Trojaner-Board - Exp/2010-0840

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Exp/2010-0840 (https://www.trojaner-board.de/104567-exp-2010-0840-a.html)

Hallo Leute,

ich hatte heute die Funde:

EXP/2010-0840.BC
Quelle: C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\15d49b47-4d7ea05f
Quelle: C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2300428c-5405285b

Scan vom 22.10:

Code:

Beginne mit der Suche in 'C:\'

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\33a465c2-709ae481

  [0] Archivtyp: ZIP

  --> buildService/MailAgent.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.LL.2

  --> buildService/VirtualTable.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e0d8316-54406758

  [0] Archivtyp: ZIP

  --> support/ForMail.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6ade6383-7590b44e

  [0] Archivtyp: ZIP

  --> support/ForMail.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1c499420-19e17c2f

  [0] Archivtyp: ZIP

  --> buildService/MailAgent.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO

  --> buildService/VirtualTable.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\756918a0-761dae08

  [0] Archivtyp: ZIP

  --> support/ForMail.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\350c3de2-7fe3f607

  [0] Archivtyp: ZIP

  --> main.class

      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7c47d765-526cab75

  [0] Archivtyp: ZIP

  --> support/ForMail.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2e77cfe9-51a70426

  [0] Archivtyp: ZIP

  --> support/ForMail.class

      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
 

Beginne mit der Desinfektion:

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2e77cfe9-51a70426

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '020ce5e8.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7c47d765-526cab75

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6436aa2c.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\350c3de2-7fe3f607

  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '21b68724.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\756918a0-761dae08

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ea7b545.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1c499420-19e17c2f

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12119939.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6ade6383-7590b44e

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6fd9d96b.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e0d8316-54406758

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4357f622.qua' verschoben!

C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\33a465c2-709ae481

  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN

  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5be8cd8f.qua' verschoben!

Habe im Internet gelesen, dass der EXP/2010-0840 eher ungefährlich bis mittelgefährlich ist. Bei mir ist schon seit längerem die Java Version 6 Update 29 installiert. Kann ich dieses Exploit einfach ignorieren, schnell beheben, oder lohnt sich eher ein Neuaufsetzen (wenn das Entfernen zuuu lange dauert z.B. und es Schaden anrichten kann, da ich gelegentlich mit einem Programm Aktien handle und wichtige Daten angeben muss!!!).

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi und danke erstmal für deine Antwort.

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8046
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

30.10.2011 12:58:48

mbam-log-2011-10-30 (12-58-48).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 367504

Laufzeit: 1 Stunde(n), 38 Minute(n), 8 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=88dc6e29ca8e384f84f41ef245f98433

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-10-30 02:53:47

# local_time=2011-10-30 03:53:47 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 844917 844917 0 0

# compatibility_mode=5893 16776573 100 94 12669 71606235 0 0

# compatibility_mode=8192 67108863 100 0 4004 4004 0 0

# scanned=192796

# found=2

# cleaned=0

# scan_time=10041

C:\Users\Skulls\Downloads\OrbitSetup4.1.00.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

D:\ZBC\Samsung Laptop\Desktop\MsgPlusLive-420.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

Die letzte Meldung in ZBC habe ich einfach manuell gelöscht, weil ich das nie installiert hatte, sondern nur einmal bei einem Freund ein Backup gemacht habe.
Vor den Scans habe ich kurz mit CCleaner alles gesäubert, es kam aber während dem Malwarebytes-Scan die Meldungen von meinem Antivirenprogramm:

Code:

'C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5caf8796-2c0a6eaa'

wurde ein Virus oder unerwünschtes Programm 'EXP/Java.AC' [exploit] gefunden.

Ausgeführte Aktion: Zugriff verweigern
 

Die Datei 'C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5caf8796-2c0a6eaa'

enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.AF' [exploit].

Durchgeführte Aktion(en):

Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49668394.qua' verschoben!

Tja, die EXP/Java.xx kommen irgendwie immer wieder woher.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ohje ist der lang:

Code:

OTL logfile created on: 31.10.2011 01:25:08 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Skulls\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,45% Memory free

3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 29,30 Gb Total Space | 1,16 Gb Free Space | 3,95% Space Free | Partition Type: NTFS

Drive D: | 268,69 Gb Total Space | 120,18 Gb Free Space | 44,73% Space Free | Partition Type: NTFS

 

Computer Name: * | User Name: *| Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.31 00:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe

PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.26 18:17:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\cvpnd.exe

PRC - [2009.12.30 18:36:06 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\cvpnd.exe -- (CVPND)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009.03.28 02:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2005.07.06 11:43:24 | 000,414,720 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcecoms.exe -- (lxce_device)

SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.04.08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010.08.30 10:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)

SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.12.30 18:36:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.03.14 15:53:43 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.01.19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009.09.16 03:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)

DRV:64bit: - [2009.09.02 09:45:38 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.11 21:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2005.01.26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\vsdatant.sys -- (vsdatant)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 EB CB 0C 38 08 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 20:24:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2011.04.30 15:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skulls\AppData\Roaming\mozilla\Extensions

[2011.10.30 10:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions

[2011.05.16 10:47:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.05.01 20:02:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com

[2011.10.21 00:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.06.15 22:38:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.05.04 20:11:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.05.05 14:20:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.07.25 17:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.10.21 00:04:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI

() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI

() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\FACEPASTE.FIREFOX.ADDON@AZABANI.COM.XPI

[2011.10.02 14:18:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.10.02 14:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.02 14:18:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.02 14:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.16 10:47:26 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.10.02 14:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.02 14:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.02 14:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [TaskTray]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: tu-darmstadt.de ([clix] https in Vertrauenswürdige Sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A0050C0-4C72-4B1B-B589-CDD8EA26D540}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\gopher - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: EumexInst - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: FLMOFFICE4DMOUSE - hkey= - key= - C:\Program Files (x86)\Office Mouse\moffice.exe ()

MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

MsConfig:64bit - StartUpReg: HPUsageTracking - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: LXCECATS - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: PrnStatusMX - hkey= - key= - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: routcnf - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()

Drivers32: vidc.lsgc - C:\Windows\SysWow64\lsgc.dll (imc AG)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.10.31 00:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe

[2011.10.29 10:46:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2011.10.23 00:14:17 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\Malwarebytes

[2011.10.23 00:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.23 00:14:01 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.10.23 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.10.21 12:04:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.10.21 00:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.10.20 18:25:01 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\Avira

[2011.10.20 18:24:31 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.10.20 18:24:31 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011.10.20 18:24:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2011.10.20 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.20 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2011.10.16 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack

[2011.10.13 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\DivX

[2011.10.12 20:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.10.12 20:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2011.10.12 20:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2011.10.12 20:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011.10.12 20:22:26 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Local\Apple

[2011.10.12 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011.10.12 20:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2011.10.12 18:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011.10.12 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2011.10.12 18:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2011.10.12 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

[2011.10.12 18:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2010.03.23 12:29:08 | 000,067,760 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\VAInst64.exe

[2010.03.23 12:22:46 | 001,549,088 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\vpngui.exe

[2010.03.23 12:20:18 | 000,217,896 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\SetMTU.exe

[2010.03.23 12:19:32 | 001,528,616 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\cvpnd.exe

[2010.03.23 12:18:40 | 000,181,048 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\ipsecdialer.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.31 01:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.31 00:51:57 | 000,730,813 | R--- | M] () -- C:\Users\Skulls\Desktop\MH_Allgemeine Elktrotechnik Bachelor 2011.pdf

[2011.10.31 00:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe

[2011.10.30 20:44:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.10.30 20:44:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.10.30 20:41:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.10.30 20:41:15 | 000,652,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.10.30 20:41:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.10.30 20:41:15 | 000,129,674 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.10.30 20:41:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.10.30 20:37:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.10.30 20:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.10.30 20:36:48 | 1606,619,136 | -HS- | M] () -- C:\hiberfil.sys

[2011.10.13 08:43:38 | 000,477,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.10.11 15:22:30 | 000,000,215 | ---- | M] () -- C:\Program Files\vpnclient.ini

[2011.10.11 15:22:26 | 000,000,213 | ---- | M] () -- C:\Program Files\internal.ini

[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.10.31 00:51:57 | 000,730,813 | R--- | C] () -- C:\Users\Skulls\Desktop\MH_Allgemeine Elktrotechnik Bachelor 2011.pdf

[2011.10.12 20:22:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011.08.05 16:14:56 | 000,853,829 | ---- | C] () -- C:\Users\Skulls\AppData\Local\census.cache

[2011.08.05 16:14:07 | 000,104,911 | ---- | C] () -- C:\Users\Skulls\AppData\Local\ars.cache

[2011.08.05 15:58:02 | 000,000,036 | ---- | C] () -- C:\Users\Skulls\AppData\Local\housecall.guid.cache

[2011.07.13 22:27:38 | 000,000,596 | ---- | C] () -- C:\Users\Skulls\AppData\Roaming\history.PowerPoint.pwcdat

[2011.06.26 18:17:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

[2011.06.17 19:33:31 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI

[2011.05.27 13:24:00 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll

[2011.05.26 22:17:09 | 000,029,744 | ---- | C] () -- C:\Windows\SysWow64\InstHelper.dll

[2011.05.26 22:17:00 | 000,197,672 | ---- | C] () -- C:\Windows\SysWow64\vpnapi.dll

[2011.05.26 22:16:59 | 000,193,576 | ---- | C] () -- C:\Windows\SysWow64\CSGina.dll

[2011.05.02 22:25:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.04.30 09:39:35 | 000,007,597 | ---- | C] () -- C:\Users\Skulls\AppData\Local\Resmon.ResmonCfg

[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Program Files\vpnapi.dll

[2010.03.23 12:23:26 | 000,176,944 | ---- | C] () -- C:\Program Files\ipseclog.exe

[2010.03.23 12:21:44 | 000,271,144 | ---- | C] () -- C:\Program Files\vpnclient.exe

[2010.03.23 12:21:00 | 000,230,184 | ---- | C] () -- C:\Program Files\ppptool.exe

[2010.03.23 12:10:20 | 001,028,219 | ---- | C] () -- C:\Program Files\cisco_cert_mgr.exe

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.06.14 12:02:52 | 000,000,215 | ---- | C] () -- C:\Program Files\vpnclient.ini

[2007.06.14 12:02:52 | 000,000,213 | ---- | C] () -- C:\Program Files\internal.ini

[2005.09.21 02:57:56 | 004,325,376 | ---- | C] () -- C:\Program Files\qt-mt335.dll

 
 ========== LOP Check ==========

 

[2011.05.08 15:52:04 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Dropbox

[2011.05.05 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\EndNote

[2011.05.06 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\GrabPro

[2011.05.02 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Marvell

[2011.09.06 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Orbit

[2011.05.06 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\ProgSense

[2011.10.01 02:25:38 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.04.30 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Adobe

[2011.10.20 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Avira

[2011.10.13 01:44:47 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\DivX

[2011.05.08 15:52:04 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Dropbox

[2011.05.05 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\EndNote

[2011.05.06 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\GrabPro

[2011.05.01 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Hewlett-Packard

[2011.05.01 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\HP

[2011.04.30 08:42:21 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Identities

[2011.04.30 13:26:43 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Macromedia

[2011.10.23 00:14:17 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Malwarebytes

[2011.05.02 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Marvell

[2011.05.16 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\MathWorks

[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Media Center Programs

[2011.10.28 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Media Player Classic

[2011.09.07 17:28:42 | 000,000,000 | --SD | M] -- C:\Users\Skulls\AppData\Roaming\Microsoft

[2011.04.30 15:22:16 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Mozilla

[2011.09.06 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Orbit

[2011.05.06 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\ProgSense

[2011.10.27 00:41:17 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Skype

[2011.10.26 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\skypePM

[2011.05.02 00:52:02 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.04.26 06:36:24 | 024,131,184 | ---- | M] (Dropbox, Inc.) -- C:\Users\Skulls\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.04.26 06:36:30 | 000,173,248 | ---- | M] (Dropbox, Inc.) -- C:\Users\Skulls\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.09.01 14:40:18 | 000,188,152 | ---- | M] () -- C:\Users\Skulls\AppData\Roaming\Mozilla\Firefox\Profiles\eq5eo9ld.default\FlashGot.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2010.11.11 17:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010.11.11 17:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 EB CB 0C 38 08 CC 01  [binary data]

IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

[2011.05.16 10:47:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

[2011.05.01 20:02:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [TaskTray]  File not found

O32 - HKLM CDRom: AutoRun - 1
 

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Oh, ich hab beim ersten Suchlauf ALLE Programme, bis auf den Virenscanner beendet. Muss ich das alles nochmal machen, oder war das einfach nur zur Sicherheit, damit es nicht abstürzt?

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Skulls

->Temp folder emptied: 67946 bytes

->Temporary Internet Files folder emptied: 147858 bytes

->Java cache emptied: 4363 bytes

->FireFox cache emptied: 45836936 bytes

->Flash cache emptied: 1964 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 843688 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 45,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_221651
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Skulls\AppData\Local\Temp\OICE_E7720B06-A7A0-4188-AFB1-44AB7A93F65A.0\6D61AC60. not found!

C:\Users\Skulls\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

War alles ok. Ichweiß ja nicht. Hab ich jetzt was? Oder finde ich nur nix, obwohl du was vermutest?
Habe unhide jetzt nicht ausgeführt, weil ich alles sehen und ausführen konnte.

Code:

02:36:16.0854 1320        TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

02:36:17.0010 1320        ============================================================

02:36:17.0010 1320        Current date / time: 2011/11/01 02:36:17.0010

02:36:17.0010 1320        SystemInfo:

02:36:17.0010 1320        

02:36:17.0010 1320        OS Version: 6.1.7601 ServicePack: 1.0

02:36:17.0010 1320        Product type: Workstation

02:36:17.0010 1320        ComputerName: *

02:36:17.0010 1320        UserName: *

02:36:17.0010 1320        Windows directory: C:\Windows

02:36:17.0010 1320        System windows directory: C:\Windows

02:36:17.0010 1320        Running under WOW64

02:36:17.0010 1320        Processor architecture: Intel x64

02:36:17.0010 1320        Number of processors: 2

02:36:17.0010 1320        Page size: 0x1000

02:36:17.0010 1320        Boot type: Normal boot

02:36:17.0010 1320        ============================================================

02:36:18.0133 1320        Initialize success

02:38:09.0642 2436        ============================================================

02:38:09.0642 2436        Scan started

02:38:09.0642 2436        Mode: Manual; SigCheck; TDLFS; 

02:38:09.0642 2436        ============================================================

02:38:10.0516 2436        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

02:38:10.0703 2436        1394ohci - ok

02:38:10.0797 2436        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

02:38:10.0828 2436        ACPI - ok

02:38:10.0875 2436        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

02:38:10.0953 2436        AcpiPmi - ok

02:38:11.0109 2436        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

02:38:11.0171 2436        adp94xx - ok

02:38:11.0218 2436        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

02:38:11.0233 2436        adpahci - ok

02:38:11.0249 2436        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

02:38:11.0280 2436        adpu320 - ok

02:38:11.0343 2436        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

02:38:11.0452 2436        AFD - ok

02:38:11.0530 2436        AgereSoftModem  (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys

02:38:11.0670 2436        AgereSoftModem - ok

02:38:11.0717 2436        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

02:38:11.0733 2436        agp440 - ok

02:38:11.0779 2436        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

02:38:11.0795 2436        aliide - ok

02:38:11.0826 2436        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

02:38:11.0842 2436        amdide - ok

02:38:11.0889 2436        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

02:38:11.0951 2436        AmdK8 - ok

02:38:11.0967 2436        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

02:38:12.0013 2436        AmdPPM - ok

02:38:12.0045 2436        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

02:38:12.0060 2436        amdsata - ok

02:38:12.0091 2436        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

02:38:12.0123 2436        amdsbs - ok

02:38:12.0138 2436        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

02:38:12.0154 2436        amdxata - ok

02:38:12.0247 2436        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

02:38:12.0466 2436        AppID - ok

02:38:12.0575 2436        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

02:38:12.0606 2436        arc - ok

02:38:12.0653 2436        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

02:38:12.0669 2436        arcsas - ok

02:38:12.0700 2436        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:38:12.0887 2436        AsyncMac - ok

02:38:12.0918 2436        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

02:38:12.0918 2436        atapi - ok

02:38:13.0012 2436        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

02:38:13.0215 2436        avgntflt - ok

02:38:13.0371 2436        avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys

02:38:13.0386 2436        avipbb - ok

02:38:13.0417 2436        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

02:38:13.0433 2436        avkmgr - ok

02:38:13.0495 2436        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

02:38:13.0573 2436        b06bdrv - ok

02:38:13.0636 2436        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:38:13.0698 2436        b57nd60a - ok

02:38:13.0745 2436        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:38:13.0823 2436        Beep - ok

02:38:13.0885 2436        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

02:38:13.0901 2436        blbdrive - ok

02:38:13.0932 2436        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

02:38:13.0995 2436        bowser - ok

02:38:14.0026 2436        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:38:14.0119 2436        BrFiltLo - ok

02:38:14.0135 2436        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:38:14.0151 2436        BrFiltUp - ok

02:38:14.0182 2436        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:38:14.0229 2436        Brserid - ok

02:38:14.0244 2436        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:38:14.0275 2436        BrSerWdm - ok

02:38:14.0322 2436        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:38:14.0353 2436        BrUsbMdm - ok

02:38:14.0369 2436        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:38:14.0400 2436        BrUsbSer - ok

02:38:14.0431 2436        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

02:38:14.0463 2436        BTHMODEM - ok

02:38:14.0525 2436        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:38:14.0572 2436        cdfs - ok

02:38:14.0619 2436        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

02:38:14.0665 2436        cdrom - ok

02:38:14.0728 2436        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

02:38:14.0759 2436        circlass - ok

02:38:14.0790 2436        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:38:14.0821 2436        CLFS - ok

02:38:14.0868 2436        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

02:38:14.0915 2436        CmBatt - ok

02:38:14.0946 2436        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

02:38:14.0977 2436        cmdide - ok

02:38:15.0009 2436        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

02:38:15.0055 2436        CNG - ok

02:38:15.0102 2436        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

02:38:15.0133 2436        Compbatt - ok

02:38:15.0165 2436        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

02:38:15.0227 2436        CompositeBus - ok

02:38:15.0258 2436        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

02:38:15.0274 2436        crcdisk - ok

02:38:15.0352 2436        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

02:38:15.0430 2436        CSC - ok

02:38:15.0461 2436        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

02:38:15.0477 2436        CVirtA - ok

02:38:15.0570 2436        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

02:38:15.0601 2436        CVPNDRVA - ok

02:38:15.0679 2436        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

02:38:15.0757 2436        DfsC - ok

02:38:15.0773 2436        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:38:15.0835 2436        discache - ok

02:38:15.0851 2436        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

02:38:15.0882 2436        Disk - ok

02:38:15.0929 2436        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

02:38:15.0929 2436        DNE - ok

02:38:15.0991 2436        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:38:16.0023 2436        drmkaud - ok

02:38:16.0085 2436        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

02:38:16.0179 2436        DXGKrnl - ok

02:38:16.0210 2436        E504C - ok

02:38:16.0319 2436        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

02:38:16.0475 2436        ebdrv - ok

02:38:16.0522 2436        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

02:38:16.0569 2436        elxstor - ok

02:38:16.0584 2436        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

02:38:16.0647 2436        ErrDev - ok

02:38:16.0693 2436        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:38:16.0740 2436        exfat - ok

02:38:16.0771 2436        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:38:16.0818 2436        fastfat - ok

02:38:16.0865 2436        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

02:38:16.0912 2436        fdc - ok

02:38:16.0943 2436        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:38:16.0959 2436        FileInfo - ok

02:38:16.0974 2436        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:38:17.0021 2436        Filetrace - ok

02:38:17.0052 2436        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

02:38:17.0068 2436        flpydisk - ok

02:38:17.0115 2436        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

02:38:17.0161 2436        FltMgr - ok

02:38:17.0177 2436        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:38:17.0193 2436        FsDepends - ok

02:38:17.0208 2436        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

02:38:17.0224 2436        Fs_Rec - ok

02:38:17.0271 2436        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

02:38:17.0317 2436        fvevol - ok

02:38:17.0333 2436        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

02:38:17.0349 2436        gagp30kx - ok

02:38:17.0380 2436        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:38:17.0411 2436        hcw85cir - ok

02:38:17.0473 2436        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

02:38:17.0536 2436        HdAudAddService - ok

02:38:17.0567 2436        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

02:38:17.0598 2436        HDAudBus - ok

02:38:17.0629 2436        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

02:38:17.0661 2436        HidBatt - ok

02:38:17.0676 2436        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

02:38:17.0707 2436        HidBth - ok

02:38:17.0739 2436        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

02:38:17.0770 2436        HidIr - ok

02:38:17.0817 2436        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

02:38:17.0848 2436        HidUsb - ok

02:38:17.0879 2436        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

02:38:17.0895 2436        HpSAMD - ok

02:38:17.0957 2436        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

02:38:18.0035 2436        HTTP - ok

02:38:18.0066 2436        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

02:38:18.0082 2436        hwpolicy - ok

02:38:18.0144 2436        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

02:38:18.0175 2436        i8042prt - ok

02:38:18.0222 2436        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

02:38:18.0253 2436        iaStorV - ok

02:38:18.0300 2436        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

02:38:18.0316 2436        iirsp - ok

02:38:18.0441 2436        IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys

02:38:18.0597 2436        IntcAzAudAddService - ok

02:38:18.0659 2436        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

02:38:18.0675 2436        intelide - ok

02:38:18.0721 2436        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

02:38:18.0753 2436        intelppm - ok

02:38:18.0799 2436        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:38:18.0846 2436        IpFilterDriver - ok

02:38:18.0893 2436        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

02:38:18.0924 2436        IPMIDRV - ok

02:38:18.0940 2436        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:38:18.0987 2436        IPNAT - ok

02:38:19.0018 2436        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:38:19.0065 2436        IRENUM - ok

02:38:19.0096 2436        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

02:38:19.0111 2436        isapnp - ok

02:38:19.0143 2436        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

02:38:19.0174 2436        iScsiPrt - ok

02:38:19.0205 2436        k57nd60a        (1d7aab58f4e21697af8f46eaa81823dd) C:\Windows\system32\DRIVERS\k57nd60a.sys

02:38:19.0236 2436        k57nd60a - ok

02:38:19.0283 2436        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

02:38:19.0299 2436        kbdclass - ok

02:38:19.0330 2436        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

02:38:19.0377 2436        kbdhid - ok

02:38:19.0455 2436        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

02:38:19.0486 2436        KSecDD - ok

02:38:19.0517 2436        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

02:38:19.0548 2436        KSecPkg - ok

02:38:19.0579 2436        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:38:19.0657 2436        ksthunk - ok

02:38:19.0720 2436        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:38:19.0782 2436        lltdio - ok

02:38:19.0813 2436        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

02:38:19.0829 2436        LSI_FC - ok

02:38:19.0845 2436        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

02:38:19.0876 2436        LSI_SAS - ok

02:38:19.0891 2436        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:38:19.0907 2436        LSI_SAS2 - ok

02:38:19.0938 2436        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:38:19.0954 2436        LSI_SCSI - ok

02:38:19.0985 2436        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:38:20.0032 2436        luafv - ok

02:38:20.0125 2436        mdf16 - ok

02:38:20.0203 2436        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

02:38:20.0235 2436        megasas - ok

02:38:20.0281 2436        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

02:38:20.0328 2436        MegaSR - ok

02:38:20.0375 2436        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:38:20.0422 2436        Modem - ok

02:38:20.0437 2436        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:38:20.0469 2436        monitor - ok

02:38:20.0515 2436        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

02:38:20.0531 2436        mouclass - ok

02:38:20.0578 2436        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:38:20.0593 2436        mouhid - ok

02:38:20.0625 2436        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

02:38:20.0656 2436        mountmgr - ok

02:38:20.0687 2436        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

02:38:20.0703 2436        mpio - ok

02:38:20.0718 2436        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:38:20.0781 2436        mpsdrv - ok

02:38:20.0827 2436        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

02:38:20.0890 2436        MRxDAV - ok

02:38:20.0937 2436        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:38:20.0983 2436        mrxsmb - ok

02:38:21.0015 2436        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:38:21.0077 2436        mrxsmb10 - ok

02:38:21.0093 2436        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:38:21.0108 2436        mrxsmb20 - ok

02:38:21.0171 2436        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

02:38:21.0186 2436        msahci - ok

02:38:21.0217 2436        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

02:38:21.0249 2436        msdsm - ok

02:38:21.0295 2436        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:38:21.0327 2436        Msfs - ok

02:38:21.0358 2436        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:38:21.0420 2436        mshidkmdf - ok

02:38:21.0436 2436        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

02:38:21.0436 2436        msisadrv - ok

02:38:21.0483 2436        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:38:21.0529 2436        MSKSSRV - ok

02:38:21.0545 2436        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:38:21.0607 2436        MSPCLOCK - ok

02:38:21.0639 2436        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:38:21.0701 2436        MSPQM - ok

02:38:21.0748 2436        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

02:38:21.0795 2436        MsRPC - ok

02:38:21.0826 2436        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

02:38:21.0841 2436        mssmbios - ok

02:38:21.0888 2436        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:38:21.0966 2436        MSTEE - ok

02:38:21.0997 2436        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

02:38:22.0029 2436        MTConfig - ok

02:38:22.0075 2436        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:38:22.0091 2436        Mup - ok

02:38:22.0169 2436        mvd22 - ok

02:38:22.0263 2436        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:38:22.0309 2436        NativeWifiP - ok

02:38:22.0434 2436        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

02:38:22.0497 2436        NDIS - ok

02:38:22.0543 2436        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:38:22.0606 2436        NdisCap - ok

02:38:22.0621 2436        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:38:22.0653 2436        NdisTapi - ok

02:38:22.0684 2436        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

02:38:22.0746 2436        Ndisuio - ok

02:38:22.0777 2436        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

02:38:22.0824 2436        NdisWan - ok

02:38:22.0855 2436        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

02:38:22.0918 2436        NDProxy - ok

02:38:22.0965 2436        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:38:23.0011 2436        NetBIOS - ok

02:38:23.0058 2436        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

02:38:23.0121 2436        NetBT - ok

02:38:23.0355 2436        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

02:38:23.0620 2436        NETw5s64 - ok

02:38:23.0901 2436        NETwNs64        (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys

02:38:24.0213 2436        NETwNs64 - ok

02:38:24.0306 2436        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

02:38:24.0322 2436        nfrd960 - ok

02:38:24.0384 2436        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:38:24.0431 2436        Npfs - ok

02:38:24.0462 2436        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:38:24.0509 2436        nsiproxy - ok

02:38:24.0587 2436        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

02:38:24.0696 2436        Ntfs - ok

02:38:24.0696 2436        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:38:24.0759 2436        Null - ok

02:38:24.0805 2436        NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys

02:38:24.0821 2436        NVHDA - ok

02:38:25.0149 2436        nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys

02:38:25.0648 2436        nvlddmkm - ok

02:38:25.0788 2436        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

02:38:25.0819 2436        nvraid - ok

02:38:25.0882 2436        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

02:38:25.0913 2436        nvstor - ok

02:38:25.0944 2436        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

02:38:25.0960 2436        nv_agp - ok

02:38:25.0991 2436        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

02:38:26.0022 2436        ohci1394 - ok

02:38:26.0085 2436        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

02:38:26.0100 2436        Parport - ok

02:38:26.0131 2436        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

02:38:26.0147 2436        partmgr - ok

02:38:26.0163 2436        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

02:38:26.0194 2436        pci - ok

02:38:26.0209 2436        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

02:38:26.0225 2436        pciide - ok

02:38:26.0256 2436        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

02:38:26.0272 2436        pcmcia - ok

02:38:26.0287 2436        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:38:26.0303 2436        pcw - ok

02:38:26.0334 2436        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:38:26.0412 2436        PEAUTH - ok

02:38:26.0521 2436        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

02:38:26.0584 2436        PptpMiniport - ok

02:38:26.0599 2436        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

02:38:26.0646 2436        Processor - ok

02:38:26.0709 2436        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

02:38:26.0771 2436        Psched - ok

02:38:26.0818 2436        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

02:38:26.0911 2436        ql2300 - ok

02:38:26.0927 2436        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

02:38:26.0958 2436        ql40xx - ok

02:38:26.0974 2436        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:38:27.0005 2436        QWAVEdrv - ok

02:38:27.0021 2436        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:38:27.0083 2436        RasAcd - ok

02:38:27.0114 2436        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:38:27.0161 2436        RasAgileVpn - ok

02:38:27.0192 2436        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:38:27.0270 2436        Rasl2tp - ok

02:38:27.0301 2436        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:38:27.0348 2436        RasPppoe - ok

02:38:27.0379 2436        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:38:27.0442 2436        RasSstp - ok

02:38:27.0473 2436        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

02:38:27.0582 2436        rdbss - ok

02:38:27.0598 2436        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

02:38:27.0629 2436        rdpbus - ok

02:38:27.0676 2436        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:38:27.0738 2436        RDPCDD - ok

02:38:27.0769 2436        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

02:38:27.0801 2436        RDPDR - ok

02:38:27.0832 2436        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:38:27.0879 2436        RDPENCDD - ok

02:38:27.0894 2436        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:38:27.0941 2436        RDPREFMP - ok

02:38:28.0003 2436        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

02:38:28.0035 2436        RdpVideoMiniport - ok

02:38:28.0066 2436        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

02:38:28.0113 2436        RDPWD - ok

02:38:28.0175 2436        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

02:38:28.0206 2436        rdyboost - ok

02:38:28.0269 2436        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:38:28.0315 2436        rspndr - ok

02:38:28.0347 2436        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

02:38:28.0378 2436        s3cap - ok

02:38:28.0393 2436        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

02:38:28.0409 2436        sbp2port - ok

02:38:28.0456 2436        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

02:38:28.0518 2436        scfilter - ok

02:38:28.0565 2436        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:38:28.0627 2436        secdrv - ok

02:38:28.0659 2436        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

02:38:28.0690 2436        Serenum - ok

02:38:28.0721 2436        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

02:38:28.0768 2436        Serial - ok

02:38:28.0799 2436        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

02:38:28.0815 2436        sermouse - ok

02:38:28.0862 2436        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

02:38:28.0893 2436        sffdisk - ok

02:38:28.0908 2436        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

02:38:28.0924 2436        sffp_mmc - ok

02:38:28.0940 2436        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

02:38:28.0971 2436        sffp_sd - ok

02:38:29.0002 2436        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

02:38:29.0033 2436        sfloppy - ok

02:38:29.0064 2436        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:38:29.0080 2436        SiSRaid2 - ok

02:38:29.0096 2436        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

02:38:29.0111 2436        SiSRaid4 - ok

02:38:29.0142 2436        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:38:29.0205 2436        Smb - ok

02:38:29.0252 2436        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:38:29.0252 2436        spldr - ok

02:38:29.0314 2436        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

02:38:29.0392 2436        srv - ok

02:38:29.0423 2436        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

02:38:29.0486 2436        srv2 - ok

02:38:29.0517 2436        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

02:38:29.0564 2436        srvnet - ok

02:38:29.0610 2436        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

02:38:29.0626 2436        stexstor - ok

02:38:29.0688 2436        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

02:38:29.0704 2436        storflt - ok

02:38:29.0735 2436        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

02:38:29.0751 2436        storvsc - ok

02:38:29.0766 2436        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

02:38:29.0782 2436        swenum - ok

02:38:29.0813 2436        Synth3dVsc - ok

02:38:29.0907 2436        Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

02:38:30.0032 2436        Tcpip - ok

02:38:30.0094 2436        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

02:38:30.0141 2436        TCPIP6 - ok

02:38:30.0188 2436        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

02:38:30.0234 2436        tcpipreg - ok

02:38:30.0297 2436        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:38:30.0344 2436        TDPIPE - ok

02:38:30.0359 2436        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

02:38:30.0406 2436        TDTCP - ok

02:38:30.0453 2436        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

02:38:30.0500 2436        tdx - ok

02:38:30.0531 2436        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

02:38:30.0562 2436        TermDD - ok

02:38:30.0609 2436        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:38:30.0656 2436        tssecsrv - ok

02:38:30.0702 2436        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

02:38:30.0718 2436        TsUsbFlt - ok

02:38:30.0734 2436        tsusbhub - ok

02:38:30.0780 2436        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

02:38:30.0827 2436        tunnel - ok

02:38:30.0858 2436        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

02:38:30.0874 2436        uagp35 - ok

02:38:30.0905 2436        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

02:38:30.0968 2436        udfs - ok

02:38:30.0999 2436        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

02:38:31.0014 2436        uliagpkx - ok

02:38:31.0061 2436        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

02:38:31.0092 2436        umbus - ok

02:38:31.0108 2436        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

02:38:31.0139 2436        UmPass - ok

02:38:31.0186 2436        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

02:38:31.0217 2436        usbccgp - ok

02:38:31.0248 2436        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

02:38:31.0280 2436        usbcir - ok

02:38:31.0311 2436        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

02:38:31.0326 2436        usbehci - ok

02:38:31.0389 2436        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

02:38:31.0436 2436        usbhub - ok

02:38:31.0467 2436        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

02:38:31.0482 2436        usbohci - ok

02:38:31.0514 2436        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

02:38:31.0545 2436        usbprint - ok

02:38:31.0592 2436        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

02:38:31.0638 2436        usbscan - ok

02:38:31.0670 2436        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:38:31.0685 2436        USBSTOR - ok

02:38:31.0716 2436        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

02:38:31.0748 2436        usbuhci - ok

02:38:31.0779 2436        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

02:38:31.0810 2436        usbvideo - ok

02:38:31.0841 2436        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

02:38:31.0857 2436        vdrvroot - ok

02:38:31.0904 2436        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:38:31.0919 2436        vga - ok

02:38:31.0950 2436        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:38:31.0997 2436        VgaSave - ok

02:38:32.0013 2436        VGPU - ok

02:38:32.0044 2436        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys

02:38:32.0060 2436        vhdmp - ok

02:38:32.0091 2436        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

02:38:32.0106 2436        viaide - ok

02:38:32.0138 2436        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

02:38:32.0153 2436        vmbus - ok

02:38:32.0169 2436        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

02:38:32.0200 2436        VMBusHID - ok

02:38:32.0216 2436        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

02:38:32.0231 2436        volmgr - ok

02:38:32.0278 2436        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

02:38:32.0309 2436        volmgrx - ok

02:38:32.0340 2436        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

02:38:32.0372 2436        volsnap - ok

02:38:32.0387 2436        vsdatant - ok

02:38:32.0418 2436        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

02:38:32.0450 2436        vsmraid - ok

02:38:32.0465 2436        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:38:32.0496 2436        vwifibus - ok

02:38:32.0512 2436        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:38:32.0543 2436        vwififlt - ok

02:38:32.0559 2436        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

02:38:32.0590 2436        WacomPen - ok

02:38:32.0637 2436        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:38:32.0699 2436        WANARP - ok

02:38:32.0699 2436        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:38:32.0746 2436        Wanarpv6 - ok

02:38:32.0777 2436        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

02:38:32.0793 2436        Wd - ok

02:38:32.0824 2436        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:38:32.0871 2436        Wdf01000 - ok

02:38:32.0902 2436        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:38:32.0949 2436        WfpLwf - ok

02:38:32.0964 2436        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:38:32.0980 2436        WIMMount - ok

02:38:33.0042 2436        WinDriver6      (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys

02:38:33.0089 2436        WinDriver6 - ok

02:38:33.0167 2436        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

02:38:33.0198 2436        WmiAcpi - ok

02:38:33.0245 2436        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:38:33.0292 2436        ws2ifsl - ok

02:38:33.0339 2436        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

02:38:33.0401 2436        WudfPf - ok

02:38:33.0448 2436        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:38:33.0495 2436        WUDFRd - ok

02:38:33.0526 2436        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

02:38:33.0729 2436        \Device\Harddisk0\DR0 - ok

02:38:33.0729 2436        Boot (0x1200)   (21024f24d09098c2c2e4868a73eceb40) \Device\Harddisk0\DR0\Partition0

02:38:33.0729 2436        \Device\Harddisk0\DR0\Partition0 - ok

02:38:33.0776 2436        Boot (0x1200)   (d6d82d57183cacda9755d2270b03dc03) \Device\Harddisk0\DR0\Partition1

02:38:33.0776 2436        \Device\Harddisk0\DR0\Partition1 - ok

02:38:33.0791 2436        Boot (0x1200)   (18ccaae9dded57674ca72cbc6617c2ef) \Device\Harddisk0\DR0\Partition2

02:38:33.0791 2436        \Device\Harddisk0\DR0\Partition2 - ok

02:38:33.0791 2436        ============================================================

02:38:33.0791 2436        Scan finished

02:38:33.0791 2436        ============================================================

02:38:33.0807 2288        Detected object count: 0

02:38:33.0807 2288        Actual detected object count: 0

02:38:49.0157 2388        ============================================================

02:38:49.0157 2388        Scan started

02:38:49.0157 2388        Mode: Manual; SigCheck; TDLFS; 

02:38:49.0157 2388        ============================================================

02:38:49.0734 2388        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

02:38:49.0781 2388        1394ohci - ok

02:38:49.0812 2388        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

02:38:49.0828 2388        ACPI - ok

02:38:49.0844 2388        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

02:38:49.0859 2388        AcpiPmi - ok

02:38:49.0906 2388        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

02:38:49.0922 2388        adp94xx - ok

02:38:49.0953 2388        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

02:38:49.0968 2388        adpahci - ok

02:38:49.0984 2388        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

02:38:50.0000 2388        adpu320 - ok

02:38:50.0031 2388        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

02:38:50.0062 2388        AFD - ok

02:38:50.0124 2388        AgereSoftModem  (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys

02:38:50.0140 2388        AgereSoftModem - ok

02:38:50.0171 2388        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

02:38:50.0187 2388        agp440 - ok

02:38:50.0218 2388        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

02:38:50.0218 2388        aliide - ok

02:38:50.0234 2388        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

02:38:50.0249 2388        amdide - ok

02:38:50.0265 2388        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

02:38:50.0280 2388        AmdK8 - ok

02:38:50.0296 2388        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

02:38:50.0312 2388        AmdPPM - ok

02:38:50.0327 2388        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

02:38:50.0343 2388        amdsata - ok

02:38:50.0358 2388        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

02:38:50.0374 2388        amdsbs - ok

02:38:50.0390 2388        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

02:38:50.0405 2388        amdxata - ok

02:38:50.0436 2388        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

02:38:50.0468 2388        AppID - ok

02:38:50.0499 2388        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

02:38:50.0514 2388        arc - ok

02:38:50.0546 2388        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

02:38:50.0546 2388        arcsas - ok

02:38:50.0577 2388        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:38:50.0608 2388        AsyncMac - ok

02:38:50.0624 2388        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

02:38:50.0639 2388        atapi - ok

02:38:50.0670 2388        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

02:38:50.0686 2388        avgntflt - ok

02:38:50.0702 2388        avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys

02:38:50.0717 2388        avipbb - ok

02:38:50.0733 2388        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

02:38:50.0733 2388        avkmgr - ok

02:38:50.0780 2388        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

02:38:50.0811 2388        b06bdrv - ok

02:38:50.0826 2388        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:38:50.0842 2388        b57nd60a - ok

02:38:50.0873 2388        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:38:50.0904 2388        Beep - ok

02:38:50.0936 2388        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

02:38:50.0951 2388        blbdrive - ok

02:38:50.0998 2388        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

02:38:50.0998 2388        bowser - ok

02:38:51.0029 2388        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:38:51.0045 2388        BrFiltLo - ok

02:38:51.0060 2388        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:38:51.0076 2388        BrFiltUp - ok

02:38:51.0107 2388        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:38:51.0123 2388        Brserid - ok

02:38:51.0138 2388        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:38:51.0154 2388        BrSerWdm - ok

02:38:51.0170 2388        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:38:51.0185 2388        BrUsbMdm - ok

02:38:51.0201 2388        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:38:51.0216 2388        BrUsbSer - ok

02:38:51.0232 2388        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

02:38:51.0248 2388        BTHMODEM - ok

02:38:51.0279 2388        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:38:51.0310 2388        cdfs - ok

02:38:51.0357 2388        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

02:38:51.0357 2388        cdrom - ok

02:38:51.0388 2388        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

02:38:51.0404 2388        circlass - ok

02:38:51.0435 2388        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:38:51.0450 2388        CLFS - ok

02:38:51.0482 2388        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

02:38:51.0497 2388        CmBatt - ok

02:38:51.0513 2388        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

02:38:51.0528 2388        cmdide - ok

02:38:51.0560 2388        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

02:38:51.0575 2388        CNG - ok

02:38:51.0591 2388        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

02:38:51.0606 2388        Compbatt - ok

02:38:51.0638 2388        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

02:38:51.0653 2388        CompositeBus - ok

02:38:51.0669 2388        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

02:38:51.0684 2388        crcdisk - ok

02:38:51.0716 2388        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

02:38:51.0731 2388        CSC - ok

02:38:51.0762 2388        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

02:38:51.0778 2388        CVirtA - ok

02:38:51.0809 2388        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

02:38:51.0825 2388        CVPNDRVA - ok

02:38:51.0872 2388        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

02:38:51.0918 2388        DfsC - ok

02:38:51.0934 2388        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:38:51.0965 2388        discache - ok

02:38:51.0981 2388        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

02:38:51.0996 2388        Disk - ok

02:38:52.0012 2388        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

02:38:52.0028 2388        DNE - ok

02:38:52.0059 2388        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:38:52.0074 2388        drmkaud - ok

02:38:52.0121 2388        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

02:38:52.0152 2388        DXGKrnl - ok

02:38:52.0168 2388        E504C - ok

02:38:52.0262 2388        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

02:38:52.0324 2388        ebdrv - ok

02:38:52.0355 2388        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

02:38:52.0386 2388        elxstor - ok

02:38:52.0402 2388        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

02:38:52.0418 2388        ErrDev - ok

02:38:52.0449 2388        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:38:52.0480 2388        exfat - ok

02:38:52.0511 2388        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:38:52.0542 2388        fastfat - ok

02:38:52.0574 2388        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

02:38:52.0589 2388        fdc - ok

02:38:52.0620 2388        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:38:52.0636 2388        FileInfo - ok

02:38:52.0636 2388        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:38:52.0683 2388        Filetrace - ok

02:38:52.0698 2388        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

02:38:52.0714 2388        flpydisk - ok

02:38:52.0745 2388        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

02:38:52.0761 2388        FltMgr - ok

02:38:52.0792 2388        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:38:52.0792 2388        FsDepends - ok

02:38:52.0823 2388        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

02:38:52.0823 2388        Fs_Rec - ok

02:38:52.0870 2388        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

02:38:52.0886 2388        fvevol - ok

02:38:52.0901 2388        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

02:38:52.0917 2388        gagp30kx - ok

02:38:52.0932 2388        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:38:52.0948 2388        hcw85cir - ok

02:38:52.0995 2388        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

02:38:53.0010 2388        HdAudAddService - ok

02:38:53.0042 2388        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

02:38:53.0057 2388        HDAudBus - ok

02:38:53.0088 2388        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

02:38:53.0088 2388        HidBatt - ok

02:38:53.0120 2388        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

02:38:53.0135 2388        HidBth - ok

02:38:53.0151 2388        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

02:38:53.0166 2388        HidIr - ok

02:38:53.0198 2388        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

02:38:53.0213 2388        HidUsb - ok

02:38:53.0244 2388        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

02:38:53.0260 2388        HpSAMD - ok

02:38:53.0291 2388        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

02:38:53.0338 2388        HTTP - ok

02:38:53.0369 2388        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

02:38:53.0369 2388        hwpolicy - ok

02:38:53.0400 2388        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

02:38:53.0400 2388        i8042prt - ok

02:38:53.0432 2388        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

02:38:53.0447 2388        iaStorV - ok

02:38:53.0478 2388        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

02:38:53.0494 2388        iirsp - ok

02:38:53.0603 2388        IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys

02:38:53.0650 2388        IntcAzAudAddService - ok

02:38:53.0681 2388        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

02:38:53.0681 2388        intelide - ok

02:38:53.0712 2388        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

02:38:53.0728 2388        intelppm - ok

02:38:53.0759 2388        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:38:53.0806 2388        IpFilterDriver - ok

02:38:53.0822 2388        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

02:38:53.0837 2388        IPMIDRV - ok

02:38:53.0853 2388        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:38:53.0884 2388        IPNAT - ok

02:38:53.0915 2388        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:38:53.0931 2388        IRENUM - ok

02:38:53.0946 2388        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

02:38:53.0962 2388        isapnp - ok

02:38:53.0978 2388        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

02:38:53.0993 2388        iScsiPrt - ok

02:38:54.0040 2388        k57nd60a        (1d7aab58f4e21697af8f46eaa81823dd) C:\Windows\system32\DRIVERS\k57nd60a.sys

02:38:54.0056 2388        k57nd60a - ok

02:38:54.0087 2388        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

02:38:54.0102 2388        kbdclass - ok

02:38:54.0134 2388        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

02:38:54.0134 2388        kbdhid - ok

02:38:54.0180 2388        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

02:38:54.0180 2388        KSecDD - ok

02:38:54.0227 2388        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

02:38:54.0227 2388        KSecPkg - ok

02:38:54.0258 2388        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:38:54.0305 2388        ksthunk - ok

02:38:54.0321 2388        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:38:54.0368 2388        lltdio - ok

02:38:54.0399 2388        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

02:38:54.0399 2388        LSI_FC - ok

02:38:54.0430 2388        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

02:38:54.0446 2388        LSI_SAS - ok

02:38:54.0461 2388        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:38:54.0477 2388        LSI_SAS2 - ok

02:38:54.0508 2388        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:38:54.0524 2388        LSI_SCSI - ok

02:38:54.0539 2388        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:38:54.0570 2388        luafv - ok

02:38:54.0648 2388        mdf16 - ok

02:38:54.0664 2388        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

02:38:54.0680 2388        megasas - ok

02:38:54.0711 2388        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

02:38:54.0726 2388        MegaSR - ok

02:38:54.0758 2388        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:38:54.0789 2388        Modem - ok

02:38:54.0804 2388        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:38:54.0820 2388        monitor - ok

02:38:54.0851 2388        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

02:38:54.0867 2388        mouclass - ok

02:38:54.0882 2388        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:38:54.0898 2388        mouhid - ok

02:38:54.0929 2388        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

02:38:54.0945 2388        mountmgr - ok

02:38:54.0976 2388        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

02:38:54.0976 2388        mpio - ok

02:38:55.0007 2388        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:38:55.0038 2388        mpsdrv - ok

02:38:55.0085 2388        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

02:38:55.0116 2388        MRxDAV - ok

02:38:55.0148 2388        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:38:55.0163 2388        mrxsmb - ok

02:38:55.0210 2388        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:38:55.0226 2388        mrxsmb10 - ok

02:38:55.0257 2388        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:38:55.0272 2388        mrxsmb20 - ok

02:38:55.0288 2388        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

02:38:55.0304 2388        msahci - ok

02:38:55.0350 2388        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

02:38:55.0366 2388        msdsm - ok

02:38:55.0413 2388        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:38:55.0444 2388        Msfs - ok

02:38:55.0460 2388        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:38:55.0491 2388        mshidkmdf - ok

02:38:55.0522 2388        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

02:38:55.0538 2388        msisadrv - ok

02:38:55.0553 2388        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:38:55.0584 2388        MSKSSRV - ok

02:38:55.0600 2388        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:38:55.0647 2388        MSPCLOCK - ok

02:38:55.0662 2388        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:38:55.0694 2388        MSPQM - ok

02:38:55.0725 2388        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

02:38:55.0740 2388        MsRPC - ok

02:38:55.0772 2388        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

02:38:55.0787 2388        mssmbios - ok

02:38:55.0803 2388        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:38:55.0834 2388        MSTEE - ok

02:38:55.0865 2388        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

02:38:55.0881 2388        MTConfig - ok

02:38:55.0896 2388        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:38:55.0912 2388        Mup - ok

02:38:55.0974 2388        mvd22 - ok

02:38:56.0006 2388        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:38:56.0037 2388        NativeWifiP - ok

02:38:56.0084 2388        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

02:38:56.0130 2388        NDIS - ok

02:38:56.0162 2388        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:38:56.0193 2388        NdisCap - ok

02:38:56.0208 2388        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:38:56.0240 2388        NdisTapi - ok

02:38:56.0271 2388        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

02:38:56.0302 2388        Ndisuio - ok

02:38:56.0349 2388        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

02:38:56.0396 2388        NdisWan - ok

02:38:56.0427 2388        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

02:38:56.0458 2388        NDProxy - ok

02:38:56.0489 2388        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:38:56.0520 2388        NetBIOS - ok

02:38:56.0552 2388        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

02:38:56.0598 2388        NetBT - ok

02:38:56.0786 2388        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

02:38:56.0864 2388        NETw5s64 - ok

02:38:57.0144 2388        NETwNs64        (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys

02:38:57.0238 2388        NETwNs64 - ok

02:38:57.0269 2388        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

02:38:57.0269 2388        nfrd960 - ok

02:38:57.0300 2388        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:38:57.0332 2388        Npfs - ok

02:38:57.0363 2388        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:38:57.0394 2388        nsiproxy - ok

02:38:57.0456 2388        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

02:38:57.0503 2388        Ntfs - ok

02:38:57.0519 2388        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:38:57.0550 2388        Null - ok

02:38:57.0581 2388        NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys

02:38:57.0597 2388        NVHDA - ok

02:38:57.0909 2388        nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys

02:38:58.0127 2388        nvlddmkm - ok

02:38:58.0190 2388        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

02:38:58.0205 2388        nvraid - ok

02:38:58.0252 2388        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

02:38:58.0268 2388        nvstor - ok

02:38:58.0299 2388        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

02:38:58.0299 2388        nv_agp - ok

02:38:58.0330 2388        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

02:38:58.0346 2388        ohci1394 - ok

02:38:58.0377 2388        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

02:38:58.0392 2388        Parport - ok

02:38:58.0424 2388        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

02:38:58.0439 2388        partmgr - ok

02:38:58.0455 2388        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

02:38:58.0470 2388        pci - ok

02:38:58.0502 2388        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

02:38:58.0502 2388        pciide - ok

02:38:58.0533 2388        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

02:38:58.0548 2388        pcmcia - ok

02:38:58.0564 2388        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:38:58.0580 2388        pcw - ok

02:38:58.0611 2388        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:38:58.0658 2388        PEAUTH - ok

02:38:58.0720 2388        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

02:38:58.0767 2388        PptpMiniport - ok

02:38:58.0782 2388        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

02:38:58.0798 2388        Processor - ok

02:38:58.0829 2388        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

02:38:58.0876 2388        Psched - ok

02:38:58.0938 2388        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

02:38:58.0970 2388        ql2300 - ok

02:38:58.0985 2388        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

02:38:59.0001 2388        ql40xx - ok

02:38:59.0032 2388        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:38:59.0048 2388        QWAVEdrv - ok

02:38:59.0063 2388        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:38:59.0094 2388        RasAcd - ok

02:38:59.0141 2388        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:38:59.0172 2388        RasAgileVpn - ok

02:38:59.0219 2388        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:38:59.0250 2388        Rasl2tp - ok

02:38:59.0282 2388        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:38:59.0313 2388        RasPppoe - ok

02:38:59.0328 2388        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:38:59.0375 2388        RasSstp - ok

02:38:59.0422 2388        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

02:38:59.0453 2388        rdbss - ok

02:38:59.0469 2388        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

02:38:59.0484 2388        rdpbus - ok

02:38:59.0500 2388        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:38:59.0547 2388        RDPCDD - ok

02:38:59.0578 2388        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

02:38:59.0594 2388        RDPDR - ok

02:38:59.0609 2388        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:38:59.0656 2388        RDPENCDD - ok

02:38:59.0672 2388        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:38:59.0703 2388        RDPREFMP - ok

02:38:59.0734 2388        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

02:38:59.0750 2388        RdpVideoMiniport - ok

02:38:59.0781 2388        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

02:38:59.0812 2388        RDPWD - ok

02:38:59.0859 2388        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

02:38:59.0874 2388        rdyboost - ok

02:38:59.0906 2388        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:38:59.0952 2388        rspndr - ok

02:38:59.0968 2388        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

02:38:59.0999 2388        s3cap - ok

02:39:00.0030 2388        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

02:39:00.0046 2388        sbp2port - ok

02:39:00.0077 2388        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

02:39:00.0108 2388        scfilter - ok

02:39:00.0124 2388        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:39:00.0171 2388        secdrv - ok

02:39:00.0202 2388        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

02:39:00.0218 2388        Serenum - ok

02:39:00.0233 2388        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

02:39:00.0233 2388        Serial - ok

02:39:00.0264 2388        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

02:39:00.0264 2388        sermouse - ok

02:39:00.0311 2388        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

02:39:00.0327 2388        sffdisk - ok

02:39:00.0358 2388        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

02:39:00.0374 2388        sffp_mmc - ok

02:39:00.0374 2388        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

02:39:00.0389 2388        sffp_sd - ok

02:39:00.0420 2388        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

02:39:00.0436 2388        sfloppy - ok

02:39:00.0452 2388        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:39:00.0467 2388        SiSRaid2 - ok

02:39:00.0483 2388        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

02:39:00.0498 2388        SiSRaid4 - ok

02:39:00.0530 2388        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:39:00.0561 2388        Smb - ok

02:39:00.0592 2388        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:39:00.0592 2388        spldr - ok

02:39:00.0654 2388        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

02:39:00.0670 2388        srv - ok

02:39:00.0701 2388        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

02:39:00.0717 2388        srv2 - ok

02:39:00.0732 2388        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

02:39:00.0732 2388        srvnet - ok

02:39:00.0764 2388        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

02:39:00.0779 2388        stexstor - ok

02:39:00.0810 2388        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

02:39:00.0826 2388        storflt - ok

02:39:00.0842 2388        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

02:39:00.0857 2388        storvsc - ok

02:39:00.0873 2388        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

02:39:00.0888 2388        swenum - ok

02:39:00.0888 2388        Synth3dVsc - ok

02:39:00.0982 2388        Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

02:39:01.0029 2388        Tcpip - ok

02:39:01.0076 2388        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

02:39:01.0122 2388        TCPIP6 - ok

02:39:01.0154 2388        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

02:39:01.0200 2388        tcpipreg - ok

02:39:01.0216 2388        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:39:01.0263 2388        TDPIPE - ok

02:39:01.0278 2388        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

02:39:01.0310 2388        TDTCP - ok

02:39:01.0341 2388        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

02:39:01.0388 2388        tdx - ok

02:39:01.0403 2388        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

02:39:01.0419 2388        TermDD - ok

02:39:01.0466 2388        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:39:01.0497 2388        tssecsrv - ok

02:39:01.0544 2388        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

02:39:01.0559 2388        TsUsbFlt - ok

02:39:01.0575 2388        tsusbhub - ok

02:39:01.0606 2388        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

02:39:01.0637 2388        tunnel - ok

02:39:01.0668 2388        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

02:39:01.0684 2388        uagp35 - ok

02:39:01.0731 2388        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

02:39:01.0762 2388        udfs - ok

02:39:01.0793 2388        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

02:39:01.0809 2388        uliagpkx - ok

02:39:01.0840 2388        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

02:39:01.0856 2388        umbus - ok

02:39:01.0887 2388        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

02:39:01.0902 2388        UmPass - ok

02:39:01.0934 2388        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

02:39:01.0965 2388        usbccgp - ok

02:39:01.0980 2388        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

02:39:01.0996 2388        usbcir - ok

02:39:02.0027 2388        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

02:39:02.0043 2388        usbehci - ok

02:39:02.0074 2388        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

02:39:02.0090 2388        usbhub - ok

02:39:02.0105 2388        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

02:39:02.0121 2388        usbohci - ok

02:39:02.0136 2388        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

02:39:02.0152 2388        usbprint - ok

02:39:02.0183 2388        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

02:39:02.0199 2388        usbscan - ok

02:39:02.0230 2388        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:39:02.0246 2388        USBSTOR - ok

02:39:02.0277 2388        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

02:39:02.0292 2388        usbuhci - ok

02:39:02.0308 2388        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

02:39:02.0324 2388        usbvideo - ok

02:39:02.0355 2388        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

02:39:02.0355 2388        vdrvroot - ok

02:39:02.0386 2388        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:39:02.0402 2388        vga - ok

02:39:02.0417 2388        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:39:02.0448 2388        VgaSave - ok

02:39:02.0464 2388        VGPU - ok

02:39:02.0480 2388        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys

02:39:02.0495 2388        vhdmp - ok

02:39:02.0526 2388        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

02:39:02.0526 2388        viaide - ok

02:39:02.0558 2388        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

02:39:02.0573 2388        vmbus - ok

02:39:02.0589 2388        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

02:39:02.0604 2388        VMBusHID - ok

02:39:02.0636 2388        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

02:39:02.0636 2388        volmgr - ok

02:39:02.0682 2388        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

02:39:02.0698 2388        volmgrx - ok

02:39:02.0714 2388        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

02:39:02.0729 2388        volsnap - ok

02:39:02.0745 2388        vsdatant - ok

02:39:02.0792 2388        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

02:39:02.0807 2388        vsmraid - ok

02:39:02.0838 2388        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:39:02.0870 2388        vwifibus - ok

02:39:02.0885 2388        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:39:02.0901 2388        vwififlt - ok

02:39:02.0916 2388        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

02:39:02.0932 2388        WacomPen - ok

02:39:02.0963 2388        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:39:02.0994 2388        WANARP - ok

02:39:02.0994 2388        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:39:03.0026 2388        Wanarpv6 - ok

02:39:03.0057 2388        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

02:39:03.0072 2388        Wd - ok

02:39:03.0104 2388        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:39:03.0119 2388        Wdf01000 - ok

02:39:03.0166 2388        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:39:03.0197 2388        WfpLwf - ok

02:39:03.0213 2388        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:39:03.0213 2388        WIMMount - ok

02:39:03.0260 2388        WinDriver6      (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys

02:39:03.0291 2388        WinDriver6 - ok

02:39:03.0338 2388        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

02:39:03.0353 2388        WmiAcpi - ok

02:39:03.0384 2388        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:39:03.0416 2388        ws2ifsl - ok

02:39:03.0462 2388        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

02:39:03.0494 2388        WudfPf - ok

02:39:03.0525 2388        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:39:03.0556 2388        WUDFRd - ok

02:39:03.0587 2388        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

02:39:03.0696 2388        \Device\Harddisk0\DR0 - ok

02:39:03.0712 2388        Boot (0x1200)   (21024f24d09098c2c2e4868a73eceb40) \Device\Harddisk0\DR0\Partition0

02:39:03.0712 2388        \Device\Harddisk0\DR0\Partition0 - ok

02:39:03.0743 2388        Boot (0x1200)   (d6d82d57183cacda9755d2270b03dc03) \Device\Harddisk0\DR0\Partition1

02:39:03.0743 2388        \Device\Harddisk0\DR0\Partition1 - ok

02:39:03.0759 2388        Boot (0x1200)   (18ccaae9dded57674ca72cbc6617c2ef) \Device\Harddisk0\DR0\Partition2

02:39:03.0759 2388        \Device\Harddisk0\DR0\Partition2 - ok

02:39:03.0759 2388        ============================================================

02:39:03.0759 2388        Scan finished

02:39:03.0759 2388        ============================================================

02:39:03.0774 3668        Detected object count: 0

02:39:03.0774 3668        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Ich mödchte hinzufügen, dass vpn (von Cisco Systems) zwar gelöscht wurde, es aber wahrscheinlich kein Virus ist, sondern eine Einwahlsoftware für die Uni.

Code:

ComboFix 11-11-01.02 - Skulls 01.11.2011  14:20:13.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.2043.955 [GMT 1:00]

ausgeführt von:: c:\users\Skulls\Desktop\cofi.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\users\Skulls\setx.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-01 bis 2011-11-01  ))))))))))))))))))))))))))))))

.

.

2011-11-01 13:14 . 2011-10-07 04:16        8570192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{647215B2-CA9A-41D3-A6B9-41E7B11EE3DA}\mpengine.dll

2011-10-31 21:16 . 2011-10-31 21:16        --------        d-----w-        C:\_OTL

2011-10-29 09:46 . 2011-10-29 09:46        --------        d-----w-        c:\windows\system32\Macromed

2011-10-22 23:14 . 2011-10-22 23:14        --------        d-----w-        c:\users\Skulls\AppData\Roaming\Malwarebytes

2011-10-22 23:14 . 2011-10-22 23:14        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-22 23:14 . 2011-08-31 15:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-22 23:14 . 2011-10-22 23:14        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-20 23:04 . 2011-10-20 23:04        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-10-20 17:25 . 2011-10-20 17:25        --------        d-----w-        c:\users\Skulls\AppData\Roaming\Avira

2011-10-20 17:24 . 2011-10-11 13:00        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-20 17:24 . 2011-10-11 13:00        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-20 17:24 . 2011-10-11 13:00        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-20 17:24 . 2011-10-20 17:24        --------        d-----w-        c:\programdata\Avira

2011-10-20 17:24 . 2011-10-20 17:24        --------        d-----w-        c:\program files (x86)\Avira

2011-10-16 22:00 . 2011-10-16 22:00        --------        d-----w-        c:\program files (x86)\Combined Community Codec Pack

2011-10-13 00:44 . 2011-10-13 00:44        --------        d-----w-        c:\users\Skulls\AppData\Roaming\DivX

2011-10-12 19:26 . 2011-08-17 05:26        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-12 19:26 . 2011-08-17 05:25        108032        ----a-w-        c:\windows\system32\psisrndr.ax

2011-10-12 19:26 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-10-12 19:26 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax

2011-10-12 19:26 . 2011-08-27 05:37        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-12 19:26 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

2011-10-12 19:26 . 2011-08-27 05:37        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-12 19:26 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-10-12 19:24 . 2011-10-12 19:24        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-10-12 19:23 . 2011-10-12 19:24        --------        d-----w-        c:\program files (x86)\QuickTime

2011-10-12 19:23 . 2011-10-12 19:23        --------        d-----w-        c:\programdata\Apple Computer

2011-10-12 19:22 . 2011-10-12 19:22        --------        d-----w-        c:\program files (x86)\Common Files\Apple

2011-10-12 19:22 . 2011-10-12 19:22        --------        d-----w-        c:\users\Skulls\AppData\Local\Apple

2011-10-12 19:22 . 2011-10-12 19:22        --------        d-----w-        c:\program files (x86)\Apple Software Update

2011-10-12 19:22 . 2011-10-12 19:22        --------        d-----w-        c:\programdata\Apple

2011-10-12 17:51 . 2011-10-12 17:51        --------        d-----w-        c:\program files\DivX

2011-10-12 17:50 . 2011-10-12 17:51        --------        d-----w-        c:\program files (x86)\Common Files\DivX Shared

2011-10-12 17:49 . 2011-10-12 17:51        --------        d-----w-        c:\program files (x86)\DivX

2011-10-12 17:48 . 2011-10-12 17:51        --------        d-----w-        c:\programdata\DivX

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-29 09:46 . 2011-05-15 12:49        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-05-04 19:11        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2010-03-23 11:29 . 2010-03-23 11:29        67760        ----a-w-        c:\program files\VAInst64.exe

2010-03-23 11:26 . 2010-03-23 11:26        201512        ----a-w-        c:\program files\vpnapi.dll

2010-03-23 11:23 . 2010-03-23 11:23        176944        ----a-w-        c:\program files\ipseclog.exe

2010-03-23 11:22 . 2010-03-23 11:22        1549088        ----a-w-        c:\program files\vpngui.exe

2010-03-23 11:21 . 2010-03-23 11:21        271144        ----a-w-        c:\program files\vpnclient.exe

2010-03-23 11:21 . 2010-03-23 11:21        230184        ----a-w-        c:\program files\ppptool.exe

2010-03-23 11:20 . 2010-03-23 11:20        217896        ----a-w-        c:\program files\SetMTU.exe

2010-03-23 11:19 . 2010-03-23 11:19        1528616        ----a-w-        c:\program files\cvpnd.exe

2010-03-23 11:18 . 2010-03-23 11:18        181048        ----a-w-        c:\program files\ipsecdialer.exe

2010-03-23 11:10 . 2010-03-23 11:10        1028219        ----a-w-        c:\program files\cisco_cert_mgr.exe

2005-09-21 01:57 . 2005-09-21 01:57        4325376        ----a-w-        c:\program files\qt-mt335.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Cisco Systems VPN Client.lnk - c:\program files (x86)\Cisco Systems\VPN Client\vpngui.exe [2011-5-26 1537064]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 E504C;Eumex 504PC USB; [x]

R2 SZASSIST;SecretZone Assist Service;c:\program files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]

R3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 mvd22;mvd22;c:\program files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]

R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 MSR Service;Virtual Disk Service Manager;c:\program files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: tu-darmstadt.de\clix

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Skulls\AppData\Roaming\Mozilla\Firefox\Profiles\eq5eo9ld.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Card Manager - c:\windows\system32\javaws.exe

AddRemove-TWS Demo - c:\windows\system32\javaws.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files\cvpnd.exe

c:\windows\SysWOW64\srvany.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-11-01  14:32:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-11-01 13:32

.

Vor Suchlauf: 870.690.816 Bytes frei

Nach Suchlauf: 2.856.144.896 Bytes frei

.

- - End Of File - - 4E3EF84719C55F1CBA6AA9DE6C599BEC

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-11-01 15:57:02

-----------------------------

15:57:02.735    OS Version: Windows x64 6.1.7601 Service Pack 1

15:57:02.735    Number of processors: 2 586 0x170A

15:57:02.735    ComputerName: *  UserName: Skulls

15:57:03.437    Initialize success

15:59:27.447    AVAST engine defs: 11110102

16:01:25.098    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:01:25.105    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11

16:01:27.125    Disk 0 MBR read successfully

16:01:27.129    Disk 0 MBR scan

16:01:27.184    Disk 0 Windows 7 default MBR code

16:01:27.190    Service scanning

16:01:29.404    Modules scanning

16:01:29.411    Disk 0 trace - called modules:

16:01:29.471    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

16:01:29.478    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027fb060]

16:01:29.484    3 CLASSPNP.SYS[fffff8800196643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800227e550]

16:01:30.920    AVAST engine scan C:\Windows

16:01:32.949    AVAST engine scan C:\Windows\system32

16:03:17.026    AVAST engine scan C:\Windows\system32\drivers

16:03:26.645    AVAST engine scan C:\Users\Skulls

16:04:35.146    AVAST engine scan C:\ProgramData

16:05:20.745    Scan finished successfully

16:06:19.183    Disk 0 MBR has been saved successfully to "C:\Users\Skulls\Desktop\MBR.dat"

16:06:19.183    The log file has been saved successfully to "C:\Users\Skulls\Desktop\aswMBR.txt"

Hab das Programm vorsichtshalber offengelassen, falls ich doch noch was fixen soll.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes hat nichts ergeben. Externe Festplatte ein Fund und ansonsten nur IE-Müll, oder?

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=88dc6e29ca8e384f84f41ef245f98433

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-02 05:21:24

# local_time=2011-11-02 06:21:24 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1792 16777215 100 0 1110579 1110579 0 0

# compatibility_mode=5893 16776573 100 94 90088 71871897 0 0

# compatibility_mode=8192 67108863 100 0 3983 3983 0 0

# scanned=262176

# found=1

# cleaned=0

# scan_time=12436        I

F:\Viren & Widerherstellung\Setup_ClearProg_1.5.1_Beta6.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 11/02/2011 at 11:41 AM
 

Application Version : 5.0.1134
 

Core Rules Database Version : 7885

Trace Rules Database Version: 5697
 

Scan type       : Complete Scan

Total Scan Time : 01:39:27
 

Operating System Information

Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Administrator
 

Memory items scanned      : 620

Memory threats detected   : 0

Registry items scanned    : 76286

Registry threats detected : 0

File items scanned        : 186159

File threats detected     : 281
 

Adware.Tracking Cookie

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@adtech[1].txt [ /adtech ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@bs.serving-sys[1].txt [ /bs.serving-sys ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@invitemedia[1].txt [ /invitemedia ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@serving-sys[1].txt [ /serving-sys ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@www.windowsmedia[2].txt [ /www.windowsmedia ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\7UINO3VJ.txt [ /eyewonder.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\VS73D42Y.txt [ /ads.basecom.eu ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\1TSVSCFO.txt [ /tradedoubler.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\502CYA6F.txt [ /im.banner.t-online.de ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\B5A77NLE.txt [ /apmebf.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\8B9D43CX.txt [ /atdmt.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\DTTLBSB1.txt [ /doubleclick.net ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\UX0608AK.txt [ /c.atdmt.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\I9LW5KR8.txt [ /questionmarket.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\ZW1B9CE3.txt [ /webmasterplan.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\J2H7UT1N.txt [ /msnportal.112.2o7.net ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\S2GLD38T.txt [ /traffictrack.de ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\25TFMRKY.txt [ /www.active-tracking.de ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\XA9J9MLY.txt [ /mediaplex.com ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\YQ7GTEMO.txt [ /googleads.g.doubleclick.net ]

        C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\JUJZQL2M.txt [ /imrworldwide.com ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@zanox-affiliate[1].txt [ Cookie:skulls@zanox-affiliate.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@invitemedia[2].txt [ Cookie:skulls@invitemedia.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZEKAK1X.txt [ Cookie:skulls@vipnetadserver.neuralab.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adx.chip[1].txt [ Cookie:skulls@adx.chip.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\G2APSEIY.txt [ Cookie:skulls@ad.yieldmanager.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@tradedoubler[2].txt [ Cookie:skulls@tradedoubler.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@zanox[1].txt [ Cookie:skulls@zanox.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@apmebf[1].txt [ Cookie:skulls@apmebf.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1CJPWQL3.txt [ Cookie:skulls@doubleclick.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@unitymedia[2].txt [ Cookie:skulls@unitymedia.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@questionmarket[1].txt [ Cookie:skulls@questionmarket.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@www.googleadservices[1].txt [ Cookie:skulls@www.googleadservices.com/pagead/conversion/1032227881/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@msnportal.112.2o7[2].txt [ Cookie:skulls@msnportal.112.2o7.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N7THW31.txt [ Cookie:skulls@www.google.hr/accounts ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@2o7[2].txt [ Cookie:skulls@2o7.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adfarm1.adition[2].txt [ Cookie:skulls@adfarm1.adition.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTBSXKG7.txt [ Cookie:skulls@google.com/accounts/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XBRTV34J.txt [ Cookie:skulls@www.google.de/accounts ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@ad2.adfarm1.adition[1].txt [ Cookie:skulls@ad2.adfarm1.adition.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adtech[1].txt [ Cookie:skulls@adtech.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@clkads[2].txt [ Cookie:skulls@clkads.com/adServe/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@traffictrack[2].txt [ Cookie:skulls@traffictrack.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@www.active-tracking[1].txt [ Cookie:skulls@www.active-tracking.de/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@mediaplex[2].txt [ Cookie:skulls@mediaplex.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBMD5DZH.txt [ Cookie:skulls@clkads.com/adServe/banners ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@microsoftwllivemkt.112.2o7[1].txt [ Cookie:skulls@microsoftwllivemkt.112.2o7.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@freepornsubmits[1].txt [ Cookie:skulls@freepornsubmits.com/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4LGLNEK.txt [ Cookie:skulls@googleads.g.doubleclick.net/ ]

        C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@imrworldwide[2].txt [ Cookie:skulls@imrworldwide.com/cgi-bin ]

        C:\USERS\SKULLS\Cookies\skulls@invitemedia[1].txt [ Cookie:skulls@invitemedia.com/ ]

        C:\USERS\SKULLS\Cookies\1TSVSCFO.txt [ Cookie:skulls@tradedoubler.com/ ]

        C:\USERS\SKULLS\Cookies\502CYA6F.txt [ Cookie:skulls@im.banner.t-online.de/ ]

        C:\USERS\SKULLS\Cookies\B5A77NLE.txt [ Cookie:skulls@apmebf.com/ ]

        C:\USERS\SKULLS\Cookies\DTTLBSB1.txt [ Cookie:skulls@doubleclick.net/ ]

        C:\USERS\SKULLS\Cookies\UX0608AK.txt [ Cookie:skulls@c.atdmt.com/ ]

        C:\USERS\SKULLS\Cookies\I9LW5KR8.txt [ Cookie:skulls@questionmarket.com/ ]

        C:\USERS\SKULLS\Cookies\J2H7UT1N.txt [ Cookie:skulls@msnportal.112.2o7.net/ ]

        C:\USERS\SKULLS\Cookies\skulls@www.windowsmedia[2].txt [ Cookie:skulls@www.windowsmedia.com/ ]

        C:\USERS\SKULLS\Cookies\skulls@adtech[1].txt [ Cookie:skulls@adtech.de/ ]

        C:\USERS\SKULLS\Cookies\S2GLD38T.txt [ Cookie:skulls@traffictrack.de/ ]

        C:\USERS\SKULLS\Cookies\25TFMRKY.txt [ Cookie:skulls@www.active-tracking.de/ ]

        C:\USERS\SKULLS\Cookies\XA9J9MLY.txt [ Cookie:skulls@mediaplex.com/ ]

        C:\USERS\SKULLS\Cookies\YQ7GTEMO.txt [ Cookie:skulls@googleads.g.doubleclick.net/ ]

        C:\USERS\SKULLS\Cookies\JUJZQL2M.txt [ Cookie:skulls@imrworldwide.com/cgi-bin ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@SERVING-SYS[2].TXT [ /SERVING-SYS ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@ATDMT[2].TXT [ /ATDMT ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@XITI[1].TXT [ /XITI ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]

        C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]

        .atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .lucidmedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .realmedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adbrite.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .pro-market.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .pro-market.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        www.finderlocator.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        www.finderlocator.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        www.goaltraffic.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultadworld.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .eyewonder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        studivz.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tvtv.122.2o7.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .exoclick.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .deutsch-porno.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .deutsch-porno.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        www.trafficrank.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        tracking.mlsat02.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .kontera.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .ru4.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .questionmarket.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]