1508  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
13:56:03.0535 1508  SamSs - ok
13:56:03.0566 1508  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:56:03.0566 1508  sbp2port - ok
13:56:03.0581 1508  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:56:03.0597 1508  SCardSvr - ok
13:56:03.0613 1508  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:56:03.0613 1508  scfilter - ok
13:56:03.0659 1508  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
13:56:03.0691 1508  Schedule - ok
13:56:03.0722 1508  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:56:03.0722 1508  SCPolicySvc - ok
13:56:03.0737 1508  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:56:03.0753 1508  SDRSVC - ok
13:56:03.0784 1508  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:56:03.0784 1508  secdrv - ok
13:56:03.0815 1508  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
13:56:03.0815 1508  seclogon - ok
13:56:03.0847 1508  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
13:56:03.0847 1508  SENS - ok
13:56:03.0862 1508  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:56:03.0862 1508  SensrSvc - ok
13:56:03.0862 1508  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:56:03.0862 1508  Serenum - ok
13:56:03.0878 1508  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:56:03.0878 1508  Serial - ok
13:56:03.0893 1508  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:56:03.0893 1508  sermouse - ok
13:56:03.0940 1508  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:56:03.0940 1508  SessionEnv - ok
13:56:03.0956 1508  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:56:03.0956 1508  sffdisk - ok
13:56:03.0971 1508  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:56:03.0971 1508  sffp_mmc - ok
13:56:03.0987 1508  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:56:03.0987 1508  sffp_sd - ok
13:56:03.0987 1508  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:03.0987 1508  sfloppy - ok
13:56:04.0049 1508  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:56:04.0049 1508  SharedAccess - ok
13:56:04.0081 1508  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:56:04.0081 1508  ShellHWDetection - ok
13:56:04.0096 1508  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:56:04.0096 1508  SiSRaid2 - ok
13:56:04.0112 1508  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:56:04.0112 1508  SiSRaid4 - ok
13:56:04.0143 1508  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:56:04.0143 1508  SkypeUpdate - ok
13:56:04.0159 1508  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:56:04.0159 1508  Smb - ok
13:56:04.0205 1508  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:56:04.0205 1508  SNMPTRAP - ok
13:56:04.0205 1508  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:56:04.0221 1508  spldr - ok
13:56:04.0237 1508  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
13:56:04.0252 1508  Spooler - ok
13:56:04.0330 1508  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
13:56:04.0361 1508  sppsvc - ok
13:56:04.0377 1508  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:56:04.0377 1508  sppuinotify - ok
13:56:04.0408 1508  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:56:04.0424 1508  srv - ok
13:56:04.0471 1508  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:56:04.0486 1508  srv2 - ok
13:56:04.0502 1508  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:56:04.0517 1508  srvnet - ok
13:56:04.0533 1508  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:56:04.0549 1508  SSDPSRV - ok
13:56:04.0580 1508  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:56:04.0580 1508  SstpSvc - ok
13:56:04.0611 1508  Steam Client Service - ok
13:56:04.0642 1508  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:56:04.0642 1508  stexstor - ok
13:56:04.0689 1508  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
13:56:04.0720 1508  stisvc - ok
13:56:04.0751 1508  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:56:04.0751 1508  swenum - ok
13:56:04.0767 1508  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
13:56:04.0798 1508  swprv - ok
13:56:04.0845 1508  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
13:56:04.0876 1508  SysMain - ok
13:56:04.0907 1508  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:56:04.0907 1508  TabletInputService - ok
13:56:04.0939 1508  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:56:04.0954 1508  TapiSrv - ok
13:56:04.0970 1508  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
13:56:04.0970 1508  TBS - ok
13:56:05.0032 1508  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:56:05.0079 1508  Tcpip - ok
13:56:05.0126 1508  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:56:05.0141 1508  TCPIP6 - ok
13:56:05.0173 1508  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:56:05.0173 1508  tcpipreg - ok
13:56:05.0188 1508  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:56:05.0188 1508  TDPIPE - ok
13:56:05.0219 1508  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:56:05.0219 1508  TDTCP - ok
13:56:05.0251 1508  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:56:05.0251 1508  tdx - ok
13:56:05.0344 1508  [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:56:05.0360 1508  TeamViewer7 - ok
13:56:05.0375 1508  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:56:05.0375 1508  TermDD - ok
13:56:05.0391 1508  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
13:56:05.0407 1508  TermService - ok
13:56:05.0422 1508  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
13:56:05.0422 1508  Themes - ok
13:56:05.0438 1508  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
13:56:05.0438 1508  THREADORDER - ok
13:56:05.0453 1508  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
13:56:05.0453 1508  TrkWks - ok
13:56:05.0500 1508  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:56:05.0500 1508  TrustedInstaller - ok
13:56:05.0547 1508  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:05.0547 1508  tssecsrv - ok
13:56:05.0563 1508  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:56:05.0578 1508  TsUsbFlt - ok
13:56:05.0765 1508  [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
13:56:05.0797 1508  TuneUp.UtilitiesSvc - ok
13:56:05.0828 1508  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
13:56:05.0828 1508  TuneUpUtilitiesDrv - ok
13:56:05.0859 1508  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:56:05.0859 1508  tunnel - ok
13:56:05.0875 1508  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:56:05.0890 1508  uagp35 - ok
13:56:05.0906 1508  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:56:05.0906 1508  udfs - ok
13:56:05.0937 1508  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:56:05.0937 1508  UI0Detect - ok
13:56:05.0968 1508  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:56:05.0968 1508  uliagpkx - ok
13:56:05.0984 1508  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
13:56:05.0984 1508  umbus - ok
13:56:05.0999 1508  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:56:05.0999 1508  UmPass - ok
13:56:06.0015 1508  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
13:56:06.0015 1508  upnphost - ok
13:56:06.0046 1508  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:56:06.0046 1508  usbaudio - ok
13:56:06.0077 1508  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:06.0077 1508  usbccgp - ok
13:56:06.0109 1508  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:56:06.0109 1508  usbcir - ok
13:56:06.0140 1508  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:56:06.0140 1508  usbehci - ok
13:56:06.0155 1508  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:56:06.0155 1508  usbhub - ok
13:56:06.0171 1508  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:56:06.0171 1508  usbohci - ok
13:56:06.0187 1508  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:56:06.0187 1508  usbprint - ok
13:56:06.0187 1508  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:06.0187 1508  USBSTOR - ok
13:56:06.0218 1508  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:56:06.0218 1508  usbuhci - ok
13:56:06.0233 1508  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:56:06.0233 1508  usbvideo - ok
13:56:06.0249 1508  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
13:56:06.0265 1508  UxSms - ok
13:56:06.0265 1508  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
13:56:06.0265 1508  VaultSvc - ok
13:56:06.0280 1508  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:56:06.0280 1508  vdrvroot - ok
13:56:06.0327 1508  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
13:56:06.0327 1508  vds - ok
13:56:06.0358 1508  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:06.0358 1508  vga - ok
13:56:06.0358 1508  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:56:06.0358 1508  VgaSave - ok
13:56:06.0374 1508  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:56:06.0374 1508  vhdmp - ok
13:56:06.0405 1508  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:56:06.0405 1508  viaide - ok
13:56:06.0421 1508  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:56:06.0421 1508  volmgr - ok
13:56:06.0452 1508  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:56:06.0452 1508  volmgrx - ok
13:56:06.0452 1508  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:56:06.0467 1508  volsnap - ok
13:56:06.0483 1508  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:56:06.0483 1508  vsmraid - ok
13:56:06.0545 1508  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
13:56:06.0577 1508  VSS - ok
13:56:06.0592 1508  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:56:06.0592 1508  vwifibus - ok
13:56:06.0623 1508  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
13:56:06.0639 1508  W32Time - ok
13:56:06.0639 1508  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:56:06.0639 1508  WacomPen - ok
13:56:06.0655 1508  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:56:06.0655 1508  WANARP - ok
13:56:06.0670 1508  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:56:06.0670 1508  Wanarpv6 - ok
13:56:06.0717 1508  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
13:56:06.0748 1508  wbengine - ok
13:56:06.0764 1508  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:56:06.0764 1508  WbioSrvc - ok
13:56:06.0795 1508  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:56:06.0811 1508  wcncsvc - ok
13:56:06.0826 1508  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:56:06.0826 1508  WcsPlugInService - ok
13:56:06.0842 1508  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:56:06.0842 1508  Wd - ok
13:56:06.0873 1508  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:56:06.0873 1508  Wdf01000 - ok
13:56:06.0889 1508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:56:06.0889 1508  WdiServiceHost - ok
13:56:06.0889 1508  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:56:06.0904 1508  WdiSystemHost - ok
13:56:06.0920 1508  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
13:56:06.0935 1508  WebClient - ok
13:56:06.0967 1508  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:56:06.0982 1508  Wecsvc - ok
13:56:06.0998 1508  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:56:06.0998 1508  wercplsupport - ok
13:56:07.0013 1508  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:56:07.0013 1508  WerSvc - ok
13:56:07.0029 1508  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:07.0029 1508  WfpLwf - ok
13:56:07.0045 1508  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:56:07.0045 1508  WIMMount - ok
13:56:07.0060 1508  WinDefend - ok
13:56:07.0060 1508  WinHttpAutoProxySvc - ok
13:56:07.0123 1508  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:56:07.0123 1508  Winmgmt - ok
13:56:07.0201 1508  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
13:56:07.0263 1508  WinRM - ok
13:56:07.0310 1508  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:56:07.0325 1508  Wlansvc - ok
13:56:07.0357 1508  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:56:07.0357 1508  WmiAcpi - ok
13:56:07.0372 1508  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:56:07.0388 1508  wmiApSrv - ok
13:56:07.0403 1508  WMPNetworkSvc - ok
13:56:07.0419 1508  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:56:07.0419 1508  WPCSvc - ok
13:56:07.0450 1508  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:56:07.0450 1508  WPDBusEnum - ok
13:56:07.0481 1508  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:56:07.0481 1508  ws2ifsl - ok
13:56:07.0481 1508  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
13:56:07.0481 1508  wscsvc - ok
13:56:07.0481 1508  WSearch - ok
13:56:07.0559 1508  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:56:07.0637 1508  wuauserv - ok
13:56:07.0669 1508  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:56:07.0669 1508  WudfPf - ok
13:56:07.0700 1508  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:07.0700 1508  WUDFRd - ok
13:56:07.0731 1508  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:56:07.0731 1508  wudfsvc - ok
13:56:07.0762 1508  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:56:07.0762 1508  WwanSvc - ok
13:56:07.0778 1508  ================ Scan global ===============================
13:56:07.0793 1508  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:56:07.0840 1508  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:56:07.0856 1508  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:56:07.0887 1508  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:56:07.0903 1508  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:56:07.0918 1508  [Global] - ok
13:56:07.0918 1508  ================ Scan MBR ==================================
13:56:07.0918 1508  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:56:08.0168 1508  \Device\Harddisk0\DR0 - ok
13:56:08.0168 1508  ================ Scan VBR ==================================
13:56:08.0168 1508  [ FB340540706FED1677BADC111D0E45CA ] \Device\Harddisk0\DR0\Partition1
13:56:08.0168 1508  \Device\Harddisk0\DR0\Partition1 - ok
13:56:08.0183 1508  [ ABEA0C7B77F536132FDE8B386D9068B7 ] \Device\Harddisk0\DR0\Partition2
13:56:08.0183 1508  \Device\Harddisk0\DR0\Partition2 - ok
13:56:08.0199 1508  [ AED10F24C06F87A4B4B1365A93C38259 ] \Device\Harddisk0\DR0\Partition3
13:56:08.0199 1508  \Device\Harddisk0\DR0\Partition3 - ok
13:56:08.0199 1508  ============================================================
13:56:08.0199 1508  Scan finished
13:56:08.0199 1508  ============================================================
13:56:08.0215 4776  Detected object count: 0
13:56:08.0215 4776  Actual detected object count: 0
         
Ach so: Vielen Dank für deine Hilfe. Auch wenn du nichts finden solltest schonmal schönen Dank.

Was mir noch so auffällt. Ich habe einen AMD Prozessor und nicht einen von Intel.


Geändert von subvision (02.10.2012 um 13:28 Uhr)

Alt 02.10.2012, 14:19   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden

Alt 02.10.2012, 14:34   #7
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Ich mußte nicht neustarten wegen Combofix. Allerdings war nach Beenden meiner Firewall Comodo Defense+ noch aktiv. Ich hoffe, das macht nix.

Hier das log:

Code:
ATTFilter
ComboFix 12-10-02.02 - Micha 02.10.2012  15:25:20.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.2681 [GMT 2:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-02 bis 2012-10-02  ))))))))))))))))))))))))))))))
.
.
2012-10-02 13:29 . 2012-10-02 13:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-02 11:50 . 2012-09-18 22:58	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{02D92663-413A-42B1-9884-F4EA7FC77F7D}\mpengine.dll
2012-09-30 18:02 . 2012-09-30 18:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-30 18:02 . 2012-09-07 15:04	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-30 11:11 . 2012-09-30 11:11	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 11:11 . 2012-09-30 11:11	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 11:11 . 2012-09-30 11:11	--------	d-----w-	c:\windows\SysWow64\Macromed
2012-09-30 11:11 . 2012-09-30 11:11	--------	d-----w-	c:\windows\system32\Macromed
2012-09-30 08:57 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-30 08:57 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-30 07:20 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-30 07:20 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-30 07:20 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-30 07:20 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-30 07:20 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-30 07:19 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-29 17:16 . 2012-09-29 17:16	--------	d-----w-	c:\programdata\Canneverbe Limited
2012-09-29 11:44 . 2012-09-19 09:29	34656	----a-w-	c:\windows\system32\TURegOpt.exe
2012-09-29 11:44 . 2012-09-19 09:29	25952	----a-w-	c:\windows\system32\authuitu.dll
2012-09-29 11:44 . 2012-09-19 09:29	21344	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-09-29 11:43 . 2012-09-29 11:44	--------	d-----w-	c:\programdata\TuneUp Software
2012-09-29 11:43 . 2012-09-29 11:43	--------	d-sh--w-	c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-29 11:43 . 2012-09-29 11:43	--------	d--h--w-	c:\programdata\Common Files
2012-09-29 10:42 . 2012-09-29 10:42	--------	d-----w-	c:\windows\system32\SPReview
2012-09-29 10:42 . 2012-09-29 10:42	--------	d-----w-	c:\windows\system32\EventProviders
2012-09-29 10:27 . 2010-11-20 13:27	750080	----a-w-	c:\windows\system32\TSWorkspace.dll
2012-09-29 10:26 . 2010-11-20 13:25	139264	----a-w-	c:\windows\system32\cabview.dll
2012-09-29 10:25 . 2010-11-20 13:27	681472	----a-w-	c:\windows\system32\WUDFx.dll
2012-09-29 10:24 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-09-29 10:24 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-09-29 10:24 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-09-29 10:21 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-09-29 10:21 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-09-29 10:21 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-09-29 09:51 . 2011-03-25 03:29	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2012-09-29 09:51 . 2011-03-25 03:29	98816	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2012-09-29 09:51 . 2011-03-25 03:29	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2012-09-29 09:51 . 2011-03-25 03:29	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2012-09-29 09:51 . 2011-03-25 03:29	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2012-09-29 09:51 . 2011-03-25 03:29	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2012-09-29 09:51 . 2011-03-25 03:28	7936	----a-w-	c:\windows\system32\drivers\usbd.sys
2012-09-29 09:50 . 2011-03-11 06:41	1659776	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-09-29 09:50 . 2011-03-11 06:33	2565632	----a-w-	c:\windows\system32\esent.dll
2012-09-29 09:50 . 2011-03-11 05:33	1699328	----a-w-	c:\windows\SysWow64\esent.dll
2012-09-29 09:50 . 2011-03-11 06:41	189824	----a-w-	c:\windows\system32\drivers\storport.sys
2012-09-29 09:50 . 2011-03-11 06:41	166272	----a-w-	c:\windows\system32\drivers\nvstor.sys
2012-09-29 09:50 . 2011-03-11 06:41	148352	----a-w-	c:\windows\system32\drivers\nvraid.sys
2012-09-29 09:50 . 2011-03-11 06:41	410496	----a-w-	c:\windows\system32\drivers\iaStorV.sys
2012-09-29 09:50 . 2011-03-11 06:41	27008	----a-w-	c:\windows\system32\drivers\amdxata.sys
2012-09-29 09:50 . 2011-03-11 06:41	107904	----a-w-	c:\windows\system32\drivers\amdsata.sys
2012-09-29 09:50 . 2011-03-11 04:37	91648	----a-w-	c:\windows\system32\drivers\USBSTOR.SYS
2012-09-29 09:50 . 2011-03-11 06:30	96768	----a-w-	c:\windows\system32\fsutil.exe
2012-09-29 09:50 . 2011-03-11 05:31	74240	----a-w-	c:\windows\SysWow64\fsutil.exe
2012-09-28 21:20 . 2012-09-28 21:20	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-09-28 21:05 . 2012-09-28 21:05	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-09-28 21:05 . 2012-09-28 21:05	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-09-28 20:18 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-09-28 20:02 . 2012-08-30 22:43	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-28 19:59 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-09-28 19:59 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-09-28 19:59 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-09-28 19:59 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-09-28 19:59 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-09-28 19:59 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-09-28 19:59 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-09-28 19:54 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-09-28 19:53 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-09-28 19:52 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-09-28 19:51 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-28 19:48 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-09-28 19:39 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-09-28 19:39 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-09-28 16:42 . 2012-09-28 21:10	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2012-09-28 16:31 . 2012-09-28 16:31	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-28 16:31 . 2012-09-28 16:31	--------	d-----r-	c:\program files (x86)\Skype
2012-09-28 16:31 . 2012-09-28 16:31	--------	d-----w-	c:\programdata\Skype
2012-09-28 16:14 . 2012-09-28 16:14	--------	d-----w-	c:\program files\Logitech
2012-09-28 16:07 . 2012-09-28 16:07	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2012-09-28 16:06 . 2012-09-28 16:14	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-09-28 16:06 . 2012-09-28 16:14	--------	d-----w-	c:\programdata\Logishrd
2012-09-28 16:05 . 2012-09-28 16:15	--------	d-----w-	c:\program files\Common Files\LogiShrd
2012-09-28 14:57 . 2012-09-28 14:57	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-09-28 12:53 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-09-28 12:53 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2012-09-28 12:52 . 2012-09-28 12:52	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-09-28 12:48 . 2012-09-28 12:48	--------	d-----w-	c:\program files (x86)\COMODO
2012-09-28 12:48 . 2012-09-28 12:48	--------	d-----w-	c:\program files (x86)\Common Files\Comodo
2012-09-28 12:48 . 2012-09-28 12:48	--------	d-----w-	c:\programdata\CPA_VA
2012-09-28 12:42 . 2012-05-31 10:25	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-09-28 12:39 . 2012-09-28 11:47	--------	d-----w-	c:\windows\Panther
2012-09-28 12:31 . 2012-09-30 10:53	--------	d-----w-	c:\programdata\Comodo
2012-09-28 12:31 . 2012-09-28 12:48	--------	d-----w-	c:\program files\COMODO
2012-09-28 12:31 . 2012-09-28 12:31	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-09-28 12:31 . 2012-09-28 12:31	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2012-09-28 12:31 . 2012-09-28 12:31	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-09-28 12:19 . 2006-10-06 12:17	53248	------w-	c:\windows\Ctregrun.exe
2012-09-28 12:19 . 2000-05-22 14:58	647872	------w-	c:\windows\SysWow64\Mscomct2.ocx
2012-09-28 12:16 . 2012-08-21 09:13	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-09-28 12:16 . 2012-08-21 09:13	359464	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-09-28 12:16 . 2012-08-21 09:13	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-09-28 12:16 . 2012-08-21 09:13	54072	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-09-28 12:16 . 2012-08-21 09:13	969200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-09-28 12:16 . 2012-08-21 09:13	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-09-28 12:16 . 2012-08-21 09:12	285328	----a-w-	c:\windows\system32\aswBoot.exe
2012-09-28 12:16 . 2012-08-21 09:12	41224	----a-w-	c:\windows\avastSS.scr
2012-09-28 12:16 . 2012-08-21 09:12	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-09-28 12:16 . 2012-09-28 12:16	--------	d-----w-	c:\programdata\AVAST Software
2012-09-28 12:09 . 2012-09-28 12:09	--------	d-----w-	c:\programdata\ATI
2012-09-28 12:08 . 2012-09-28 12:08	0	----a-w-	c:\windows\ativpsrm.bin
2012-09-28 12:07 . 2012-09-28 12:07	--------	d-----w-	c:\program files (x86)\AMD APP
2012-09-28 12:07 . 2012-09-28 12:07	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2012-09-28 12:07 . 2012-09-28 12:07	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2012-09-28 12:06 . 2012-09-28 12:06	--------	d-----w-	c:\programdata\AMD
2012-09-28 12:06 . 2010-02-18 07:18	46136	----a-w-	c:\windows\system32\drivers\amdiox64.sys
2012-09-28 12:06 . 2012-09-28 12:06	--------	d-----w-	c:\program files (x86)\ATI Technologies
2012-09-28 12:06 . 2012-09-29 11:45	--------	d-sh--w-	c:\windows\Installer
2012-09-28 12:06 . 2012-09-28 12:06	--------	d-----w-	c:\program files\ATI
2012-09-28 12:05 . 2012-09-28 12:07	--------	d-----w-	c:\program files\ATI Technologies
2012-09-28 12:05 . 2012-09-28 12:05	--------	d-----w-	C:\AMD
2012-09-28 11:59 . 2012-09-28 11:59	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-28 11:55 . 2003-06-12 21:25	7062	----a-w-	c:\windows\SysWow64\audiopid.vxd
2012-09-28 11:52 . 2012-09-28 12:20	--------	d-----w-	c:\programdata\Creative
2012-09-28 11:52 . 2009-07-10 07:09	214528	----a-w-	c:\windows\system32\APOMgr64.DLL
2012-09-28 11:52 . 2009-07-10 07:07	166912	----a-w-	c:\windows\SysWow64\APOMngr.DLL
2012-09-28 11:52 . 2009-02-06 16:53	89088	----a-w-	c:\windows\system32\CmdRtr64.DLL
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 11:09 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-09-29 11:09 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-08-03 08:23 . 2012-08-03 08:23	35064	----a-w-	c:\windows\system32\drivers\CFRMD.sys
2012-08-03 08:23 . 2012-08-03 08:23	35064	----a-w-	c:\windows\inf\lps-ca\cfrmd.sys
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2012-07-28 01:13	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-07-27 20:44 . 2012-07-27 20:44	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-07-27 20:44 . 2012-07-27 20:44	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"WinampAgent"="d:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe [2012-8-23 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2012-08-03 35064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 250288]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-28 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-28 79360]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-08-23 70352]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14993658
*Deregistered* - 14993658
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 11:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11	133400	----a-w-	d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{3D00864E-26A5-474A-A715-EE62AAFC2273}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\bensm4a1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-02  15:31:39
ComboFix-quarantined-files.txt  2012-10-02 13:31
.
Vor Suchlauf: 9 Verzeichnis(se), 24.739.385.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 24.468.443.136 Bytes frei
.
- - End Of File - - 09494FB06AA6AC7EF4C92FD5D65BC5C4
         

Alt 02.10.2012, 14:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Hast Du immer noch die im Threadtitel genannten Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 14:46   #9
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Zitat:
Zitat von schrauber Beitrag anzeigen
Hast Du immer noch die im Threadtitel genannten Probleme?
VisthAux.exe konnte ich durch deaktivieren des Windows Scripting Host aktivieren. Jedoch ist der erste Sektor meiner Partitionen immer noch befallen. Ich schätze mal, da war ein Profi am Werk. Das Schadprogramm verweilt eher still im Hintergrund und belastet mein System auch nicht allzu stark. Gestern jedoch hatte ich einen Bluescreen mit der Meldung "System Code has been changed usw." Zeitweise konnte ich mit Firefox Google nicht erreichen, der Stream von Soma.fm mit meinem Winamp lief aber problemlos weiter. Es war also keine generelle Netzwerkstörung.

Ich weiß wirklich nicht mehr weiter. Wie deaktiviere ich den Schädling? Ich habe davon nicht allzuviel Ahnung, ich bin also kein Profi, sondern nur erfahrenener Anwender.

Widows Scripting Host werde ich erstmal deaktiviert lassen und ich werde den Kontakt mit fremden Rechnern meiden (USB-Sticks usw.) um andere nicht zu infizieren.

Ich weiß nur, ich habe Schadsoftware auf dem Rechner, die macht, was sie will. Wie weit ich da mit der Deaktivierung des WSH gegenhebele weiß ich nicht. Das Programm ist scheinbar in der Lage, beliebig Code auf meinem Rechner zu ändern.

Alt 02.10.2012, 14:52   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Öffne mal bitte TDSSKiller nochmal, unter Optionen alles anhaken und dann Scan drücken, sollte einen Neustart verlangen und dann beginnen zu scannen. Poste bitte das Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 15:00   #11
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Dieses Mal hat er 2 Logs gemacht. Eines um 15:55 und eines um 15:58. Ich poste beide.

15:55

Code:
ATTFilter
15:55:07.0805 6112  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:55:07.0992 6112  ============================================================
15:55:07.0992 6112  Current date / time: 2012/10/02 15:55:07.0992
15:55:07.0992 6112  SystemInfo:
15:55:07.0992 6112  
15:55:07.0992 6112  OS Version: 6.1.7601 ServicePack: 1.0
15:55:07.0992 6112  Product type: Workstation
15:55:07.0992 6112  ComputerName: X4
15:55:07.0992 6112  UserName: Micha
15:55:07.0992 6112  Windows directory: C:\Windows
15:55:07.0992 6112  System windows directory: C:\Windows
15:55:07.0992 6112  Running under WOW64
15:55:07.0992 6112  Processor architecture: Intel x64
15:55:07.0992 6112  Number of processors: 4
15:55:07.0992 6112  Page size: 0x1000
15:55:07.0992 6112  Boot type: Normal boot
15:55:07.0992 6112  ============================================================
15:55:08.0788 6112  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:08.0803 6112  ============================================================
15:55:08.0803 6112  \Device\Harddisk0\DR0:
15:55:08.0803 6112  MBR partitions:
15:55:08.0803 6112  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:08.0803 6112  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
15:55:08.0803 6112  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
15:55:08.0803 6112  ============================================================
15:55:08.0835 6112  C: <-> \Device\Harddisk0\DR0\Partition2
15:55:08.0850 6112  D: <-> \Device\Harddisk0\DR0\Partition3
15:55:08.0850 6112  ============================================================
15:55:08.0850 6112  Initialize success
15:55:08.0850 6112  ============================================================
15:55:26.0556 4284  Deinitialize success
         
15:58

Code:
ATTFilter
15:57:06.0891 3644  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:57:08.0900 3644  ============================================================
15:57:08.0900 3644  Current date / time: 2012/10/02 15:57:08.0900
15:57:08.0900 3644  SystemInfo:
15:57:08.0900 3644  
15:57:08.0900 3644  OS Version: 6.1.7601 ServicePack: 1.0
15:57:08.0900 3644  Product type: Workstation
15:57:08.0900 3644  ComputerName: X4
15:57:08.0900 3644  UserName: Micha
15:57:08.0900 3644  Windows directory: C:\Windows
15:57:08.0900 3644  System windows directory: C:\Windows
15:57:08.0900 3644  Running under WOW64
15:57:08.0900 3644  Processor architecture: Intel x64
15:57:08.0900 3644  Number of processors: 4
15:57:08.0900 3644  Page size: 0x1000
15:57:08.0900 3644  Boot type: Normal boot
15:57:08.0900 3644  ============================================================
15:57:21.0866 3644  BG loaded
15:57:22.0599 3644  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:22.0631 3644  ============================================================
15:57:22.0631 3644  \Device\Harddisk0\DR0:
15:57:22.0646 3644  MBR partitions:
15:57:22.0646 3644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:22.0646 3644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
15:57:22.0662 3644  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
15:57:22.0662 3644  ============================================================
15:57:22.0755 3644  C: <-> \Device\Harddisk0\DR0\Partition2
15:57:22.0865 3644  D: <-> \Device\Harddisk0\DR0\Partition3
15:57:22.0865 3644  ============================================================
15:57:22.0865 3644  Initialize success
15:57:22.0865 3644  ============================================================
15:58:12.0362 3604  Deinitialize success
         
Ich hab alles angehakt, erst die unteren beiden Optionen und dann "Load Modules". Ich meine, das Log müßte jetzt größer sein?

Alt 02.10.2012, 15:02   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Du hast alle 4 Optionen angehakt? Das Log müsste viel länger sein....
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 15:05   #13
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Dachte ich mir auch. Ich hab unter Parameters alles angehakt.

Ich hab mir erlaubt, die tdsskiller.exe Datei umzubenennen und hab dann nen Scan gestartet. Wie kann ich hier Dateianhänge posten? Der Text ist nämlich zu lang.

Edit: OK, hab die Datei als 7zip Archiv angehängt - wenn alles geklappt hat.

Geändert von subvision (02.10.2012 um 15:32 Uhr)

Alt 02.10.2012, 15:27   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Dann schauen wir mal von aussen:


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2012, 15:44   #15
subvision
 
Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Standard

Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden



Schau dir bitte nochmal Post 13 an. Ich mache das Log wenn ich mir alles aufgeschrieben habe. Leider habe ich keinen Drucker.

tdsskiller mit der umbenannten Exe hat jedoch keinen Neustart gemacht.

Betreff frst.exe. Ich hab mit der Windows 7 DVD gestartet, kam auch in das Verzeichnis meines Sticks (Bei mir war es der Laufwerksbuchstabe h:\), aber beim Versuch, die frst.exe zu starten kam folgende Meldung:

"Das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden"

Geändert von subvision (02.10.2012 um 16:08 Uhr)

Antwort

Themen zu Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden
antivirus, avast, avast deaktiviert, avast free antivirus, check, comodo, computer, datei, digital, festplatte, firewall, folge, free, hintergrund, home, netzwerk, neuer virus, nexus, nodrives, personen, programm, rescue cd, scan, schädling, starten, system, trojaner, trojaner/virus, update, version., virus, visthaux.exe, windows, zufällig



Ähnliche Themen: Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden


  1. Firewall kann nicht aktiviert/deaktiviert werden. Fehlercode 0x80070424
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (28)
  2. Auf ext. Festplatte kann nicht zugegriffen werden
    Netzwerk und Hardware - 13.03.2014 (1)
  3. Avast Free kann nicht gestartet werden und Deinstalation geht auch nicht
    Log-Analyse und Auswertung - 15.02.2014 (5)
  4. Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste
    Log-Analyse und Auswertung - 26.01.2014 (3)
  5. Avast\VisthAux.exe lässt sich nicht starten + unerwünschter sleep bei Windows 7
    Log-Analyse und Auswertung - 26.12.2013 (6)
  6. Windows 7 (64bit): Avast kann nicht gestartet werden
    Log-Analyse und Auswertung - 06.11.2013 (23)
  7. Windows 7 : Sicherheitscenter bleibt deaktiviert , Microsoft Security Essentials kann nicht gestartet werden
    Log-Analyse und Auswertung - 04.09.2013 (21)
  8. Avast deaktiviert, Rechner bootet selbst neu, VisthAux.exe
    Log-Analyse und Auswertung - 14.06.2013 (33)
  9. Externe Festplatte - Quelldatei oder Quelldatenträger kann nicht gelesen werden
    Netzwerk und Hardware - 15.04.2013 (21)
  10. Avast VisthAux.exe deaktiviert (Windows 8)
    Log-Analyse und Auswertung - 22.02.2013 (13)
  11. Firewall Fehlercode 0x80070424,Microsoft Security Essentials deaktiviert,kann nicht gestartet werden
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  12. Festplatte kann nicht formatiert werden
    Netzwerk und Hardware - 12.09.2009 (10)
  13. Sound deaktiviert sich und Ip kann nach ner zeit nicht mehr gefunden werden
    Log-Analyse und Auswertung - 12.06.2009 (0)
  14. Erster Virus / Hijack&Co. Seiten werden geblockt!
    Mülltonne - 02.01.2009 (0)
  15. Datenträger kann nicht gelesen werden
    Plagegeister aller Art und deren Bekämpfung - 13.02.2008 (10)
  16. Seltsamer wahrscheinlich neuer Virus!
    Plagegeister aller Art und deren Bekämpfung - 30.09.2007 (24)
  17. CDs werden nicht mehr gelesen
    Alles rund um Windows - 02.01.2006 (5)

Zum Thema Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden - Hallo liebe Leute. Ich habe folgendes Problem. Ich nutze Windows 7 64 bit, Avast free Antivirus und die Comodo Firewall in der neuesten Version. Vom 03.09 bis zum 24.09 war - Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden...
Archiv
Du betrachtest: Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.