Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen (https://www.trojaner-board.de/105145-w7-64-bit-rootkit-whistler-kaspersky-tool-entfernt-combofix-durchlaufen-lassen.html)

rockenderbik 16.11.2011 17:14
w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen
 
Hallo, grüß euch alle,

wäre froh wenn ihr euch das mal ansehen könntet...



w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen....gmer endeckt nichts mehr. muss ich mir jetzt noch sorgen machen?


OTL logfile created on: 15.11.2011 20:06:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andy\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,77% Memory free
8,00 Gb Paging File | 5,56 Gb Available in Paging File | 69,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 13,40 Gb Free Space | 11,44% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)


========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation)
DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation)
DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation)
DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation)
DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (atillk64) -- C:\Users\Andy\Downloads\winflash\atillk64.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5B F1 92 F1 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.13 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.02 18:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.02 16:18:18 | 000,000,000 | ---D | M]

[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.14 06:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions
[2009.12.30 13:58:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions\moveplayer@movenetworks.com
[2011.09.30 09:24:38 | 000,002,481 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\exalead.xml
[2011.09.30 09:20:39 | 000,004,821 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\fireball.xml
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.22 19:34:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.30 16:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 17:50:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.15 17:55:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1985C8-D691-4C26-BEF9-42C590B355AC}: NameServer = 212.18.3.5 212.18.0.5
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.15 19:09:41 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Andy\Desktop\Tcpview.exe
[2011.11.15 17:55:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.15 17:48:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.15 17:48:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.15 17:48:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.15 17:48:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.15 17:48:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.14 21:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.13 12:21:13 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.11.13 12:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.11.13 12:21:12 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.11.13 12:21:10 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.11.13 12:21:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.11.13 12:21:09 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.11.13 12:21:09 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.11.13 12:21:08 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.11.13 12:21:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.11.13 12:21:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.11.09 18:14:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.09 18:14:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.09 18:14:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.02 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\atitray
[2011.11.02 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2011.11.02 17:18:11 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.11.02 17:18:11 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.11.02 17:18:11 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.11.02 17:18:11 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.11.02 17:18:10 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.11.02 17:18:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.11.02 17:18:10 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.11.02 17:18:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.11.02 17:18:10 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.11.02 17:18:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.11.02 17:18:10 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.11.02 17:18:09 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.11.02 17:18:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.11.02 17:18:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.11.02 17:18:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.11.02 17:18:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.11.02 17:18:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.11.02 17:18:04 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.11.02 17:18:03 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.11.02 17:18:03 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.11.02 17:18:03 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.11.02 17:18:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.11.02 17:18:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.11.02 17:18:03 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.11.02 17:17:59 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.11.02 17:17:58 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.11.02 17:17:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.11.02 17:17:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.11.02 17:17:41 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.11.02 17:17:41 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.11.02 17:16:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.11.02 17:16:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.11.01 17:59:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.11.01 17:59:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.11.01 17:59:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.11.01 17:59:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.11.01 17:59:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.11.01 17:59:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.11.01 17:59:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.11.01 17:59:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.11.01 17:59:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.11.01 17:59:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.11.01 17:59:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.11.01 17:59:00 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.11.01 17:59:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.11.01 17:59:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.11.01 17:59:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.11.01 17:52:43 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.11.01 17:52:43 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.11.01 17:52:43 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.11.01 17:51:18 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.11.01 17:51:18 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.11.01 17:51:18 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.11.01 17:51:18 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.11.01 17:51:18 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.11.01 17:51:18 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.11.01 17:51:18 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.11.01 17:51:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.11.01 17:51:15 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.11.01 17:51:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.11.01 17:51:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.11.01 17:51:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.11.01 17:51:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.11.01 17:51:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.11.01 17:51:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.11.01 17:51:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.11.01 17:51:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.11.01 17:51:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.11.01 17:51:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.11.01 17:51:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.11.01 17:51:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.11.01 17:51:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.11.01 17:50:34 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.11.01 17:50:33 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.11.01 17:50:33 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.11.01 17:50:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.11.01 17:50:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.11.01 17:50:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.11.01 17:50:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.11.01 17:50:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.11.01 17:50:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.11.01 17:50:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.11.01 17:50:31 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.11.01 17:50:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.11.01 17:50:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.11.01 17:50:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.11.01 17:50:29 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.11.01 17:50:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.11.01 17:50:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.11.01 17:50:12 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.11.01 17:50:12 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.11.01 17:50:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.11.01 17:50:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.11.01 17:50:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.11.01 17:50:10 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.11.01 17:50:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.11.01 17:50:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.11.01 17:49:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.11.01 17:49:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.11.01 17:49:55 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.11.01 17:49:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.11.01 17:49:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.11.01 17:49:53 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.11.01 17:49:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.11.01 17:49:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.11.01 17:49:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.11.01 17:49:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.11.01 17:49:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.11.01 17:49:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.11.01 17:49:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.11.01 17:47:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.11.01 17:47:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.11.01 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.11.01 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.30 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ESN Sonar
[2011.10.30 10:27:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.28 04:48:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Battlefield 3
[2011.10.28 04:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.27 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011.10.22 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.15 18:55:30 | 003,523,118 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 18:55:30 | 001,514,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 18:55:30 | 001,042,606 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 18:55:30 | 000,916,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 18:55:30 | 000,005,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 18:53:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 18:53:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.15 18:48:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 18:48:46 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 17:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.14 21:14:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.11.12 15:12:10 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.06 19:40:51 | 000,000,232 | ---- | M] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.04 14:13:22 | 000,001,852 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2011.11.03 17:22:41 | 000,001,565 | ---- | M] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | M] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:32:07 | 000,432,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.30 10:27:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.27 18:26:14 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.27 18:25:52 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.27 17:18:03 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.10.26 17:10:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.22 19:34:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.22 12:02:32 | 000,070,158 | ---- | M] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.15 17:48:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.15 17:48:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.15 17:48:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.15 17:48:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.15 17:48:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.14 21:14:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.11.06 19:40:51 | 000,000,232 | ---- | C] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.03 17:22:41 | 000,001,565 | ---- | C] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | C] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:50:52 | 000,001,007 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2011.10.27 18:03:31 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.22 12:02:29 | 000,070,158 | ---- | C] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.17 10:01:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.17 10:01:55 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:01:55 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.17 10:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.19 17:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.10 17:29:38 | 000,001,852 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2010.12.29 21:18:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.12 16:27:25 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat
[2010.10.14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.29 05:48:57 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010.08.21 12:39:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.04.22 19:34:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.03.12 15:27:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.12 14:42:19 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.08 17:55:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.08 17:55:56 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.03.02 22:01:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.16 17:49:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.02.16 17:32:19 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010.02.09 17:31:31 | 000,000,637 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.01.14 18:24:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.03 01:00:00 | 000,022,528 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 15:48:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.27 14:57:33 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.24 01:05:28 | 000,007,603 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2009.12.23 21:59:51 | 000,006,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.23 19:18:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll

========== LOP Check ==========

[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
[2011.09.30 08:40:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



ComboFix 11-11-15.01 - Andy 15.11.2011 17:49:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.4095.2190 [GMT 1:00]
ausgeführt von:: c:\users\Andy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml2693.tmp
c:\programdata\xml3A81.tmp
c:\programdata\xml4368.tmp
c:\programdata\xml4829.tmp
c:\programdata\xml4DD4.tmp
c:\programdata\xml5BE8.tmp
c:\programdata\xml6F5A.tmp
c:\programdata\xml87B9.tmp
c:\programdata\xmlAEA6.tmp
c:\programdata\xmlAFA2.tmp
c:\programdata\xmlC3CB.tmp
c:\programdata\xmlD78A.tmp
c:\programdata\xmlEAFC.tmp
c:\programdata\xmlF787.tmp
c:\programdata\xmlF9AA.tmp
c:\users\Andy\AppData\Local\Temp\sfamcc00001.dll
c:\users\Andy\AppData\Local\Temp\sfareca00001.dll
c:\users\Andy\AppData\Roaming\Local
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\FILE4D1D0B4875FB9.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\FILE5A6F448EC24E2.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\intro_megamind.avi.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe-megamind.avi.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi(2).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi(3).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D1D0B4875FB9
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5A6F448EC24E2.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(2).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(3).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(4).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_megamind.avi.ddp
c:\windows\SysWow64\out.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-15 bis 2011-11-15 ))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:12 . 2010-12-29 20:18 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-12 14:12 . 2010-03-08 17:06 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-12 09:35 . 2010-03-08 16:55 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 09:27 . 2011-06-29 17:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-27 17:25 . 2010-03-08 16:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-10-12 20:14 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:10 . 2011-07-12 02:54 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-07-12 02:27 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:39 . 2011-07-12 03:03 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:38 . 2011-07-12 02:24 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:31 . 2011-07-12 02:16 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-07-12 02:15 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-10-12 19:29 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-07-12 02:14 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:29 . 2011-10-12 19:29 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-12 15:16 . 2011-10-12 15:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 15:16 . 2011-10-12 15:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 15:14 . 2011-10-12 15:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 04:06 . 2011-01-02 13:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-21 16:59 . 2010-04-01 15:05 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-03 14:53 . 2011-09-03 14:53 140664 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
2011-09-03 14:53 . 2011-09-03 14:53 140664 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ARPPRODUCTICON.exe
2011-08-31 16:00 . 2010-10-03 13:11 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-8-9 3986552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2010-1-9 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\users\Andy\AppData\Local\Temp\VCdRom.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 atillk64;atillk64;c:\users\Andy\Downloads\winflash\atillk64.sys [2006-07-19 14608]
R3 cpuz130;cpuz130;c:\users\Andy\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-12-23 19952]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\Andy\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-81887603.sys
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:80,bd,9f,72,f2,d0,46,b5,33,09,06,c3,1a,42,90,db,e9,70,e2,db,13,f4,a3,
0e,54,77,9a,98,38,9f,1b,a0,8d,7c,2f,b8,70,9b,db,af,77,97,96,2d,fc,34,ec,dd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,91,20,96,87,0a,09,33,11,0a,b2,fd,40,3b,ec,05,29,fe,a5,bd,16,
b1,50,37,b0,70,65,b5,cc,ac,60,08,f7,8c,97,bc,d5,19,c5,e3,66,33,08,38,41,15,\
"rkeysecu"=hex:e9,92,6b,90,85,2a,a1,3a,e2,43,02,51,2e,e4,cc,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-15 18:01:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-15 17:01
.
Vor Suchlauf: 10 Verzeichnis(se), 14.792.450.048 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 14.643.798.016 Bytes frei
.
- - End Of File - - 01BEA6941B0838C9A9F6A93AC0081195

cosinus 17.11.2011 13:43
http://www.trojaner-board.de/images/icons/icon4.gif Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html http://www.trojaner-board.de/images/icons/icon4.gif
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


rockenderbik 17.11.2011 18:38
danke für deine antwort und hilfe arne,

bei compofix hatte ich nur das problem, daß ich den ati grafiktreiber neu installieren musste.

mein post von malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.11.2011 18:28:34
mbam-log-2011-11-16 (18-28-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308129
Laufzeit: 26 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

post eset onlinescan, bin aber wärend des scans offline gegangen. kann ja nicht sein daß ich die ganze zeit ungeschützt bin...seh ich das richtig?

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:22:05
# local_time=2011-11-17 05:22:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 171160 73176775 0 0
# compatibility_mode=8192 67108863 100 0 3865 3865 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:29:29
# local_time=2011-11-17 05:29:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 167795 73177010 0 0
# compatibility_mode=8192 67108863 100 0 500 500 0 0
# scanned=1436
# found=0
# cleaned=0
# scan_time=209
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 05:17:48
# local_time=2011-11-17 06:17:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 168136 73177351 0 0
# compatibility_mode=8192 67108863 100 0 841 841 0 0
# scanned=142303
# found=0
# cleaned=0
# scan_time=2767

cosinus 17.11.2011 20:19
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

rockenderbik 17.11.2011 20:25
nur der hier:Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.11.2011 18:28:34
mbam-log-2011-11-16 (18-28-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308129
Laufzeit: 26 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


und den neueren datums weil die älteren waren alle nach der infektion:

17:22:08 Andy MESSAGE IP Protection stopped
18:40:19 Andy MESSAGE IP Protection started successfully

cosinus 17.11.2011 20:29
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

rockenderbik 17.11.2011 20:30
den gibt es noch:

aber eben alt und auch nichts gefunden aber nach der infektion. avira hat gemeldet: rootkit im bootsektor d aber meine festplatte d war verschlüsselt mit dem bitlocker:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.11.2011 21:39:23
mbam-log-2011-11-14 (21-39-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 305314
Laufzeit: 23 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

rockenderbik 17.11.2011 20:33
auch die im hintergrund bei dem otl log?

cosinus 17.11.2011 20:41
Was meinst du damit? Du hast vorher ein normales OTL-Log gepostet ich möchte aber ein Log von einem CustomScan sehen.

rockenderbik 17.11.2011 21:09
ich hab gemeint ob ich auch die hintergrundprogramme schließen soll. hab jetzt alles geschlossen was ohne taskmanager geht und otl mit deinem custumscan ausgeführt, hier der log: (dank dir, daß du dich damit beschäftigst arne)OTL Logfile:
Code:
OTL logfile created on: 17.11.2011 20:49:29 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Andy\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,83% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 12,77 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive D: | 814,31 Gb Total Space | 35,32 Gb Free Space | 4,34% Space Free | Partition Type: NTFS
 
Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation)
DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation)
DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation)
DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation)
DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (atillk64) -- C:\Users\Andy\Downloads\winflash\atillk64.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5B F1 92 F1 75 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.13 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.02 18:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.02 16:18:18 | 000,000,000 | ---D | M]
 
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.14 06:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions
[2009.12.30 13:58:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions\moveplayer@movenetworks.com
[2011.09.30 09:24:38 | 000,002,481 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\exalead.xml
[2011.09.30 09:20:39 | 000,004,821 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\fireball.xml
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.22 19:34:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.30 16:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 17:50:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.15 17:55:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk - C:\PROGRA~2\DSL-MA~1\DslMgr.exe - (T-Systems Enterprise Services GmbH)
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk - C:\PROGRA~2\Trillian\trillian.exe - (Cerulean Studios)
MsConfig:64bit - StartUpReg: AAWTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HDDHealth - hkey= - key= - C:\Program Files (x86)\HDD Health\HDDHealth.exe (PANTERASoft)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: RivaTuner - hkey= - key= - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
MsConfig:64bit - StartUpReg: RivaTunerStartupDaemon - hkey= - key= - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm (www)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - xvidvfw.dll ()
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.15 19:09:41 | 000,300,832 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Andy\Desktop\Tcpview.exe
[2011.11.15 17:55:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.15 17:48:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.15 17:48:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.15 17:48:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.15 17:48:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.15 17:48:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.14 21:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.13 12:21:13 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.11.13 12:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.11.13 12:21:12 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.11.13 12:21:10 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.11.13 12:21:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.11.13 12:21:09 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.11.13 12:21:09 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.11.13 12:21:08 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.11.13 12:21:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.11.13 12:21:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.11.02 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\atitray
[2011.11.02 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2011.11.01 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.11.01 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.30 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ESN Sonar
[2011.10.30 10:27:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.28 04:48:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Battlefield 3
[2011.10.28 04:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.27 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011.10.22 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.17 16:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 20:07:19 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.11.16 16:57:29 | 003,539,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.16 16:57:29 | 001,519,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.16 16:57:29 | 001,047,778 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.16 16:57:29 | 000,921,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.16 16:57:29 | 000,005,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.16 16:57:01 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 16:57:01 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 22:35:36 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.15 17:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.14 21:14:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.11.12 15:12:10 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.06 19:40:51 | 000,000,232 | ---- | M] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.04 14:13:22 | 000,001,852 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2011.11.03 17:22:41 | 000,001,565 | ---- | M] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | M] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:32:07 | 000,432,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.27 18:26:14 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.27 18:25:52 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.26 17:10:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.22 19:34:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.22 12:02:32 | 000,070,158 | ---- | M] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.15 17:48:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.15 17:48:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.15 17:48:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.15 17:48:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.15 17:48:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.14 21:14:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.11.06 19:40:51 | 000,000,232 | ---- | C] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.03 17:22:41 | 000,001,565 | ---- | C] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | C] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:50:52 | 000,001,007 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2011.10.27 18:03:31 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.22 12:02:29 | 000,070,158 | ---- | C] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.17 10:01:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.17 10:01:55 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:01:55 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.17 10:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.19 17:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.10 17:29:38 | 000,001,852 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2010.12.29 21:18:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.12 16:27:25 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat
[2010.10.14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.29 05:48:57 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010.08.21 12:39:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.04.22 19:34:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.03.12 15:27:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.12 14:42:19 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.08 17:55:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.08 17:55:56 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.03.02 22:01:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.16 17:49:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.02.16 17:32:19 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010.02.09 17:31:31 | 000,000,637 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.01.14 18:24:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.03 01:00:00 | 000,022,528 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 15:48:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.27 14:57:33 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.24 01:05:28 | 000,007,603 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2009.12.23 21:59:51 | 000,006,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.23 19:18:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
 
========== LOP Check ==========
 
[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
[2011.09.30 08:40:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.10 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Adobe
[2011.04.19 17:27:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ATI
[2011.11.02 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\atitray
[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.12.26 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DivX
[2010.12.24 09:40:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\dvdcss
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2011.04.21 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\HP
[2009.12.23 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Identities
[2010.10.10 05:43:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\InstallShield
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.04.01 16:03:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Logishrd
[2010.04.01 16:06:06 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Logitech
[2009.12.23 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Macromedia
[2010.10.03 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Center Programs
[2010.04.21 21:17:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Player Classic
[2011.05.16 19:11:32 | 000,000,000 | --SD | M] -- C:\Users\Andy\AppData\Roaming\Microsoft
[2010.01.09 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla
[2009.12.27 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nero
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2009.12.23 21:38:09 | 000,000,000 | RH-D | M] -- C:\Users\Andy\AppData\Roaming\SecuROM
[2011.11.16 20:05:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Skype
[2011.10.22 19:30:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\skypePM
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2011.05.18 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\vlc
[2010.08.06 11:38:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Winamp
[2010.01.02 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WinRAR
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2010.04.01 16:06:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.09.03 15:53:24 | 000,140,664 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ARPPRODUCTICON.exe
[2011.09.03 15:53:24 | 000,140,664 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.12.23 20:30:37 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\Andy\Downloads\Intel_HECI_MB\8.9.0.1023\f6flpy64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.12.23 20:30:36 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Andy\Downloads\Intel_HECI_MB\8.9.0.1023\f6flpy32\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
--- --- ---

rockenderbik 17.11.2011 21:25
das macht mir sorgen, kenn ich gar nicht. was hat das zu bedeuten?

MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()

cosinus 17.11.2011 22:17
Eine simple Goolesuche nach den Dateinamen hilft ja schon weiter. Das sind Dateien von Speedfan!

Hast du die alten Logs von Kaspersky noch? Bitte alles posten.
Das OTL-Log ist soweit ok.

rockenderbik 18.11.2011 06:14
hatte ich vor deiner nachricht schon gemacht, trozdem danke...*g*
tdsskiller hab ich mehrmals durchlaufen lassen...

13:57:27.0034 4696 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
13:57:27.0180 4696 ============================================================
13:57:27.0180 4696 Current date / time: 2011/11/13 13:57:27.0180
13:57:27.0180 4696 SystemInfo:
13:57:27.0181 4696
13:57:27.0181 4696 OS Version: 6.1.7600 ServicePack: 0.0
13:57:27.0181 4696 Product type: Workstation
13:57:27.0181 4696 ComputerName: ANDY-PC
13:57:27.0181 4696 UserName: Andy
13:57:27.0181 4696 Windows directory: C:\Windows
13:57:27.0181 4696 System windows directory: C:\Windows
13:57:27.0181 4696 Running under WOW64
13:57:27.0181 4696 Processor architecture: Intel x64
13:57:27.0181 4696 Number of processors: 4
13:57:27.0181 4696 Page size: 0x1000
13:57:27.0181 4696 Boot type: Normal boot
13:57:27.0181 4696 ============================================================
13:57:28.0007 4696 Initialize success
13:57:40.0350 4316 ============================================================
13:57:40.0350 4316 Scan started
13:57:40.0350 4316 Mode: Manual;
13:57:40.0350 4316 ============================================================
13:57:41.0215 4316 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
13:57:41.0219 4316 1394ohci - ok
13:57:41.0266 4316 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
13:57:41.0271 4316 ACPI - ok
13:57:41.0302 4316 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
13:57:41.0303 4316 AcpiPmi - ok
13:57:41.0331 4316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:41.0337 4316 adp94xx - ok
13:57:41.0351 4316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:57:41.0355 4316 adpahci - ok
13:57:41.0366 4316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:57:41.0369 4316 adpu320 - ok
13:57:41.0411 4316 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:57:41.0416 4316 AFD - ok
13:57:41.0432 4316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:57:41.0434 4316 agp440 - ok
13:57:41.0449 4316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:57:41.0450 4316 aliide - ok
13:57:41.0485 4316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:57:41.0485 4316 amdide - ok
13:57:41.0495 4316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:57:41.0496 4316 AmdK8 - ok
13:57:41.0658 4316 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:41.0741 4316 amdkmdag - ok
13:57:41.0765 4316 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
13:57:41.0767 4316 amdkmdap - ok
13:57:41.0779 4316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:57:41.0780 4316 AmdPPM - ok
13:57:41.0808 4316 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:57:41.0810 4316 amdsata - ok
13:57:41.0823 4316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:41.0825 4316 amdsbs - ok
13:57:41.0842 4316 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:57:41.0843 4316 amdxata - ok
13:57:41.0864 4316 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:57:41.0865 4316 AppID - ok
13:57:41.0896 4316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:57:41.0897 4316 arc - ok
13:57:41.0910 4316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:57:41.0912 4316 arcsas - ok
13:57:41.0953 4316 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
13:57:41.0953 4316 aswFsBlk - ok
13:57:41.0992 4316 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
13:57:41.0994 4316 aswMonFlt - ok
13:57:42.0008 4316 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
13:57:42.0009 4316 aswRdr - ok
13:57:42.0028 4316 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
13:57:42.0034 4316 aswSnx - ok
13:57:42.0056 4316 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
13:57:42.0059 4316 aswSP - ok
13:57:42.0078 4316 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
13:57:42.0079 4316 aswTdi - ok
13:57:42.0102 4316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:42.0103 4316 AsyncMac - ok
13:57:42.0134 4316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:57:42.0135 4316 atapi - ok
13:57:42.0197 4316 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
13:57:42.0199 4316 AtiHDAudioService - ok
13:57:42.0252 4316 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:57:42.0254 4316 AtiHdmiService - ok
13:57:42.0332 4316 atillk64 (26d973d6d9a0d133dfda7d8c1adc04b7) C:\Users\Andy\Downloads\winflash\atillk64.sys
13:57:42.0333 4316 atillk64 - ok
13:57:42.0345 4316 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
13:57:42.0347 4316 ATITool - ok
13:57:42.0388 4316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:57:42.0394 4316 b06bdrv - ok
13:57:42.0420 4316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:42.0424 4316 b57nd60a - ok
13:57:42.0458 4316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:42.0459 4316 Beep - ok
13:57:42.0491 4316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:42.0493 4316 blbdrive - ok
13:57:42.0540 4316 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:57:42.0542 4316 bowser - ok
13:57:42.0561 4316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:42.0562 4316 BrFiltLo - ok
13:57:42.0569 4316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:42.0570 4316 BrFiltUp - ok
13:57:42.0583 4316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:42.0587 4316 Brserid - ok
13:57:42.0599 4316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:42.0600 4316 BrSerWdm - ok
13:57:42.0616 4316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:42.0617 4316 BrUsbMdm - ok
13:57:42.0624 4316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:42.0625 4316 BrUsbSer - ok
13:57:42.0640 4316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:42.0641 4316 BTHMODEM - ok
13:57:42.0663 4316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:42.0664 4316 cdfs - ok
13:57:42.0711 4316 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
13:57:42.0714 4316 cdrom - ok
13:57:42.0723 4316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:57:42.0725 4316 circlass - ok
13:57:42.0758 4316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:42.0763 4316 CLFS - ok
13:57:42.0792 4316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:42.0793 4316 CmBatt - ok
13:57:42.0809 4316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:57:42.0810 4316 cmdide - ok
13:57:42.0834 4316 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:57:42.0839 4316 CNG - ok
13:57:42.0846 4316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:42.0847 4316 Compbatt - ok
13:57:42.0886 4316 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
13:57:42.0887 4316 CompositeBus - ok
13:57:42.0910 4316 cpuz130 - ok
13:57:42.0930 4316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:42.0931 4316 crcdisk - ok
13:57:42.0958 4316 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:57:42.0964 4316 CSC - ok
13:57:42.0996 4316 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:57:42.0998 4316 DfsC - ok
13:57:43.0015 4316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:43.0016 4316 discache - ok
13:57:43.0041 4316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:57:43.0042 4316 Disk - ok
13:57:43.0104 4316 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:57:43.0106 4316 Dot4 - ok
13:57:43.0129 4316 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:57:43.0130 4316 Dot4Print - ok
13:57:43.0146 4316 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:57:43.0147 4316 dot4usb - ok
13:57:43.0182 4316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:43.0183 4316 drmkaud - ok
13:57:43.0229 4316 DslMNLwf (d52eeb224df107aad9059597f0eb95cc) C:\Windows\system32\DRIVERS\dslmnlwf.sys
13:57:43.0230 4316 DslMNLwf - ok
13:57:43.0264 4316 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:43.0274 4316 DXGKrnl - ok
13:57:43.0341 4316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:57:43.0371 4316 ebdrv - ok
13:57:43.0416 4316 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:57:43.0418 4316 ElbyCDIO - ok
13:57:43.0440 4316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:57:43.0446 4316 elxstor - ok
13:57:43.0482 4316 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
13:57:43.0484 4316 ENTECH64 - ok
13:57:43.0508 4316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:57:43.0509 4316 ErrDev - ok
13:57:43.0539 4316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:43.0541 4316 exfat - ok
13:57:43.0556 4316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:43.0559 4316 fastfat - ok
13:57:43.0584 4316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:57:43.0585 4316 fdc - ok
13:57:43.0603 4316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:43.0604 4316 FileInfo - ok
13:57:43.0615 4316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:43.0616 4316 Filetrace - ok
13:57:43.0642 4316 FLASHSYS - ok
13:57:43.0657 4316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:43.0658 4316 flpydisk - ok
13:57:43.0679 4316 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:57:43.0682 4316 FltMgr - ok
13:57:43.0694 4316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:43.0695 4316 FsDepends - ok
13:57:43.0708 4316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:43.0709 4316 Fs_Rec - ok
13:57:43.0738 4316 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:43.0741 4316 fvevol - ok
13:57:43.0757 4316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:43.0759 4316 gagp30kx - ok
13:57:43.0773 4316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:43.0775 4316 hcw85cir - ok
13:57:43.0813 4316 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:57:43.0817 4316 HdAudAddService - ok
13:57:43.0837 4316 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:43.0839 4316 HDAudBus - ok
13:57:43.0852 4316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:43.0854 4316 HidBatt - ok
13:57:43.0870 4316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:57:43.0872 4316 HidBth - ok
13:57:43.0885 4316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:57:43.0887 4316 HidIr - ok
13:57:43.0934 4316 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:57:43.0935 4316 HidUsb - ok
13:57:43.0946 4316 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
13:57:43.0948 4316 HpSAMD - ok
13:57:43.0982 4316 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:57:43.0989 4316 HTTP - ok
13:57:43.0999 4316 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:57:44.0000 4316 hwpolicy - ok
13:57:44.0022 4316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:57:44.0024 4316 i8042prt - ok
13:57:44.0076 4316 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:57:44.0081 4316 iaStor - ok
13:57:44.0109 4316 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:57:44.0114 4316 iaStorV - ok
13:57:44.0145 4316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:57:44.0146 4316 iirsp - ok
13:57:44.0231 4316 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:44.0254 4316 IntcAzAudAddService - ok
13:57:44.0280 4316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:57:44.0281 4316 intelide - ok
13:57:44.0302 4316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:44.0304 4316 intelppm - ok
13:57:44.0319 4316 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:44.0321 4316 IpFilterDriver - ok
13:57:44.0338 4316 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
13:57:44.0339 4316 IPMIDRV - ok
13:57:44.0353 4316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:44.0355 4316 IPNAT - ok
13:57:44.0385 4316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:44.0386 4316 IRENUM - ok
13:57:44.0404 4316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:57:44.0405 4316 isapnp - ok
13:57:44.0414 4316 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
13:57:44.0417 4316 iScsiPrt - ok
13:57:44.0438 4316 iteio - ok
13:57:44.0454 4316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:44.0455 4316 kbdclass - ok
13:57:44.0483 4316 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:44.0484 4316 kbdhid - ok
13:57:44.0498 4316 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:57:44.0500 4316 KSecDD - ok
13:57:44.0511 4316 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:44.0514 4316 KSecPkg - ok
13:57:44.0522 4316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:44.0523 4316 ksthunk - ok
13:57:44.0599 4316 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:57:44.0601 4316 LHidFilt - ok
13:57:44.0636 4316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:44.0638 4316 lltdio - ok
13:57:44.0652 4316 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:57:44.0654 4316 LMouFilt - ok
13:57:44.0671 4316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:44.0673 4316 LSI_FC - ok
13:57:44.0683 4316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:44.0685 4316 LSI_SAS - ok
13:57:44.0699 4316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:44.0700 4316 LSI_SAS2 - ok
13:57:44.0726 4316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:44.0727 4316 LSI_SCSI - ok
13:57:44.0751 4316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:44.0753 4316 luafv - ok
13:57:44.0772 4316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:57:44.0773 4316 megasas - ok
13:57:44.0790 4316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:44.0793 4316 MegaSR - ok
13:57:44.0816 4316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:44.0817 4316 Modem - ok
13:57:44.0837 4316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:44.0838 4316 monitor - ok
13:57:44.0849 4316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:57:44.0851 4316 mouclass - ok
13:57:44.0861 4316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:44.0863 4316 mouhid - ok
13:57:44.0874 4316 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:57:44.0876 4316 mountmgr - ok
13:57:44.0907 4316 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
13:57:44.0909 4316 mpio - ok
13:57:44.0924 4316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:44.0925 4316 mpsdrv - ok
13:57:44.0943 4316 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:57:44.0946 4316 MRxDAV - ok
13:57:44.0975 4316 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:44.0977 4316 mrxsmb - ok
13:57:45.0014 4316 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:45.0017 4316 mrxsmb10 - ok
13:57:45.0034 4316 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:45.0036 4316 mrxsmb20 - ok
13:57:45.0044 4316 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
13:57:45.0045 4316 msahci - ok
13:57:45.0064 4316 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
13:57:45.0067 4316 msdsm - ok
13:57:45.0094 4316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:45.0095 4316 Msfs - ok
13:57:45.0111 4316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:45.0113 4316 mshidkmdf - ok
13:57:45.0127 4316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:57:45.0128 4316 msisadrv - ok
13:57:45.0157 4316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:45.0158 4316 MSKSSRV - ok
13:57:45.0175 4316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:45.0177 4316 MSPCLOCK - ok
13:57:45.0190 4316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:45.0191 4316 MSPQM - ok
13:57:45.0213 4316 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:57:45.0217 4316 MsRPC - ok
13:57:45.0236 4316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:57:45.0238 4316 mssmbios - ok
13:57:45.0245 4316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:45.0246 4316 MSTEE - ok
13:57:45.0260 4316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:45.0262 4316 MTConfig - ok
13:57:45.0279 4316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:45.0281 4316 Mup - ok
13:57:45.0322 4316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:45.0327 4316 NativeWifiP - ok
13:57:45.0356 4316 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:57:45.0366 4316 NDIS - ok
13:57:45.0380 4316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:45.0381 4316 NdisCap - ok
13:57:45.0399 4316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:45.0401 4316 NdisTapi - ok
13:57:45.0420 4316 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:45.0422 4316 Ndisuio - ok
13:57:45.0442 4316 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:45.0444 4316 NdisWan - ok
13:57:45.0453 4316 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:57:45.0454 4316 NDProxy - ok
13:57:45.0500 4316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:45.0501 4316 NetBIOS - ok
13:57:45.0521 4316 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:57:45.0523 4316 NetBT - ok
13:57:45.0565 4316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:45.0566 4316 nfrd960 - ok
13:57:45.0578 4316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:45.0579 4316 Npfs - ok
13:57:45.0601 4316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:45.0602 4316 nsiproxy - ok
13:57:45.0645 4316 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:57:45.0660 4316 Ntfs - ok
13:57:45.0673 4316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:45.0674 4316 Null - ok
13:57:45.0704 4316 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:57:45.0706 4316 nvraid - ok
13:57:45.0722 4316 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:57:45.0724 4316 nvstor - ok
13:57:45.0755 4316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:57:45.0757 4316 nv_agp - ok
13:57:45.0785 4316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:57:45.0787 4316 ohci1394 - ok
13:57:45.0825 4316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:57:45.0826 4316 Parport - ok
13:57:45.0843 4316 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:57:45.0844 4316 partmgr - ok
13:57:45.0905 4316 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
13:57:45.0905 4316 pbfilter - ok
13:57:45.0922 4316 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
13:57:45.0924 4316 pci - ok
13:57:45.0953 4316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:57:45.0955 4316 pciide - ok
13:57:45.0963 4316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:45.0965 4316 pcmcia - ok
13:57:45.0972 4316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:45.0973 4316 pcw - ok
13:57:45.0995 4316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:46.0002 4316 PEAUTH - ok
13:57:46.0067 4316 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:46.0068 4316 PptpMiniport - ok
13:57:46.0080 4316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:57:46.0081 4316 Processor - ok
13:57:46.0117 4316 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:57:46.0120 4316 Psched - ok
13:57:46.0159 4316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:57:46.0172 4316 ql2300 - ok
13:57:46.0181 4316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:46.0183 4316 ql40xx - ok
13:57:46.0199 4316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:46.0200 4316 QWAVEdrv - ok
13:57:46.0217 4316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:46.0218 4316 RasAcd - ok
13:57:46.0245 4316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:46.0247 4316 RasAgileVpn - ok
13:57:46.0263 4316 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:46.0265 4316 Rasl2tp - ok
13:57:46.0288 4316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:46.0290 4316 RasPppoe - ok
13:57:46.0306 4316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:46.0308 4316 RasSstp - ok
13:57:46.0324 4316 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:46.0327 4316 rdbss - ok
13:57:46.0355 4316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:46.0356 4316 rdpbus - ok
13:57:46.0365 4316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:46.0366 4316 RDPCDD - ok
13:57:46.0385 4316 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:57:46.0387 4316 RDPDR - ok
13:57:46.0404 4316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:46.0405 4316 RDPENCDD - ok
13:57:46.0414 4316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:46.0415 4316 RDPREFMP - ok
13:57:46.0428 4316 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:57:46.0431 4316 RDPWD - ok
13:57:46.0448 4316 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:57:46.0450 4316 rdyboost - ok
13:57:46.0509 4316 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
13:57:46.0511 4316 RivaTuner64 - ok
13:57:46.0542 4316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:46.0544 4316 rspndr - ok
13:57:46.0578 4316 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:57:46.0582 4316 RTL8167 - ok
13:57:46.0628 4316 s115bus (e0f0977caafdf719929c8ca02a1c5147) C:\Windows\system32\DRIVERS\s115bus.sys
13:57:46.0630 4316 s115bus - ok
13:57:46.0647 4316 s115mdfl (136328e6c3086a19eb3154058bc7b3a3) C:\Windows\system32\DRIVERS\s115mdfl.sys
13:57:46.0648 4316 s115mdfl - ok
13:57:46.0658 4316 s115mdm (54552277de7eae1a2e108a4cff7abb07) C:\Windows\system32\DRIVERS\s115mdm.sys
13:57:46.0661 4316 s115mdm - ok
13:57:46.0686 4316 s115mgmt (e9b3966836cb9c2107264e44249267df) C:\Windows\system32\DRIVERS\s115mgmt.sys
13:57:46.0688 4316 s115mgmt - ok
13:57:46.0714 4316 s115obex (f6ab3b6e35981c4f3fed4198d3f29674) C:\Windows\system32\DRIVERS\s115obex.sys
13:57:46.0716 4316 s115obex - ok
13:57:46.0750 4316 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
13:57:46.0752 4316 s3cap - ok
13:57:46.0771 4316 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
13:57:46.0773 4316 sbp2port - ok
13:57:46.0783 4316 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:46.0785 4316 scfilter - ok
13:57:46.0811 4316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:46.0813 4316 secdrv - ok
13:57:46.0836 4316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:57:46.0837 4316 Serenum - ok
13:57:46.0865 4316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:57:46.0867 4316 Serial - ok
13:57:46.0895 4316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:57:46.0896 4316 sermouse - ok
13:57:46.0926 4316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:57:46.0928 4316 sffdisk - ok
13:57:46.0941 4316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:57:46.0943 4316 sffp_mmc - ok
13:57:46.0951 4316 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
13:57:46.0953 4316 sffp_sd - ok
13:57:46.0968 4316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:46.0970 4316 sfloppy - ok
13:57:46.0990 4316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:46.0991 4316 SiSRaid2 - ok
13:57:47.0008 4316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:47.0009 4316 SiSRaid4 - ok
13:57:47.0028 4316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:47.0030 4316 Smb - ok
13:57:47.0068 4316 speedfan - ok
13:57:47.0087 4316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:47.0088 4316 spldr - ok
13:57:47.0142 4316 sptd (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\system32\Drivers\sptd.sys
13:57:47.0142 4316 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4c33f139236fd9bd14a920f60c1cb072
13:57:47.0144 4316 sptd ( LockedFile.Multi.Generic ) - warning
13:57:47.0144 4316 sptd - detected LockedFile.Multi.Generic (1)
13:57:47.0179 4316 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:57:47.0185 4316 srv - ok
13:57:47.0201 4316 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:57:47.0206 4316 srv2 - ok
13:57:47.0244 4316 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:47.0247 4316 srvnet - ok
13:57:47.0265 4316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:57:47.0267 4316 stexstor - ok
13:57:47.0289 4316 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
13:57:47.0291 4316 storflt - ok
13:57:47.0307 4316 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
13:57:47.0308 4316 storvsc - ok
13:57:47.0316 4316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:57:47.0318 4316 swenum - ok
13:57:47.0382 4316 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
13:57:47.0399 4316 Tcpip - ok
13:57:47.0427 4316 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:47.0436 4316 TCPIP6 - ok
13:57:47.0453 4316 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:57:47.0454 4316 tcpipreg - ok
13:57:47.0512 4316 Tcpz-x64 - ok
13:57:47.0528 4316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:47.0529 4316 TDPIPE - ok
13:57:47.0553 4316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:57:47.0554 4316 TDTCP - ok
13:57:47.0578 4316 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:57:47.0580 4316 tdx - ok
13:57:47.0596 4316 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
13:57:47.0598 4316 TermDD - ok
13:57:47.0624 4316 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:47.0625 4316 tssecsrv - ok
13:57:47.0650 4316 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:47.0652 4316 tunnel - ok
13:57:47.0678 4316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:57:47.0680 4316 uagp35 - ok
13:57:47.0702 4316 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:57:47.0706 4316 udfs - ok
13:57:47.0737 4316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:57:47.0738 4316 uliagpkx - ok
13:57:47.0768 4316 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
13:57:47.0769 4316 umbus - ok
13:57:47.0786 4316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:57:47.0787 4316 UmPass - ok
13:57:47.0859 4316 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:47.0873 4316 usbccgp - ok
13:57:47.0930 4316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:57:47.0940 4316 usbcir - ok
13:57:47.0970 4316 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:47.0971 4316 usbehci - ok
13:57:47.0984 4316 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:47.0987 4316 usbhub - ok
13:57:48.0000 4316 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:57:48.0001 4316 usbohci - ok
13:57:48.0014 4316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:48.0015 4316 usbprint - ok
13:57:48.0046 4316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:57:48.0048 4316 usbscan - ok
13:57:48.0068 4316 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
13:57:48.0070 4316 USBSTOR - ok
13:57:48.0085 4316 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:57:48.0087 4316 usbuhci - ok
13:57:48.0110 4316 vcdrom - ok
13:57:48.0150 4316 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
13:57:48.0151 4316 VClone - ok
13:57:48.0167 4316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:57:48.0169 4316 vdrvroot - ok
13:57:48.0191 4316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:48.0193 4316 vga - ok
13:57:48.0207 4316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:48.0208 4316 VgaSave - ok
13:57:48.0243 4316 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
13:57:48.0246 4316 vhdmp - ok
13:57:48.0274 4316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:57:48.0276 4316 viaide - ok
13:57:48.0305 4316 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
13:57:48.0308 4316 vmbus - ok
13:57:48.0325 4316 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
13:57:48.0326 4316 VMBusHID - ok
13:57:48.0343 4316 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
13:57:48.0345 4316 volmgr - ok
13:57:48.0366 4316 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:57:48.0371 4316 volmgrx - ok
13:57:48.0392 4316 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
13:57:48.0396 4316 volsnap - ok
13:57:48.0421 4316 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
13:57:48.0424 4316 vpcbus - ok
13:57:48.0443 4316 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:57:48.0445 4316 vpcnfltr - ok
13:57:48.0474 4316 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
13:57:48.0476 4316 vpcusb - ok
13:57:48.0517 4316 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
13:57:48.0521 4316 vpcvmm - ok
13:57:48.0549 4316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:48.0551 4316 vsmraid - ok
13:57:48.0576 4316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:48.0577 4316 vwifibus - ok
13:57:48.0594 4316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:57:48.0596 4316 WacomPen - ok
13:57:48.0621 4316 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:48.0623 4316 WANARP - ok
13:57:48.0627 4316 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:48.0628 4316 Wanarpv6 - ok
13:57:48.0652 4316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:57:48.0654 4316 Wd - ok
13:57:48.0674 4316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:48.0681 4316 Wdf01000 - ok
13:57:48.0720 4316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:48.0721 4316 WfpLwf - ok
13:57:48.0739 4316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:48.0740 4316 WIMMount - ok
13:57:48.0774 4316 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:48.0775 4316 WinUsb - ok
13:57:48.0805 4316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:57:48.0806 4316 WmiAcpi - ok
13:57:48.0828 4316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:48.0829 4316 ws2ifsl - ok
13:57:48.0856 4316 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:57:48.0858 4316 WudfPf - ok
13:57:48.0889 4316 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:48.0891 4316 WUDFRd - ok
13:57:48.0922 4316 zntport - ok
13:57:48.0933 4316 MBR (0x1B8) (e24810ee950b6f5f27cb02111df934e3) \Device\Harddisk0\DR0
13:57:48.0933 4316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
13:57:48.0933 4316 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
13:57:48.0939 4316 Boot (0x1200) (b53ff22f5333bc165a38abbb47576bf6) \Device\Harddisk0\DR0\Partition0
13:57:48.0939 4316 \Device\Harddisk0\DR0\Partition0 - ok
13:57:48.0958 4316 Boot (0x1200) (d3efc9492dcb9cff9420909ecd0c28f1) \Device\Harddisk0\DR0\Partition1
13:57:48.0958 4316 \Device\Harddisk0\DR0\Partition1 - ok
13:57:48.0959 4316 ============================================================
13:57:48.0959 4316 Scan finished
13:57:48.0959 4316 ============================================================
13:57:48.0965 3524 Detected object count: 2
13:57:48.0965 3524 Actual detected object count: 2
14:00:36.0110 3524 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
14:00:36.0128 3524 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
14:00:36.0140 3524 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
14:00:36.0140 3524 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
14:00:36.0176 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
14:00:36.0176 3524 \Device\Harddisk0\DR0 - ok
14:00:36.0176 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
14:00:44.0546 4780 Deinitialize success


Vielen Dank erst mal Arne,

Gruß, Andy

rockenderbik 18.11.2011 06:19
das hab ich noch gefunden,

06:17:16 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8085, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 9000, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8090, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 1080, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8088, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 73, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 3128, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8008, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 7212, Process: svchost.exe)

cosinus 18.11.2011 11:34
Und das Rootkit wird nun nicht mehr angezeigt vom TDSS-Killer?

rockenderbik 18.11.2011 13:32
Nein wird nicht mehr angezeigt. Habs noch mit Bootkit Remover gegengecheckt. Der IP Block war von Malwarebytes...
Hier noch ein Post vom TDSS-Killer, heut früh hat die Zeit nicht gereicht, musste in die Arbeit:

14:03:15.0918 4412 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
14:03:15.0980 4412 ============================================================
14:03:15.0980 4412 Current date / time: 2011/11/13 14:03:15.0980
14:03:15.0980 4412 SystemInfo:
14:03:15.0980 4412
14:03:15.0980 4412 OS Version: 6.1.7600 ServicePack: 0.0
14:03:15.0980 4412 Product type: Workstation
14:03:15.0980 4412 ComputerName: ANDY-PC
14:03:15.0980 4412 UserName: Andy
14:03:15.0980 4412 Windows directory: C:\Windows
14:03:15.0980 4412 System windows directory: C:\Windows
14:03:15.0980 4412 Running under WOW64
14:03:15.0980 4412 Processor architecture: Intel x64
14:03:15.0980 4412 Number of processors: 4
14:03:15.0980 4412 Page size: 0x1000
14:03:15.0980 4412 Boot type: Normal boot
14:03:15.0980 4412 ============================================================
14:03:18.0118 4412 Initialize success
14:03:23.0999 4720 ============================================================
14:03:23.0999 4720 Scan started
14:03:23.0999 4720 Mode: Manual;
14:03:23.0999 4720 ============================================================
14:03:24.0982 4720 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
14:03:24.0982 4720 1394ohci - ok
14:03:24.0997 4720 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
14:03:24.0997 4720 ACPI - ok
14:03:25.0028 4720 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
14:03:25.0028 4720 AcpiPmi - ok
14:03:25.0075 4720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:03:25.0091 4720 adp94xx - ok
14:03:25.0106 4720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:03:25.0106 4720 adpahci - ok
14:03:25.0122 4720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:03:25.0122 4720 adpu320 - ok
14:03:25.0169 4720 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:03:25.0169 4720 AFD - ok
14:03:25.0184 4720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:03:25.0184 4720 agp440 - ok
14:03:25.0216 4720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:03:25.0231 4720 aliide - ok
14:03:25.0262 4720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:03:25.0262 4720 amdide - ok
14:03:25.0278 4720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:03:25.0278 4720 AmdK8 - ok
14:03:25.0450 4720 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
14:03:25.0543 4720 amdkmdag - ok
14:03:25.0559 4720 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
14:03:25.0559 4720 amdkmdap - ok
14:03:25.0574 4720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:03:25.0574 4720 AmdPPM - ok
14:03:25.0590 4720 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:03:25.0590 4720 amdsata - ok
14:03:25.0606 4720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:03:25.0606 4720 amdsbs - ok
14:03:25.0621 4720 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:03:25.0621 4720 amdxata - ok
14:03:25.0652 4720 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:03:25.0652 4720 AppID - ok
14:03:25.0684 4720 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:03:25.0684 4720 arc - ok
14:03:25.0699 4720 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:03:25.0699 4720 arcsas - ok
14:03:25.0730 4720 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
14:03:25.0730 4720 aswFsBlk - ok
14:03:25.0777 4720 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
14:03:25.0777 4720 aswMonFlt - ok
14:03:25.0793 4720 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
14:03:25.0793 4720 aswRdr - ok
14:03:25.0824 4720 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
14:03:25.0824 4720 aswSnx - ok
14:03:25.0840 4720 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
14:03:25.0855 4720 aswSP - ok
14:03:25.0871 4720 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
14:03:25.0871 4720 aswTdi - ok
14:03:25.0886 4720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:03:25.0886 4720 AsyncMac - ok
14:03:25.0918 4720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:03:25.0933 4720 atapi - ok
14:03:25.0980 4720 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
14:03:25.0996 4720 AtiHDAudioService - ok
14:03:26.0027 4720 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:03:26.0042 4720 AtiHdmiService - ok
14:03:26.0120 4720 atillk64 (26d973d6d9a0d133dfda7d8c1adc04b7) C:\Users\Andy\Downloads\winflash\atillk64.sys
14:03:26.0120 4720 atillk64 - ok
14:03:26.0120 4720 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
14:03:26.0136 4720 ATITool - ok
14:03:26.0167 4720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:03:26.0183 4720 b06bdrv - ok
14:03:26.0198 4720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:03:26.0198 4720 b57nd60a - ok
14:03:26.0245 4720 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:03:26.0245 4720 Beep - ok
14:03:26.0276 4720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:03:26.0276 4720 blbdrive - ok
14:03:26.0323 4720 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:03:26.0339 4720 bowser - ok
14:03:26.0354 4720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:03:26.0354 4720 BrFiltLo - ok
14:03:26.0354 4720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:03:26.0354 4720 BrFiltUp - ok
14:03:26.0370 4720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:03:26.0370 4720 Brserid - ok
14:03:26.0386 4720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:03:26.0386 4720 BrSerWdm - ok
14:03:26.0401 4720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:03:26.0401 4720 BrUsbMdm - ok
14:03:26.0417 4720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:03:26.0417 4720 BrUsbSer - ok
14:03:26.0432 4720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:03:26.0432 4720 BTHMODEM - ok
14:03:26.0448 4720 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:03:26.0448 4720 cdfs - ok
14:03:26.0495 4720 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
14:03:26.0510 4720 cdrom - ok
14:03:26.0510 4720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:03:26.0510 4720 circlass - ok
14:03:26.0542 4720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:03:26.0557 4720 CLFS - ok
14:03:26.0588 4720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:03:26.0588 4720 CmBatt - ok
14:03:26.0604 4720 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:03:26.0604 4720 cmdide - ok
14:03:26.0620 4720 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:03:26.0635 4720 CNG - ok
14:03:26.0635 4720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:03:26.0635 4720 Compbatt - ok
14:03:26.0682 4720 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
14:03:26.0682 4720 CompositeBus - ok
14:03:26.0698 4720 cpuz130 - ok
14:03:26.0713 4720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:03:26.0729 4720 crcdisk - ok
14:03:26.0744 4720 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
14:03:26.0760 4720 CSC - ok
14:03:26.0791 4720 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:03:26.0791 4720 DfsC - ok
14:03:26.0807 4720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:03:26.0822 4720 discache - ok
14:03:26.0838 4720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:03:26.0838 4720 Disk - ok
14:03:26.0900 4720 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:03:26.0900 4720 Dot4 - ok
14:03:26.0916 4720 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:03:26.0916 4720 Dot4Print - ok
14:03:26.0932 4720 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:03:26.0932 4720 dot4usb - ok
14:03:26.0978 4720 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:03:26.0978 4720 drmkaud - ok
14:03:27.0025 4720 DslMNLwf (d52eeb224df107aad9059597f0eb95cc) C:\Windows\system32\DRIVERS\dslmnlwf.sys
14:03:27.0025 4720 DslMNLwf - ok
14:03:27.0056 4720 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:03:27.0072 4720 DXGKrnl - ok
14:03:27.0119 4720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:03:27.0150 4720 ebdrv - ok
14:03:27.0212 4720 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:03:27.0212 4720 ElbyCDIO - ok
14:03:27.0228 4720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:03:27.0244 4720 elxstor - ok
14:03:27.0275 4720 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
14:03:27.0275 4720 ENTECH64 - ok
14:03:27.0306 4720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:03:27.0306 4720 ErrDev - ok
14:03:27.0322 4720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:03:27.0337 4720 exfat - ok
14:03:27.0353 4720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:03:27.0353 4720 fastfat - ok
14:03:27.0368 4720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:03:27.0368 4720 fdc - ok
14:03:27.0400 4720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:03:27.0400 4720 FileInfo - ok
14:03:27.0400 4720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:03:27.0400 4720 Filetrace - ok
14:03:27.0431 4720 FLASHSYS - ok
14:03:27.0446 4720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:03:27.0446 4720 flpydisk - ok
14:03:27.0462 4720 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:03:27.0478 4720 FltMgr - ok
14:03:27.0478 4720 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:03:27.0478 4720 FsDepends - ok
14:03:27.0493 4720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:03:27.0493 4720 Fs_Rec - ok
14:03:27.0524 4720 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:03:27.0524 4720 fvevol - ok
14:03:27.0540 4720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:03:27.0556 4720 gagp30kx - ok
14:03:27.0571 4720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:03:27.0571 4720 hcw85cir - ok
14:03:27.0602 4720 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:03:27.0602 4720 HdAudAddService - ok
14:03:27.0634 4720 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:03:27.0634 4720 HDAudBus - ok
14:03:27.0665 4720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:03:27.0665 4720 HidBatt - ok
14:03:27.0680 4720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:03:27.0680 4720 HidBth - ok
14:03:27.0696 4720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:03:27.0696 4720 HidIr - ok
14:03:27.0743 4720 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:03:27.0743 4720 HidUsb - ok
14:03:27.0758 4720 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
14:03:27.0774 4720 HpSAMD - ok
14:03:27.0805 4720 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:03:27.0805 4720 HTTP - ok
14:03:27.0821 4720 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:03:27.0821 4720 hwpolicy - ok
14:03:27.0852 4720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:03:27.0852 4720 i8042prt - ok
14:03:27.0899 4720 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:03:27.0899 4720 iaStor - ok
14:03:27.0930 4720 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:03:27.0946 4720 iaStorV - ok
14:03:27.0977 4720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:03:27.0977 4720 iirsp - ok
14:03:28.0070 4720 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
14:03:28.0086 4720 IntcAzAudAddService - ok
14:03:28.0102 4720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:03:28.0102 4720 intelide - ok
14:03:28.0133 4720 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:03:28.0133 4720 intelppm - ok
14:03:28.0148 4720 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:03:28.0148 4720 IpFilterDriver - ok
14:03:28.0164 4720 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
14:03:28.0164 4720 IPMIDRV - ok
14:03:28.0180 4720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:03:28.0180 4720 IPNAT - ok
14:03:28.0195 4720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:03:28.0195 4720 IRENUM - ok
14:03:28.0195 4720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:03:28.0195 4720 isapnp - ok
14:03:28.0211 4720 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
14:03:28.0211 4720 iScsiPrt - ok
14:03:28.0226 4720 iteio - ok
14:03:28.0242 4720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:03:28.0242 4720 kbdclass - ok
14:03:28.0258 4720 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:03:28.0273 4720 kbdhid - ok
14:03:28.0273 4720 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:03:28.0289 4720 KSecDD - ok
14:03:28.0304 4720 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:03:28.0320 4720 KSecPkg - ok
14:03:28.0336 4720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:03:28.0336 4720 ksthunk - ok
14:03:28.0429 4720 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:03:28.0429 4720 LHidFilt - ok
14:03:28.0492 4720 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:03:28.0492 4720 lltdio - ok
14:03:28.0507 4720 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:03:28.0507 4720 LMouFilt - ok
14:03:28.0523 4720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:03:28.0523 4720 LSI_FC - ok
14:03:28.0538 4720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:03:28.0538 4720 LSI_SAS - ok
14:03:28.0554 4720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:03:28.0554 4720 LSI_SAS2 - ok
14:03:28.0585 4720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:03:28.0585 4720 LSI_SCSI - ok
14:03:28.0601 4720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:03:28.0616 4720 luafv - ok
14:03:28.0632 4720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:03:28.0632 4720 megasas - ok
14:03:28.0648 4720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:03:28.0648 4720 MegaSR - ok
14:03:28.0679 4720 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:03:28.0679 4720 Modem - ok
14:03:28.0694 4720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:03:28.0694 4720 monitor - ok
14:03:28.0710 4720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:03:28.0710 4720 mouclass - ok
14:03:28.0741 4720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:03:28.0741 4720 mouhid - ok
14:03:28.0741 4720 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:03:28.0757 4720 mountmgr - ok
14:03:28.0773 4720 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
14:03:28.0788 4720 mpio - ok
14:03:28.0804 4720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:03:28.0804 4720 mpsdrv - ok
14:03:28.0819 4720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:03:28.0819 4720 MRxDAV - ok
14:03:28.0851 4720 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:03:28.0851 4720 mrxsmb - ok
14:03:28.0882 4720 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:03:28.0897 4720 mrxsmb10 - ok
14:03:28.0913 4720 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:03:28.0913 4720 mrxsmb20 - ok
14:03:28.0913 4720 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
14:03:28.0913 4720 msahci - ok
14:03:28.0944 4720 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
14:03:28.0944 4720 msdsm - ok
14:03:28.0975 4720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:03:28.0975 4720 Msfs - ok
14:03:28.0975 4720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:03:28.0975 4720 mshidkmdf - ok
14:03:28.0991 4720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:03:28.0991 4720 msisadrv - ok
14:03:29.0007 4720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:03:29.0022 4720 MSKSSRV - ok
14:03:29.0038 4720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:03:29.0038 4720 MSPCLOCK - ok
14:03:29.0053 4720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:03:29.0053 4720 MSPQM - ok
14:03:29.0085 4720 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:03:29.0085 4720 MsRPC - ok
14:03:29.0100 4720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:03:29.0100 4720 mssmbios - ok
14:03:29.0116 4720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:03:29.0116 4720 MSTEE - ok
14:03:29.0131 4720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:03:29.0131 4720 MTConfig - ok
14:03:29.0147 4720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:03:29.0147 4720 Mup - ok
14:03:29.0178 4720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:03:29.0178 4720 NativeWifiP - ok
14:03:29.0209 4720 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:03:29.0225 4720 NDIS - ok
14:03:29.0241 4720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:03:29.0241 4720 NdisCap - ok
14:03:29.0256 4720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:03:29.0256 4720 NdisTapi - ok
14:03:29.0272 4720 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:03:29.0272 4720 Ndisuio - ok
14:03:29.0303 4720 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:03:29.0303 4720 NdisWan - ok
14:03:29.0319 4720 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:03:29.0319 4720 NDProxy - ok
14:03:29.0365 4720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:03:29.0365 4720 NetBIOS - ok
14:03:29.0381 4720 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:03:29.0397 4720 NetBT - ok
14:03:29.0428 4720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:03:29.0428 4720 nfrd960 - ok
14:03:29.0443 4720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:03:29.0443 4720 Npfs - ok
14:03:29.0459 4720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:03:29.0475 4720 nsiproxy - ok
14:03:29.0506 4720 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:03:29.0537 4720 Ntfs - ok
14:03:29.0553 4720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:03:29.0553 4720 Null - ok
14:03:29.0584 4720 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:03:29.0584 4720 nvraid - ok
14:03:29.0599 4720 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:03:29.0599 4720 nvstor - ok
14:03:29.0631 4720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:03:29.0631 4720 nv_agp - ok
14:03:29.0662 4720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:03:29.0662 4720 ohci1394 - ok
14:03:29.0693 4720 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:03:29.0693 4720 Parport - ok
14:03:29.0724 4720 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:03:29.0724 4720 partmgr - ok
14:03:29.0771 4720 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
14:03:29.0771 4720 pbfilter - ok
14:03:29.0802 4720 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
14:03:29.0802 4720 pci - ok
14:03:29.0833 4720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:03:29.0833 4720 pciide - ok
14:03:29.0833 4720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:03:29.0833 4720 pcmcia - ok
14:03:29.0849 4720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:03:29.0849 4720 pcw - ok
14:03:29.0865 4720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:03:29.0880 4720 PEAUTH - ok
14:03:29.0943 4720 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:03:29.0943 4720 PptpMiniport - ok
14:03:29.0958 4720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:03:29.0958 4720 Processor - ok
14:03:29.0989 4720 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:03:29.0989 4720 Psched - ok
14:03:30.0021 4720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:03:30.0036 4720 ql2300 - ok
14:03:30.0052 4720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:03:30.0052 4720 ql40xx - ok
14:03:30.0067 4720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:03:30.0067 4720 QWAVEdrv - ok
14:03:30.0083 4720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:03:30.0099 4720 RasAcd - ok
14:03:30.0114 4720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:03:30.0114 4720 RasAgileVpn - ok
14:03:30.0130 4720 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:03:30.0145 4720 Rasl2tp - ok
14:03:30.0161 4720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:03:30.0161 4720 RasPppoe - ok
14:03:30.0177 4720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:03:30.0177 4720 RasSstp - ok
14:03:30.0239 4720 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:03:30.0239 4720 rdbss - ok
14:03:30.0255 4720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:03:30.0270 4720 rdpbus - ok
14:03:30.0270 4720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:03:30.0270 4720 RDPCDD - ok
14:03:30.0286 4720 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
14:03:30.0301 4720 RDPDR - ok
14:03:30.0317 4720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:03:30.0317 4720 RDPENCDD - ok
14:03:30.0317 4720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:03:30.0317 4720 RDPREFMP - ok
14:03:30.0348 4720 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:03:30.0348 4720 RDPWD - ok
14:03:30.0364 4720 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:03:30.0364 4720 rdyboost - ok
14:03:30.0426 4720 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
14:03:30.0426 4720 RivaTuner64 - ok
14:03:30.0457 4720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:03:30.0457 4720 rspndr - ok
14:03:30.0489 4720 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:03:30.0489 4720 RTL8167 - ok
14:03:30.0551 4720 s115bus (e0f0977caafdf719929c8ca02a1c5147) C:\Windows\system32\DRIVERS\s115bus.sys
14:03:30.0551 4720 s115bus - ok
14:03:30.0567 4720 s115mdfl (136328e6c3086a19eb3154058bc7b3a3) C:\Windows\system32\DRIVERS\s115mdfl.sys
14:03:30.0567 4720 s115mdfl - ok
14:03:30.0567 4720 s115mdm (54552277de7eae1a2e108a4cff7abb07) C:\Windows\system32\DRIVERS\s115mdm.sys
14:03:30.0582 4720 s115mdm - ok
14:03:30.0598 4720 s115mgmt (e9b3966836cb9c2107264e44249267df) C:\Windows\system32\DRIVERS\s115mgmt.sys
14:03:30.0598 4720 s115mgmt - ok
14:03:30.0629 4720 s115obex (f6ab3b6e35981c4f3fed4198d3f29674) C:\Windows\system32\DRIVERS\s115obex.sys
14:03:30.0629 4720 s115obex - ok
14:03:30.0660 4720 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
14:03:30.0660 4720 s3cap - ok
14:03:30.0691 4720 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
14:03:30.0691 4720 sbp2port - ok
14:03:30.0691 4720 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:03:30.0707 4720 scfilter - ok
14:03:30.0723 4720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:03:30.0723 4720 secdrv - ok
14:03:30.0738 4720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:03:30.0738 4720 Serenum - ok
14:03:30.0754 4720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:03:30.0754 4720 Serial - ok
14:03:30.0769 4720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:03:30.0785 4720 sermouse - ok
14:03:30.0801 4720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:03:30.0816 4720 sffdisk - ok
14:03:30.0816 4720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:03:30.0832 4720 sffp_mmc - ok
14:03:30.0832 4720 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
14:03:30.0832 4720 sffp_sd - ok
14:03:30.0847 4720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:03:30.0847 4720 sfloppy - ok
14:03:30.0879 4720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:03:30.0879 4720 SiSRaid2 - ok
14:03:30.0894 4720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:03:30.0894 4720 SiSRaid4 - ok
14:03:30.0910 4720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:03:30.0910 4720 Smb - ok
14:03:30.0957 4720 speedfan - ok
14:03:30.0972 4720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:03:30.0972 4720 spldr - ok
14:03:31.0019 4720 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:03:31.0019 4720 srv - ok
14:03:31.0035 4720 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:03:31.0035 4720 srv2 - ok
14:03:31.0081 4720 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:03:31.0081 4720 srvnet - ok
14:03:31.0097 4720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:03:31.0097 4720 stexstor - ok
14:03:31.0128 4720 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
14:03:31.0128 4720 storflt - ok
14:03:31.0144 4720 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
14:03:31.0144 4720 storvsc - ok
14:03:31.0144 4720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:03:31.0144 4720 swenum - ok
14:03:31.0222 4720 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:03:31.0237 4720 Tcpip - ok
14:03:31.0269 4720 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:03:31.0284 4720 TCPIP6 - ok
14:03:31.0300 4720 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:03:31.0300 4720 tcpipreg - ok
14:03:31.0362 4720 Tcpz-x64 - ok
14:03:31.0378 4720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:03:31.0378 4720 TDPIPE - ok
14:03:31.0409 4720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:03:31.0409 4720 TDTCP - ok
14:03:31.0440 4720 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:03:31.0440 4720 tdx - ok
14:03:31.0456 4720 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
14:03:31.0456 4720 TermDD - ok
14:03:31.0487 4720 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:03:31.0487 4720 tssecsrv - ok
14:03:31.0503 4720 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:03:31.0503 4720 tunnel - ok
14:03:31.0534 4720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:03:31.0534 4720 uagp35 - ok
14:03:31.0549 4720 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:03:31.0549 4720 udfs - ok
14:03:31.0596 4720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:03:31.0596 4720 uliagpkx - ok
14:03:31.0627 4720 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
14:03:31.0627 4720 umbus - ok
14:03:31.0643 4720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:03:31.0643 4720 UmPass - ok
14:03:31.0659 4720 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:03:31.0674 4720 usbccgp - ok
14:03:31.0705 4720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:03:31.0705 4720 usbcir - ok
14:03:31.0721 4720 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:03:31.0721 4720 usbehci - ok
14:03:31.0737 4720 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:03:31.0737 4720 usbhub - ok
14:03:31.0752 4720 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:03:31.0752 4720 usbohci - ok
14:03:31.0768 4720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:03:31.0768 4720 usbprint - ok
14:03:31.0799 4720 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:03:31.0799 4720 usbscan - ok
14:03:31.0815 4720 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:03:31.0815 4720 USBSTOR - ok
14:03:31.0830 4720 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:03:31.0830 4720 usbuhci - ok
14:03:31.0861 4720 vcdrom - ok
14:03:31.0893 4720 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:03:31.0893 4720 VClone - ok
14:03:31.0908 4720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:03:31.0924 4720 vdrvroot - ok
14:03:31.0955 4720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:03:31.0955 4720 vga - ok
14:03:31.0971 4720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:03:31.0971 4720 VgaSave - ok
14:03:32.0002 4720 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
14:03:32.0002 4720 vhdmp - ok
14:03:32.0033 4720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:03:32.0033 4720 viaide - ok
14:03:32.0049 4720 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
14:03:32.0049 4720 vmbus - ok
14:03:32.0064 4720 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
14:03:32.0064 4720 VMBusHID - ok
14:03:32.0080 4720 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
14:03:32.0080 4720 volmgr - ok
14:03:32.0095 4720 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:03:32.0111 4720 volmgrx - ok
14:03:32.0127 4720 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
14:03:32.0127 4720 volsnap - ok
14:03:32.0158 4720 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
14:03:32.0158 4720 vpcbus - ok
14:03:32.0173 4720 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:03:32.0173 4720 vpcnfltr - ok
14:03:32.0205 4720 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
14:03:32.0205 4720 vpcusb - ok
14:03:32.0236 4720 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
14:03:32.0251 4720 vpcvmm - ok
14:03:32.0267 4720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:03:32.0283 4720 vsmraid - ok
14:03:32.0283 4720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:03:32.0283 4720 vwifibus - ok
14:03:32.0314 4720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:03:32.0314 4720 WacomPen - ok
14:03:32.0329 4720 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:32.0345 4720 WANARP - ok
14:03:32.0345 4720 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:03:32.0345 4720 Wanarpv6 - ok
14:03:32.0361 4720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:03:32.0376 4720 Wd - ok
14:03:32.0392 4720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:03:32.0392 4720 Wdf01000 - ok
14:03:32.0439 4720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:03:32.0439 4720 WfpLwf - ok
14:03:32.0454 4720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:03:32.0454 4720 WIMMount - ok
14:03:32.0501 4720 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:03:32.0501 4720 WinUsb - ok
14:03:32.0548 4720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:03:32.0548 4720 WmiAcpi - ok
14:03:32.0579 4720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:03:32.0579 4720 ws2ifsl - ok
14:03:32.0610 4720 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:03:32.0610 4720 WudfPf - ok
14:03:32.0641 4720 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:32.0641 4720 WUDFRd - ok
14:03:32.0673 4720 zntport - ok
14:03:32.0704 4720 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:03:32.0704 4720 \Device\Harddisk0\DR0 - ok
14:03:32.0704 4720 Boot (0x1200) (b53ff22f5333bc165a38abbb47576bf6) \Device\Harddisk0\DR0\Partition0
14:03:32.0704 4720 \Device\Harddisk0\DR0\Partition0 - ok
14:03:32.0719 4720 Boot (0x1200) (d3efc9492dcb9cff9420909ecd0c28f1) \Device\Harddisk0\DR0\Partition1
14:03:32.0719 4720 \Device\Harddisk0\DR0\Partition1 - ok
14:03:32.0719 4720 ============================================================
14:03:32.0719 4720 Scan finished
14:03:32.0719 4720 ============================================================
14:03:32.0735 4624 Detected object count: 0
14:03:32.0735 4624 Actual detected object count: 0
14:29:17.0549 3412 ============================================================
14:29:17.0563 3412 Scan started
14:29:17.0563 3412 Mode: Manual;
14:29:17.0563 3412 ============================================================
14:29:17.0953 3412 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
14:29:17.0956 3412 1394ohci - ok
14:29:17.0970 3412 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
14:29:17.0974 3412 ACPI - ok
14:29:17.0998 3412 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
14:29:17.0999 3412 AcpiPmi - ok
14:29:18.0043 3412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:18.0048 3412 adp94xx - ok
14:29:18.0063 3412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:29:18.0066 3412 adpahci - ok
14:29:18.0078 3412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:29:18.0081 3412 adpu320 - ok
14:29:18.0123 3412 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:29:18.0128 3412 AFD - ok
14:29:18.0145 3412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:29:18.0146 3412 agp440 - ok
14:29:18.0170 3412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:29:18.0170 3412 aliide - ok
14:29:18.0213 3412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:29:18.0214 3412 amdide - ok
14:29:18.0232 3412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:29:18.0233 3412 AmdK8 - ok
14:29:18.0402 3412 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
14:29:18.0478 3412 amdkmdag - ok
14:29:18.0514 3412 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
14:29:18.0515 3412 amdkmdap - ok
14:29:18.0533 3412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:29:18.0534 3412 AmdPPM - ok
14:29:18.0554 3412 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:29:18.0555 3412 amdsata - ok
14:29:18.0568 3412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:18.0570 3412 amdsbs - ok
14:29:18.0587 3412 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:29:18.0588 3412 amdxata - ok
14:29:18.0609 3412 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:29:18.0610 3412 AppID - ok
14:29:18.0641 3412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:29:18.0643 3412 arc - ok
14:29:18.0656 3412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:29:18.0657 3412 arcsas - ok
14:29:18.0698 3412 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
14:29:18.0699 3412 aswFsBlk - ok
14:29:18.0738 3412 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
14:29:18.0739 3412 aswMonFlt - ok
14:29:18.0754 3412 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
14:29:18.0754 3412 aswRdr - ok
14:29:18.0774 3412 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
14:29:18.0780 3412 aswSnx - ok
14:29:18.0802 3412 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
14:29:18.0805 3412 aswSP - ok
14:29:18.0823 3412 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
14:29:18.0825 3412 aswTdi - ok
14:29:18.0848 3412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:18.0848 3412 AsyncMac - ok
14:29:18.0888 3412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:29:18.0889 3412 atapi - ok
14:29:18.0950 3412 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
14:29:18.0952 3412 AtiHDAudioService - ok
14:29:18.0997 3412 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:29:18.0999 3412 AtiHdmiService - ok
14:29:19.0086 3412 atillk64 (26d973d6d9a0d133dfda7d8c1adc04b7) C:\Users\Andy\Downloads\winflash\atillk64.sys
14:29:19.0087 3412 atillk64 - ok
14:29:19.0107 3412 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
14:29:19.0109 3412 ATITool - ok
14:29:19.0150 3412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:19.0156 3412 b06bdrv - ok
14:29:19.0174 3412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:19.0177 3412 b57nd60a - ok
14:29:19.0203 3412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:19.0204 3412 Beep - ok
14:29:19.0245 3412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:19.0246 3412 blbdrive - ok
14:29:19.0294 3412 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:29:19.0296 3412 bowser - ok
14:29:19.0314 3412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:19.0315 3412 BrFiltLo - ok
14:29:19.0322 3412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:19.0322 3412 BrFiltUp - ok
14:29:19.0333 3412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:19.0336 3412 Brserid - ok
14:29:19.0353 3412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:19.0354 3412 BrSerWdm - ok
14:29:19.0369 3412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:19.0370 3412 BrUsbMdm - ok
14:29:19.0377 3412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:19.0378 3412 BrUsbSer - ok
14:29:19.0410 3412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:19.0411 3412 BTHMODEM - ok
14:29:19.0433 3412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:19.0434 3412 cdfs - ok
14:29:19.0482 3412 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
14:29:19.0484 3412 cdrom - ok
14:29:19.0494 3412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:29:19.0496 3412 circlass - ok
14:29:19.0528 3412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:19.0533 3412 CLFS - ok
14:29:19.0562 3412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:19.0563 3412 CmBatt - ok
14:29:19.0588 3412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:29:19.0589 3412 cmdide - ok
14:29:19.0613 3412 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:29:19.0617 3412 CNG - ok
14:29:19.0624 3412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:19.0625 3412 Compbatt - ok
14:29:19.0665 3412 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
14:29:19.0666 3412 CompositeBus - ok
14:29:19.0689 3412 cpuz130 - ok
14:29:19.0708 3412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:29:19.0709 3412 crcdisk - ok
14:29:19.0736 3412 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
14:29:19.0742 3412 CSC - ok
14:29:19.0774 3412 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:29:19.0776 3412 DfsC - ok
14:29:19.0793 3412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:19.0794 3412 discache - ok
14:29:19.0819 3412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:29:19.0821 3412 Disk - ok
14:29:19.0866 3412 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
14:29:19.0867 3412 Dot4 - ok
14:29:19.0886 3412 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:29:19.0886 3412 Dot4Print - ok
14:29:19.0899 3412 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
14:29:19.0900 3412 dot4usb - ok
14:29:19.0935 3412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:19.0936 3412 drmkaud - ok
14:29:19.0974 3412 DslMNLwf (d52eeb224df107aad9059597f0eb95cc) C:\Windows\system32\DRIVERS\dslmnlwf.sys
14:29:19.0975 3412 DslMNLwf - ok
14:29:20.0008 3412 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:20.0017 3412 DXGKrnl - ok
14:29:20.0075 3412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:29:20.0104 3412 ebdrv - ok
14:29:20.0153 3412 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:29:20.0155 3412 ElbyCDIO - ok
14:29:20.0178 3412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:29:20.0184 3412 elxstor - ok
14:29:20.0228 3412 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
14:29:20.0229 3412 ENTECH64 - ok
14:29:20.0253 3412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:29:20.0254 3412 ErrDev - ok
14:29:20.0284 3412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:29:20.0286 3412 exfat - ok
14:29:20.0302 3412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:29:20.0304 3412 fastfat - ok
14:29:20.0321 3412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:29:20.0322 3412 fdc - ok
14:29:20.0340 3412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:29:20.0341 3412 FileInfo - ok
14:29:20.0352 3412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:29:20.0353 3412 Filetrace - ok
14:29:20.0372 3412 FLASHSYS - ok
14:29:20.0386 3412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:20.0387 3412 flpydisk - ok
14:29:20.0407 3412 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:29:20.0411 3412 FltMgr - ok
14:29:20.0422 3412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:29:20.0424 3412 FsDepends - ok
14:29:20.0437 3412 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:20.0437 3412 Fs_Rec - ok
14:29:20.0467 3412 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:29:20.0469 3412 fvevol - ok
14:29:20.0486 3412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:29:20.0487 3412 gagp30kx - ok
14:29:20.0511 3412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:29:20.0512 3412 hcw85cir - ok
14:29:20.0542 3412 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:29:20.0546 3412 HdAudAddService - ok
14:29:20.0566 3412 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:20.0567 3412 HDAudBus - ok
14:29:20.0597 3412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:29:20.0598 3412 HidBatt - ok
14:29:20.0615 3412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:29:20.0617 3412 HidBth - ok
14:29:20.0631 3412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:29:20.0632 3412 HidIr - ok
14:29:20.0679 3412 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:20.0680 3412 HidUsb - ok
14:29:20.0701 3412 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
14:29:20.0703 3412 HpSAMD - ok
14:29:20.0760 3412 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:29:20.0785 3412 HTTP - ok
14:29:20.0860 3412 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:29:20.0861 3412 hwpolicy - ok
14:29:20.0884 3412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:29:20.0885 3412 i8042prt - ok
14:29:20.0938 3412 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:29:20.0943 3412 iaStor - ok
14:29:20.0971 3412 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:29:20.0977 3412 iaStorV - ok
14:29:21.0014 3412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:29:21.0016 3412 iirsp - ok
14:29:21.0094 3412 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
14:29:21.0114 3412 IntcAzAudAddService - ok
14:29:21.0141 3412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:29:21.0142 3412 intelide - ok
14:29:21.0164 3412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:21.0165 3412 intelppm - ok
14:29:21.0188 3412 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:21.0190 3412 IpFilterDriver - ok
14:29:21.0207 3412 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
14:29:21.0209 3412 IPMIDRV - ok
14:29:21.0223 3412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:29:21.0224 3412 IPNAT - ok
14:29:21.0238 3412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:29:21.0239 3412 IRENUM - ok
14:29:21.0256 3412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:29:21.0257 3412 isapnp - ok
14:29:21.0266 3412 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
14:29:21.0269 3412 iScsiPrt - ok
14:29:21.0291 3412 iteio - ok
14:29:21.0300 3412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:21.0302 3412 kbdclass - ok
14:29:21.0319 3412 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:21.0320 3412 kbdhid - ok
14:29:21.0335 3412 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:29:21.0336 3412 KSecDD - ok
14:29:21.0364 3412 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:29:21.0366 3412 KSecPkg - ok
14:29:21.0375 3412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:29:21.0376 3412 ksthunk - ok
14:29:21.0444 3412 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:29:21.0445 3412 LHidFilt - ok
14:29:21.0481 3412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:21.0482 3412 lltdio - ok
14:29:21.0496 3412 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:29:21.0498 3412 LMouFilt - ok
14:29:21.0516 3412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:29:21.0517 3412 LSI_FC - ok
14:29:21.0528 3412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:29:21.0530 3412 LSI_SAS - ok
14:29:21.0544 3412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:29:21.0545 3412 LSI_SAS2 - ok
14:29:21.0570 3412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:29:21.0572 3412 LSI_SCSI - ok
14:29:21.0596 3412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:29:21.0597 3412 luafv - ok
14:29:21.0617 3412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:29:21.0618 3412 megasas - ok
14:29:21.0635 3412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:29:21.0638 3412 MegaSR - ok
14:29:21.0661 3412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:29:21.0662 3412 Modem - ok
14:29:21.0681 3412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:29:21.0682 3412 monitor - ok
14:29:21.0694 3412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:29:21.0696 3412 mouclass - ok
14:29:21.0722 3412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:21.0723 3412 mouhid - ok
14:29:21.0736 3412 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:29:21.0737 3412 mountmgr - ok
14:29:21.0768 3412 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
14:29:21.0770 3412 mpio - ok
14:29:21.0785 3412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:29:21.0787 3412 mpsdrv - ok
14:29:21.0805 3412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:29:21.0807 3412 MRxDAV - ok
14:29:21.0836 3412 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:21.0838 3412 mrxsmb - ok
14:29:21.0875 3412 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:21.0878 3412 mrxsmb10 - ok
14:29:21.0895 3412 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:21.0897 3412 mrxsmb20 - ok
14:29:21.0904 3412 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
14:29:21.0906 3412 msahci - ok
14:29:21.0925 3412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
14:29:21.0927 3412 msdsm - ok
14:29:21.0955 3412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:29:21.0956 3412 Msfs - ok
14:29:21.0964 3412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:29:21.0965 3412 mshidkmdf - ok
14:29:21.0996 3412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:29:21.0997 3412 msisadrv - ok
14:29:22.0026 3412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:22.0027 3412 MSKSSRV - ok
14:29:22.0045 3412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:22.0046 3412 MSPCLOCK - ok
14:29:22.0059 3412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:29:22.0060 3412 MSPQM - ok
14:29:22.0082 3412 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:29:22.0086 3412 MsRPC - ok
14:29:22.0106 3412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:29:22.0107 3412 mssmbios - ok
14:29:22.0114 3412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:29:22.0115 3412 MSTEE - ok
14:29:22.0130 3412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:29:22.0131 3412 MTConfig - ok
14:29:22.0149 3412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:29:22.0150 3412 Mup - ok
14:29:22.0184 3412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:22.0187 3412 NativeWifiP - ok
14:29:22.0225 3412 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:29:22.0234 3412 NDIS - ok
14:29:22.0249 3412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:29:22.0250 3412 NdisCap - ok
14:29:22.0269 3412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:22.0270 3412 NdisTapi - ok
14:29:22.0282 3412 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:22.0283 3412 Ndisuio - ok
14:29:22.0303 3412 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:22.0305 3412 NdisWan - ok
14:29:22.0323 3412 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:29:22.0324 3412 NDProxy - ok
14:29:22.0361 3412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:29:22.0363 3412 NetBIOS - ok
14:29:22.0382 3412 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:29:22.0385 3412 NetBT - ok
14:29:22.0435 3412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:29:22.0436 3412 nfrd960 - ok
14:29:22.0447 3412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:29:22.0448 3412 Npfs - ok
14:29:22.0496 3412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:29:22.0497 3412 nsiproxy - ok
14:29:22.0550 3412 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:29:22.0568 3412 Ntfs - ok
14:29:22.0584 3412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:29:22.0585 3412 Null - ok
14:29:22.0615 3412 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:29:22.0617 3412 nvraid - ok
14:29:22.0633 3412 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:29:22.0635 3412 nvstor - ok
14:29:22.0658 3412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:29:22.0660 3412 nv_agp - ok
14:29:22.0688 3412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:29:22.0689 3412 ohci1394 - ok
14:29:22.0727 3412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:29:22.0729 3412 Parport - ok
14:29:22.0745 3412 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:29:22.0747 3412 partmgr - ok
14:29:22.0801 3412 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
14:29:22.0802 3412 pbfilter - ok
14:29:22.0824 3412 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
14:29:22.0827 3412 pci - ok
14:29:22.0856 3412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:29:22.0857 3412 pciide - ok
14:29:22.0866 3412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:29:22.0869 3412 pcmcia - ok
14:29:22.0884 3412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:29:22.0885 3412 pcw - ok
14:29:22.0906 3412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:29:22.0913 3412 PEAUTH - ok
14:29:22.0986 3412 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:29:22.0988 3412 PptpMiniport - ok
14:29:22.0999 3412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:29:23.0001 3412 Processor - ok
14:29:23.0020 3412 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:29:23.0022 3412 Psched - ok
14:29:23.0054 3412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:29:23.0068 3412 ql2300 - ok
14:29:23.0077 3412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:29:23.0079 3412 ql40xx - ok
14:29:23.0093 3412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:29:23.0094 3412 QWAVEdrv - ok
14:29:23.0111 3412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:29:23.0112 3412 RasAcd - ok
14:29:23.0140 3412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:29:23.0141 3412 RasAgileVpn - ok
14:29:23.0158 3412 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:23.0160 3412 Rasl2tp - ok
14:29:23.0174 3412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:23.0176 3412 RasPppoe - ok
14:29:23.0192 3412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:29:23.0194 3412 RasSstp - ok
14:29:23.0210 3412 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:29:23.0214 3412 rdbss - ok
14:29:23.0224 3412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:29:23.0225 3412 rdpbus - ok
14:29:23.0235 3412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:23.0236 3412 RDPCDD - ok
14:29:23.0255 3412 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
14:29:23.0257 3412 RDPDR - ok
14:29:23.0282 3412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:29:23.0283 3412 RDPENCDD - ok
14:29:23.0292 3412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:29:23.0293 3412 RDPREFMP - ok
14:29:23.0314 3412 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:29:23.0317 3412 RDPWD - ok
14:29:23.0334 3412 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:29:23.0337 3412 rdyboost - ok
14:29:23.0395 3412 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
14:29:23.0397 3412 RivaTuner64 - ok
14:29:23.0428 3412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:29:23.0430 3412 rspndr - ok
14:29:23.0464 3412 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:29:23.0467 3412 RTL8167 - ok
14:29:23.0514 3412 s115bus (e0f0977caafdf719929c8ca02a1c5147) C:\Windows\system32\DRIVERS\s115bus.sys
14:29:23.0516 3412 s115bus - ok
14:29:23.0533 3412 s115mdfl (136328e6c3086a19eb3154058bc7b3a3) C:\Windows\system32\DRIVERS\s115mdfl.sys
14:29:23.0535 3412 s115mdfl - ok
14:29:23.0544 3412 s115mdm (54552277de7eae1a2e108a4cff7abb07) C:\Windows\system32\DRIVERS\s115mdm.sys
14:29:23.0546 3412 s115mdm - ok
14:29:23.0572 3412 s115mgmt (e9b3966836cb9c2107264e44249267df) C:\Windows\system32\DRIVERS\s115mgmt.sys
14:29:23.0574 3412 s115mgmt - ok
14:29:23.0592 3412 s115obex (f6ab3b6e35981c4f3fed4198d3f29674) C:\Windows\system32\DRIVERS\s115obex.sys
14:29:23.0594 3412 s115obex - ok
14:29:23.0628 3412 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
14:29:23.0629 3412 s3cap - ok
14:29:23.0648 3412 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
14:29:23.0650 3412 sbp2port - ok
14:29:23.0660 3412 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:29:23.0661 3412 scfilter - ok
14:29:23.0681 3412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:29:23.0682 3412 secdrv - ok
14:29:23.0713 3412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:29:23.0715 3412 Serenum - ok
14:29:23.0726 3412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:29:23.0728 3412 Serial - ok
14:29:23.0756 3412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:29:23.0757 3412 sermouse - ok
14:29:23.0787 3412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:29:23.0789 3412 sffdisk - ok
14:29:23.0802 3412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:29:23.0804 3412 sffp_mmc - ok
14:29:23.0811 3412 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
14:29:23.0812 3412 sffp_sd - ok
14:29:23.0830 3412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:29:23.0831 3412 sfloppy - ok
14:29:23.0850 3412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:29:23.0851 3412 SiSRaid2 - ok
14:29:23.0869 3412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:29:23.0870 3412 SiSRaid4 - ok
14:29:23.0881 3412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:29:23.0883 3412 Smb - ok
14:29:23.0913 3412 speedfan - ok
14:29:23.0931 3412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:29:23.0932 3412 spldr - ok
14:29:23.0974 3412 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:29:23.0980 3412 srv - ok
14:29:23.0996 3412 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:29:24.0001 3412 srv2 - ok
14:29:24.0015 3412 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:29:24.0017 3412 srvnet - ok
14:29:24.0041 3412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:29:24.0043 3412 stexstor - ok
14:29:24.0059 3412 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
14:29:24.0061 3412 storflt - ok
14:29:24.0077 3412 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
14:29:24.0078 3412 storvsc - ok
14:29:24.0087 3412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:29:24.0088 3412 swenum - ok
14:29:24.0153 3412 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:29:24.0171 3412 Tcpip - ok
14:29:24.0207 3412 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:29:24.0216 3412 TCPIP6 - ok
14:29:24.0232 3412 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:29:24.0233 3412 tcpipreg - ok
14:29:24.0282 3412 Tcpz-x64 - ok
14:29:24.0298 3412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:29:24.0299 3412 TDPIPE - ok
14:29:24.0331 3412 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:29:24.0333 3412 TDTCP - ok
14:29:24.0348 3412 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:29:24.0350 3412 tdx - ok
14:29:24.0358 3412 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
14:29:24.0359 3412 TermDD - ok
14:29:24.0385 3412 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:24.0387 3412 tssecsrv - ok
14:29:24.0411 3412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:29:24.0413 3412 tunnel - ok
14:29:24.0431 3412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:29:24.0433 3412 uagp35 - ok
14:29:24.0454 3412 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:29:24.0458 3412 udfs - ok
14:29:24.0481 3412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:29:24.0483 3412 uliagpkx - ok
14:29:24.0512 3412 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
14:29:24.0513 3412 umbus - ok
14:29:24.0531 3412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:29:24.0532 3412 UmPass - ok
14:29:24.0554 3412 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:24.0556 3412 usbccgp - ok
14:29:24.0592 3412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:29:24.0594 3412 usbcir - ok
14:29:24.0607 3412 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:29:24.0608 3412 usbehci - ok
14:29:24.0628 3412 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:29:24.0633 3412 usbhub - ok
14:29:24.0653 3412 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:29:24.0655 3412 usbohci - ok
14:29:24.0662 3412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:29:24.0663 3412 usbprint - ok
14:29:24.0691 3412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:29:24.0693 3412 usbscan - ok
14:29:24.0705 3412 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:29:24.0707 3412 USBSTOR - ok
14:29:24.0722 3412 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:29:24.0723 3412 usbuhci - ok
14:29:24.0761 3412 vcdrom - ok
14:29:24.0803 3412 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
14:29:24.0804 3412 VClone - ok
14:29:24.0820 3412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:29:24.0822 3412 vdrvroot - ok
14:29:24.0845 3412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:24.0846 3412 vga - ok
14:29:24.0860 3412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:29:24.0861 3412 VgaSave - ok
14:29:24.0879 3412 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
14:29:24.0882 3412 vhdmp - ok
14:29:24.0911 3412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:29:24.0912 3412 viaide - ok
14:29:24.0922 3412 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
14:29:24.0924 3412 vmbus - ok
14:29:24.0936 3412 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
14:29:24.0938 3412 VMBusHID - ok
14:29:24.0955 3412 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
14:29:24.0956 3412 volmgr - ok
14:29:24.0970 3412 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:29:24.0974 3412 volmgrx - ok
14:29:25.0003 3412 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
14:29:25.0006 3412 volsnap - ok
14:29:25.0033 3412 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
14:29:25.0035 3412 vpcbus - ok
14:29:25.0055 3412 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:29:25.0056 3412 vpcnfltr - ok
14:29:25.0078 3412 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
14:29:25.0079 3412 vpcusb - ok
14:29:25.0121 3412 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
14:29:25.0125 3412 vpcvmm - ok
14:29:25.0152 3412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:29:25.0155 3412 vsmraid - ok
14:29:25.0163 3412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:29:25.0165 3412 vwifibus - ok
14:29:25.0181 3412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:29:25.0183 3412 WacomPen - ok
14:29:25.0208 3412 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:25.0210 3412 WANARP - ok
14:29:25.0214 3412 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:29:25.0215 3412 Wanarpv6 - ok
14:29:25.0239 3412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:29:25.0240 3412 Wd - ok
14:29:25.0261 3412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:29:25.0268 3412 Wdf01000 - ok
14:29:25.0298 3412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:29:25.0300 3412 WfpLwf - ok
14:29:25.0318 3412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:29:25.0319 3412 WIMMount - ok
14:29:25.0362 3412 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:29:25.0363 3412 WinUsb - ok
14:29:25.0393 3412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:29:25.0394 3412 WmiAcpi - ok
14:29:25.0416 3412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:29:25.0417 3412 ws2ifsl - ok
14:29:25.0444 3412 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:29:25.0446 3412 WudfPf - ok
14:29:25.0477 3412 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:25.0479 3412 WUDFRd - ok
14:29:25.0510 3412 zntport - ok
14:29:25.0521 3412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:29:25.0527 3412 \Device\Harddisk0\DR0 - ok
14:29:25.0529 3412 Boot (0x1200) (b53ff22f5333bc165a38abbb47576bf6) \Device\Harddisk0\DR0\Partition0
14:29:25.0530 3412 \Device\Harddisk0\DR0\Partition0 - ok
14:29:25.0546 3412 Boot (0x1200) (d3efc9492dcb9cff9420909ecd0c28f1) \Device\Harddisk0\DR0\Partition1
14:29:25.0546 3412 \Device\Harddisk0\DR0\Partition1 - ok
14:29:25.0546 3412 ============================================================
14:29:25.0546 3412 Scan finished
14:29:25.0546 3412 ============================================================
14:29:25.0552 4004 Detected object count: 0
14:29:25.0552 4004 Actual detected object count: 0
14:29:35.0310 4224 Deinitialize success


Wie stellt man eigentlich ein Archiv ins Forum wenn die Zeichen ausgehen? Link, oder?

Danke Dir!!!
Gruß, Andy

cosinus 18.11.2011 13:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

rockenderbik 18.11.2011 13:54
aber combofix hatte ich doch schon ausgeführt...
ich hatte mir doch ein paar sachen durchgelesen und es dann so gemacht.
die combofix.txt hab ich dir doch gepostet.
soll ich es nochmal machen?

rockenderbik 18.11.2011 13:57
ok combofix war nicht auf'm desktop *ärger* ist das wichtig?

cosinus 18.11.2011 16:02
Ja führ es bitte so aus wie in der Anleitung beschrieben

rockenderbik 18.11.2011 22:02
:bussi: *lol* ich mach das dann...arne....paypal zahlen und banking kann ich jetzt doch eh vergessen und das werd auch nicht mehr machen mit meinem system......................
:schrei:

rockenderbik 20.11.2011 10:09
Hallo Arne,

hab Combofix ausgeführt, hier die Logdatei:


Combofix Logfile:
Code:
ComboFix 11-11-19.04 - Andy 20.11.2011  9:43.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.4095.3064 [GMT 1:00]
ausgeführt von:: c:\users\Andy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andy\AppData\Local\Temp\sfamcc00001.dll
c:\users\Andy\AppData\Local\Temp\sfareca00001.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-20 bis 2011-11-20  ))))))))))))))))))))))))))))))
.
.
2011-11-20 08:48 . 2011-11-20 08:48        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-11-13 11:21 . 2011-09-06 21:36        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2011-11-13 11:21 . 2011-09-06 21:38        301912        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2011-11-13 11:21 . 2011-09-06 21:36        58200        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2011-11-13 11:21 . 2011-09-06 21:36        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2011-11-13 11:21 . 2011-09-06 21:38        601944        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2011-11-13 11:21 . 2011-09-06 21:36        65368        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2011-11-13 11:21 . 2011-09-06 21:45        254400        ----a-w-        c:\windows\system32\aswBoot.exe
2011-11-13 11:21 . 2011-09-06 21:45        41184        ----a-w-        c:\windows\avastSS.scr
2011-11-13 11:21 . 2011-09-06 21:45        199304        ----a-w-        c:\windows\SysWow64\aswBoot.exe
2011-11-13 11:20 . 2011-11-13 11:20        --------        d-----w-        c:\programdata\AVAST Software
2011-11-13 11:20 . 2011-11-13 11:20        --------        d-----w-        c:\program files\AVAST Software
2011-11-12 21:54 . 2011-10-18 00:27        8570192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{94AAA841-0E08-4F08-BA45-7504E3AE91AA}\mpengine.dll
2011-11-02 16:42 . 2011-11-02 16:42        --------        d-----w-        c:\users\Andy\AppData\Roaming\atitray
2011-11-02 16:42 . 2011-11-03 16:23        --------        d-----w-        c:\program files (x86)\Ray Adams
2011-11-02 16:23 . 2009-10-10 03:17        14336        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys
2011-11-02 16:17 . 2011-02-26 06:23        2870272        ----a-w-        c:\windows\explorer.exe
2011-11-02 16:16 . 2011-02-18 06:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-11-02 16:16 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\SysWow64\prevhost.exe
2011-11-01 16:54 . 2011-04-29 03:13        461312        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-11-01 16:54 . 2011-04-29 03:12        399872        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-11-01 16:54 . 2011-04-29 03:12        161792        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-11-01 16:53 . 2011-07-09 05:14        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-01 16:53 . 2011-07-09 04:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-11-01 16:52 . 2011-04-25 02:44        499712        ----a-w-        c:\windows\system32\drivers\afd.sys
2011-11-01 16:52 . 2011-06-23 05:29        5507968        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-11-01 16:52 . 2011-06-23 04:38        3957120        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-11-01 16:52 . 2011-06-23 04:38        3902336        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-11-01 16:50 . 2011-09-06 03:07        3134976        ----a-w-        c:\windows\system32\win32k.sys
2011-11-01 16:49 . 2011-05-24 11:21        404992        ----a-w-        c:\windows\system32\umpnpmgr.dll
2011-11-01 16:48 . 2011-02-23 05:15        90624        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-11-01 16:47 . 2011-08-27 05:40        861184        ----a-w-        c:\windows\system32\oleaut32.dll
2011-11-01 16:47 . 2011-08-27 05:40        331776        ----a-w-        c:\windows\system32\oleacc.dll
2011-11-01 16:47 . 2011-08-27 04:43        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll
2011-11-01 16:47 . 2011-08-27 04:43        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll
2011-11-01 15:03 . 2011-11-01 15:03        --------        d-----w-        c:\programdata\ATI
2011-11-01 15:01 . 2011-11-01 15:01        --------        d-----w-        c:\program files (x86)\AMD APP
2011-10-30 21:49 . 2011-10-30 21:50        --------        d-----w-        c:\users\Andy\AppData\Local\ESN Sonar
2011-10-30 09:27 . 2011-10-30 09:27        --------        d-----w-        c:\windows\system32\Macromed
2011-10-28 03:47 . 2011-11-12 21:16        --------        d-----w-        c:\program files (x86)\Battlelog Web Plugins
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 08:51 . 2011-11-20 08:51        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{94AAA841-0E08-4F08-BA45-7504E3AE91AA}\offreg.dll
2011-11-15 17:50 . 2010-12-29 20:18        280736        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2011-11-15 17:50 . 2010-03-08 17:06        280736        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2011-11-12 14:12 . 2010-03-08 16:55        280736        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 09:27 . 2011-06-29 17:24        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-27 17:25 . 2010-03-08 16:55        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2011-10-19 21:14 . 2011-10-19 21:14        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2011-10-12 20:56 . 2011-10-12 20:56        10207232        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20        24629760        ----a-w-        c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-10-12 20:14        736768        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55        867328        ----a-w-        c:\windows\system32\aticfx64.dll
2011-10-12 20:10 . 2011-07-12 02:54        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10        487936        ----a-w-        c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09        204288        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-10-12 20:08        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-10-12 20:08        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04        4231680        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04        18630656        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:54 . 2011-03-09 04:40        4960768        ----a-w-        c:\windows\system32\atidxx64.dll
2011-10-12 19:46 . 2011-10-12 19:46        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45        9877504        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44        4289024        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:44 . 2011-10-12 19:44        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-07-12 02:27        4023296        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42        8391680        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:39 . 2011-07-12 03:03        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-10-12 19:38 . 2011-07-12 02:24        5431808        ----a-w-        c:\windows\system32\atiumd64.dll
2011-10-12 19:33 . 2011-10-12 19:33        4174848        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:31 . 2011-07-12 02:16        479744        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-10-12 19:31        335872        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30        317952        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-07-12 02:15        40960        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-10-12 19:29        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-07-12 02:14        38912        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-10-12 19:29 . 2011-10-12 19:29        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-10-12 15:16 . 2011-10-12 15:16        66048        ----a-w-        c:\windows\system32\OpenVideo64.dll
2011-10-12 15:16 . 2011-10-12 15:16        16787456        ----a-w-        c:\windows\system32\amdocl64.dll
2011-10-12 15:14 . 2011-10-12 15:14        51200        ----a-w-        c:\windows\system32\OpenCL.dll
2011-10-03 04:06 . 2011-01-02 13:16        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2011-09-21 16:59 . 2010-04-01 15:05        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-09-14 09:47 . 2011-09-14 09:47        60416        ----a-w-        c:\windows\system32\OVDecode64.dll
2011-09-14 09:46 . 2011-09-14 09:46        13625856        ----a-w-        c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38        44032        ----a-w-        c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38        37376        ----a-w-        c:\windows\SysWow64\amdoclcl.dll
2011-09-03 14:53 . 2011-09-03 14:53        140664        ----a-r-        c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
2011-09-03 14:53 . 2011-09-03 14:53        140664        ----a-r-        c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ARPPRODUCTICON.exe
2011-08-31 16:00 . 2010-10-03 13:11        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-11-15_16.55.53  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-15 16:55        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-20 08:05        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-20 08:05        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-15 16:55        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-15 16:55        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-20 08:05        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-23 17:52 . 2011-11-15 17:50        82236              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-16 15:53        46948              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-23 16:36 . 2011-11-16 15:53        16544              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814086671-428616876-2365772135-1000_UserData.bin
- 2009-12-23 16:27 . 2011-11-15 16:10        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 16:27 . 2011-11-17 18:16        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 16:27 . 2011-11-17 18:16        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-23 16:27 . 2011-11-15 16:10        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-15 16:10        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-17 18:16        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-23 20:19 . 2011-11-16 15:54        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-23 20:19 . 2011-11-13 13:04        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 20:19 . 2011-11-16 15:54        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-23 20:19 . 2011-11-13 13:04        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-23 20:19 . 2011-11-13 13:04        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-23 20:19 . 2011-11-16 15:54        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-23 16:41 . 2011-11-15 16:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 16:41 . 2011-11-20 08:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-23 16:41 . 2011-11-15 16:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-23 16:41 . 2011-11-20 08:06        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-20 08:49 . 2011-11-20 08:49        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-15 16:55 . 2011-11-15 16:55        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-15 16:55 . 2011-11-15 16:55        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-20 08:49 . 2011-11-20 08:49        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-24 09:40 . 2011-11-19 16:39        520046              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-24 10:59 . 2011-11-20 08:03        445326              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-11-16 15:57        921560              c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2011-11-17 18:16        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-02 17:02        262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-15 16:54        428924              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-20 08:48        428924              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2011-11-16 15:57        1519354              c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2011-11-16 15:57        3539554              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2011-11-16 15:57        1047778              c:\windows\system32\perfc007.dat
- 2011-09-03 15:05 . 2011-11-15 16:54        2367768              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-03 15:05 . 2011-11-20 08:48        2367768              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2011-11-18 18:23        11010048              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-11-10 05:43        11010048              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-30 14:21 . 2011-11-20 08:48        53030152              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2814086671-428616876-2365772135-1000-12288.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-8-9 3986552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2010-1-9 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\users\Andy\AppData\Local\Temp\VCdRom.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 atillk64;atillk64;c:\users\Andy\Downloads\winflash\atillk64.sys [2006-07-19 14608]
R3 cpuz130;cpuz130;c:\users\Andy\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-12-23 19952]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\Andy\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"combofix"="c:\combofix\CF7718.3XE" [2009-07-14 344576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:80,bd,9f,72,f2,d0,46,b5,33,09,06,c3,1a,42,90,db,e9,70,e2,db,13,f4,a3,
  0e,54,77,9a,98,38,9f,1b,a0,8d,7c,2f,b8,70,9b,db,af,77,97,96,2d,fc,34,ec,dd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,91,20,96,87,0a,09,33,11,0a,b2,fd,40,3b,ec,05,29,fe,a5,bd,16,
  b1,50,37,b0,70,65,b5,cc,ac,60,08,f7,8c,97,bc,d5,19,c5,e3,66,33,08,38,41,15,\
"rkeysecu"=hex:e9,92,6b,90,85,2a,a1,3a,e2,43,02,51,2e,e4,cc,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-20  09:55:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-20 08:55
ComboFix2.txt  2011-11-15 17:01
.
Vor Suchlauf: 16 Verzeichnis(se), 14.602.141.696 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 14.435.762.176 Bytes frei
.
- - End Of File - - 788D1102211F57CD4AEC89BF48D69024
--- --- ---


Danke für Deine Hilfe

Gruß Andy

cosinus 20.11.2011 12:58
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

rockenderbik 20.11.2011 15:19
Das Tool hat mich nichts gefragt. Ich bin dann gleich auf Scan. Hier der das Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 15:06:22
-----------------------------
15:06:22.391 OS Version: Windows x64 6.1.7600
15:06:22.391 Number of processors: 4 586 0xF0B
15:06:22.392 ComputerName: ANDY-PC UserName: Andy
15:06:22.940 Initialize success
15:06:23.255 AVAST engine defs: 11112000
15:08:14.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6
15:08:14.733 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ100E4 Size: 953869MB BusType: 3
15:08:16.748 Disk 0 MBR read successfully
15:08:16.751 Disk 0 MBR scan
15:08:16.755 Disk 0 Windows 7 default MBR code
15:08:16.758 Service scanning
15:08:18.117 Modules scanning
15:08:18.121 Disk 0 trace - called modules:
15:08:18.129 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:08:18.133 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a54060]
15:08:18.137 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80047fa520]
15:08:18.142 5 ACPI.sys[fffff88000ef5781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0xfffffa800480b060]
15:08:18.299 AVAST engine scan C:\Windows
15:08:19.939 AVAST engine scan C:\Windows\system32
15:09:11.339 AVAST engine scan C:\Windows\system32\drivers
15:09:16.381 AVAST engine scan C:\Users\Andy
15:11:22.027 AVAST engine scan C:\ProgramData
15:12:01.497 Scan finished successfully
15:12:40.494 Disk 0 MBR has been saved successfully to "C:\Users\Andy\Desktop\MBR.dat"
15:12:40.499 The log file has been saved successfully to "C:\Users\Andy\Desktop\aswMBR.txt"

cosinus 20.11.2011 15:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 11:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20