Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   alles began mit Win 7 security 2012 (https://www.trojaner-board.de/107430-alles-began-win-7-security-2012-a.html)

Martin_Oskar 02.01.2012 17:17
alles began mit Win 7 security 2012
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo liebe Forengemeinde,

alles fing zu Weihnachten mit "Win 7 Security 2012" Befall an. Konnte mir mit dem Opera Browser Hilfe holen und unseren PC wieder zum Laufen bringen. Seit her bin ich skeptisch was die Sauberkeit des Systems anbelangt und habe daher heute von Avira auf Avast gewechselt. Das Scanergebnis ist im Anhang zu sehen.
Danach hab ich dann noch mit E-Scan einen Check gemacht. Auch poitiv angeschlagen.

Naja, und jetzt steh ich ehrlich gesagt an und möchte um eure Hilfe bitten.
Hab mit Defogger gestartet und dann OTL. Die Scan - Ergebnisse sind angehängt.

Gmer darf ich ja nicht einsetzen, da ein 64 Bitsystem bei mir läuft. (Win 7)

Ich bedanke mich schon vorab für eure Hilfe.

Viele Grüße,
Martin.

cosinus 03.01.2012 21:26
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Martin_Oskar 03.01.2012 23:00
Guten Abend Cosinus,

okay mach ich, sobald ich Zeit hab.
Zum Scan mit Malwarebytes: im abgesicherten Modus oder Win normal gestartet?
Und dann für den ESET die gleiche Frage?

Viele Grüße,
Martin.

cosinus 04.01.2012 17:52
Nach Möglichkeit immer den normalen Modus verwenden

Martin_Oskar 04.01.2012 22:49
Guten Abend Cosinus,

hat ein wenig gedauert, tagsüber waren wir nicht da.

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122204

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.12.2011 21:13:49
mbam-log-2011-12-22 (21-13-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177138
Laufzeit: 3 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Visicom Media (Adware.KeenValue) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cassiopeia :: CASSIOPEIA-PC [Administrator]

04.01.2012 17:27:11
mbam-log-2012-01-04 (18-14-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349769
Laufzeit: 47 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Visicom Media (Adware.KeenValue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fd2a7e85adbef649961d6465ee96c84a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 08:12:24
# local_time=2012-01-04 09:12:24 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2049 16777214 0 5 978483 978483 0 0
# compatibility_mode=5893 16776574 100 94 1038798 77327414 0 0
# compatibility_mode=8192 67108863 100 0 1038977 1038977 0 0
# scanned=181644
# found=3
# cleaned=0
# scan_time=10380
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-04-03 170207\Backup files 11.zip        a variant of Win32/SlowPCfighter application (unable to clean)        00000000000000000000000000000000        I
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-04-03 170207\Backup files 9.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-05-22 160000\Backup files 1.zip        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I
Viele Grüße,
Martin.

cosinus 05.01.2012 10:06
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Martin_Oskar 05.01.2012 10:38
Bitte sehr Cosinus,

das kam dabei raus.

Code:
OTL logfile created on: 05.01.2012 10:25:32 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Cassiopeia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,03% Memory free
7,99 Gb Paging File | 6,64 Gb Available in Paging File | 83,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 344,99 Gb Free Space | 74,09% Space Free | Partition Type: NTFS
Drive F: | 457,95 Gb Total Space | 101,57 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
 
Computer Name: CASSIOPEIA-PC | User Name: Cassiopeia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.24 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.11.04 16:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.10.03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.24 19:29:04 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:64bit: - [2010.08.24 19:29:04 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:64bit: - [2010.08.24 19:29:04 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.08.11 17:37:38 | 000,150,120 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMLiteUSB.sys -- (VMLiteUSB)
DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.04 17:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.04.16 19:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.02 13:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.18 21:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.15 22:06:41 | 000,000,000 | ---D | M]
 
[2010.09.16 20:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Extensions
[2010.08.25 19:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.22 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions
[2011.11.02 12:48:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cassiopeia\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.22 21:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.10 16:47:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.10 19:41:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 17:13:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.14 21:41:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.18 21:48:40 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.18 21:48:40 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.18 21:48:40 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.18 21:48:40 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.18 21:48:40 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.02 15:23:58 | 000,000,736 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9E4593-4E2F-405E-8380-37F8AAFDCC2B}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro35 - Reg Error: Value error.
SafeBootNet:64bit: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SMR250 - Service
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SMR250 - Service
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX:64bit: AutorunsDisabled -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: AutorunsDisabled -
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 10:19:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
[2012.01.04 23:11:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012.01.02 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2012.01.02 10:38:50 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.02 10:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.01.02 10:38:49 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.02 10:38:43 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.02 10:38:42 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.02 10:38:42 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.02 10:38:40 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.02 10:38:40 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.02 10:38:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.02 10:38:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.01 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011.12.31 16:19:19 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.12.31 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.12.29 20:11:49 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.12.29 10:26:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.12.28 19:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ftp-uploader
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.12.28 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\amaya
[2011.12.28 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\Documents\TagsRevisited
[2011.12.27 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\XMedia Recode
[2011.12.26 11:12:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:08:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.26 11:02:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.26 11:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 11:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.12.26 10:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.26 10:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.25 19:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Simple Adblock
[2011.12.24 19:02:41 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Local\NPE
[2011.12.24 19:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.12.24 15:02:11 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.24 12:57:15 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.24 12:56:04 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.24 12:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.23 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.12.23 20:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2011.12.23 20:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2011.12.23 20:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011.12.23 20:51:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2011.12.23 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
[2011.12.23 18:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.22 22:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2011.12.22 22:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.22 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.22 22:29:36 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.22 22:24:43 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2011.12.22 22:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.12.22 22:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.22 22:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.22 22:23:42 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2011.12.22 22:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.12.22 22:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.22 21:08:10 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Malwarebytes
[2011.12.22 21:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.22 21:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.22 21:06:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.22 21:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.18 12:13:48 | 000,581,632 | ---- | C] (Joshua F. Madison) -- C:\Program Files (x86)\convert.exe
[2010.09.01 07:32:02 | 000,573,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesPhotoProcessor.exe
[2010.09.01 07:32:02 | 000,294,688 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2010.09.01 07:32:00 | 000,421,160 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2010.09.01 07:31:58 | 000,387,368 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2010.09.01 07:31:58 | 000,173,344 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2010.09.01 07:31:54 | 009,777,448 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2010.09.01 07:31:52 | 018,658,592 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2010.09.01 07:31:50 | 000,726,304 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2010.09.01 07:31:50 | 000,259,360 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2010.09.01 07:31:50 | 000,197,920 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2010.09.01 07:31:50 | 000,111,912 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 10:02:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.05 09:53:16 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 09:53:16 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 09:50:26 | 001,621,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.05 09:50:26 | 000,700,130 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.05 09:50:26 | 000,654,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.05 09:50:26 | 000,148,926 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.05 09:50:26 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.05 09:45:57 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.05 09:45:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 09:45:38 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.04 23:23:45 | 001,597,362 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.04 20:55:31 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.03 19:04:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.03 18:50:07 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 22:19:42 | 000,377,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.02 16:34:35 | 000,000,000 | ---- | M] () -- C:\Users\Cassiopeia\defogger_reenable
[2012.01.02 16:17:21 | 000,211,454 | ---- | M] () -- C:\Users\Cassiopeia\Documents\pinfect.zip
[2012.01.02 15:23:58 | 000,000,736 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.01.02 15:22:28 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.30 10:35:04 | 000,001,470 | ---- | M] () -- C:\Users\Cassiopeia\gsview64.ini
[2011.12.29 22:31:42 | 000,439,132 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.15868362
[2011.12.29 20:11:49 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 17:13:52 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2011.12.29 16:50:18 | 453,508,805 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.27 11:21:24 | 000,000,244 | ---- | M] () -- C:\Users\Cassiopeia\.swfinfo
[2011.12.26 11:06:58 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011.12.24 15:02:11 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2011.12.24 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cassiopeia\Desktop\OTL.exe
[2011.12.24 12:58:03 | 018,745,487 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2011.12.24 12:56:03 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.24 10:30:44 | 000,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2011.12.24 10:30:18 | 000,000,363 | ---- | M] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2011.12.24 09:46:59 | 000,000,850 | ---- | M] () -- C:\Windows\SysNative\ProductTweaks.xml
[2011.12.24 09:46:59 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2011.12.22 22:29:36 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011.12.22 22:25:34 | 001,966,834 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.12.22 22:20:39 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.22 20:29:41 | 000,010,518 | -HS- | M] () -- C:\Users\Cassiopeia\AppData\Local\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.22 20:29:41 | 000,010,518 | -HS- | M] () -- C:\ProgramData\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.03 18:17:52 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 16:34:35 | 000,000,000 | ---- | C] () -- C:\Users\Cassiopeia\defogger_reenable
[2012.01.02 10:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.12.29 16:50:18 | 453,508,805 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.27 11:21:24 | 000,000,244 | ---- | C] () -- C:\Users\Cassiopeia\.swfinfo
[2011.12.26 11:02:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.26 11:02:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.26 11:02:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.26 11:02:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.26 11:02:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.24 15:00:57 | 000,211,454 | ---- | C] () -- C:\Users\Cassiopeia\Documents\pinfect.zip
[2011.12.24 12:57:16 | 018,745,487 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2011.12.24 12:56:27 | 000,000,056 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.24 10:29:42 | 000,000,363 | ---- | C] () -- C:\Windows\SysNative\BDUpdateV1.xml
[2011.12.24 09:59:36 | 000,081,984 | ---- | C] () -- C:\Windows\SysNative\bdod.bin
[2011.12.24 09:46:59 | 000,000,850 | ---- | C] () -- C:\Windows\SysNative\ProductTweaks.xml
[2011.12.24 09:46:59 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2011.12.22 22:24:47 | 001,966,834 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.12.22 22:20:39 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\Users\Cassiopeia\AppData\Local\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\ProgramData\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.10.29 09:13:55 | 000,000,000 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Local\{17C31DA2-6021-4613-97E5-6A47257A8935}
[2011.05.21 19:12:27 | 000,000,549 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.24 20:12:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011.01.15 13:47:55 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010.12.18 12:14:26 | 000,001,158 | ---- | C] () -- C:\Program Files (x86)\convert - Verknüpfung.lnk
[2010.10.04 19:54:49 | 000,000,038 | ---- | C] () -- C:\Windows\pbMv.INI
[2010.09.25 19:16:47 | 000,000,052 | ---- | C] () -- C:\Windows\Pex.INI
[2010.09.25 19:08:49 | 000,000,322 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010.09.24 21:00:39 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.24 19:15:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.09.22 18:43:49 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.09.22 18:43:49 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.09.16 20:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.03 18:08:15 | 000,000,000 | ---- | C] () -- C:\Windows\acehtml6.ini
[2010.08.28 21:36:08 | 000,005,120 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 19:05:56 | 001,597,362 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.25 23:42:34 | 000,000,760 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Roaming\setup_ldm.iss
[2010.08.25 18:08:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.25 18:08:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DDCF76E620.sys
[2010.08.25 17:34:32 | 000,014,848 | ---- | C] () -- C:\Users\Cassiopeia\AppData\Roaming\Settings.cfg
[2010.08.24 21:25:15 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.24 19:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.23 02:13:22 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.02 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Autodesk
[2011.12.23 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.01.15 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Broad Intelligence
[2010.09.24 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Canneverbe Limited
[2010.09.23 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware
[2011.11.12 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\dvdisaster
[2011.10.23 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoft
[2011.10.23 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Dynamic
[2011.11.12 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EAC
[2010.08.25 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EmailNotifier
[2011.01.18 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\flightgear.org
[2010.10.23 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\FreeFLVConverter
[2010.09.24 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\GlarySoft
[2011.05.03 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\gom
[2011.08.26 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hex-Rays
[2010.09.26 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hornil
[2011.11.02 12:48:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\IrfanView
[2011.08.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Jens Lorek
[2011.11.03 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Leadertech
[2011.03.24 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MakeMusic
[2010.12.19 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mirkes.de
[2010.08.24 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mquadr.at
[2011.03.24 22:07:04 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MusE
[2010.08.25 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\OpenOffice.org
[2010.09.16 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Opera
[2010.09.18 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoFiltre
[2011.12.31 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoLine
[2012.01.01 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2011.05.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ScanSoft
[2010.08.31 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SiteClasses
[2010.08.31 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Sites
[2010.08.27 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SoftGrid Client
[2011.01.15 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TeamViewer
[2011.12.22 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2010.10.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TubeBox
[2011.03.03 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\uk.co.planetside
[2010.08.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Visicom Media
[2011.10.23 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Xilisoft
[2011.01.15 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\XMedia Recode
[2011.11.30 17:14:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.12 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\AccurateRip
[2011.05.08 10:20:46 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Adobe
[2010.09.05 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Apple Computer
[2010.08.24 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ATI
[2012.01.02 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Autodesk
[2011.05.09 21:04:48 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\AVS4YOU
[2011.12.23 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\BitDefender
[2011.01.15 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Broad Intelligence
[2010.09.24 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Canneverbe Limited
[2010.09.23 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware
[2010.08.25 18:09:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Corel
[2011.11.12 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\dvdisaster
[2011.10.23 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoft
[2011.10.23 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Dynamic
[2011.11.12 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EAC
[2010.08.25 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\EmailNotifier
[2011.01.18 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\flightgear.org
[2010.10.23 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\FreeFLVConverter
[2010.09.24 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\GlarySoft
[2011.05.03 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\gom
[2010.12.15 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Google
[2011.08.26 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hex-Rays
[2010.09.26 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Hornil
[2010.08.24 19:17:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Identities
[2010.08.25 23:38:20 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\InstallShield
[2011.11.02 12:48:29 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\IrfanView
[2011.08.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Jens Lorek
[2011.11.03 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Leadertech
[2010.08.25 23:42:05 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Logitech
[2010.08.24 20:30:59 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Macromedia
[2011.03.24 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MakeMusic
[2011.12.22 21:08:10 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Media Center Programs
[2011.05.21 19:17:28 | 000,000,000 | --SD | M] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft
[2010.12.19 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mirkes.de
[2010.09.16 20:08:56 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Mozilla
[2010.08.24 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\mquadr.at
[2011.03.24 22:07:04 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\MusE
[2010.08.25 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\OpenOffice.org
[2010.09.16 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Opera
[2010.09.18 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoFiltre
[2011.12.31 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PhotoLine
[2012.01.01 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Process Hacker 2
[2010.12.22 18:34:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\PSpad
[2010.08.25 18:06:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Real
[2011.05.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\ScanSoft
[2010.08.31 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SiteClasses
[2010.08.31 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Sites
[2010.08.27 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\SoftGrid Client
[2011.01.15 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TeamViewer
[2011.12.22 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TestApp
[2010.10.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\TubeBox
[2011.03.03 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\uk.co.planetside
[2010.08.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Visicom Media
[2011.12.01 09:45:06 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\vlc
[2011.10.23 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\Xilisoft
[2011.01.15 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\Cassiopeia\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2009.11.06 06:04:40 | 010,377,728 | ---- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 11:35:18 | 007,945,216 | ---- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2011.12.28 19:19:23 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.12.28 19:19:23 | 000,000,766 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2011.01.31 18:12:23 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{62733593-6322-4C89-8B50-F714305A4DC6}\_6FEFF9B68218417F98F549.exe
[2010.10.02 17:28:45 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{75C14F0A-EAA4-43CD-AA81-32FDB1686329}\_6FEFF9B68218417F98F549.exe
[2010.11.21 15:59:31 | 000,034,494 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2010.08.28 16:53:20 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}\ARPPRODUCTICON.exe
[2011.11.03 18:21:55 | 000,010,134 | R--- | M] () -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Installer\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 893 bytes -> C:\Users\Cassiopeia\Documents\51D10EAC-00000EE3.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
Viele Grüße,
Martin.

Martin_Oskar 05.01.2012 10:40
Sorry doppelt

Martin_Oskar 05.01.2012 11:01
Hallo Cosinus,

mir erscheint das hier dubios.

Code:
[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

cosinus 05.01.2012 11:23
Zitat:
C:\TDSSKiller_Quarantine
C:\Qoobox
Du führst den TDSS-Killer und Combofix auf eigene Faust (ohne Anweisung) vorher schon aus und verlierst kein Wort drüber? Warum machst du das?
Gerade TDSS-Killer und CF sind keine Spielzeuge!

Zitat:
mir erscheint das hier dubios.
Das kommt von Combofix. Siehe oben. Sowas startet man nicht mal eben einfach so!

Martin_Oskar 05.01.2012 14:54
Hallo Cosinus,

Zitat:
Zitat von cosinus (Beitrag 748100)
Du führst den TDSS-Killer und Combofix auf eigene Faust (ohne Anweisung) vorher schon aus und verlierst kein Wort drüber?
Nichts für ungut, aber in den Logfiles im Eröffnungspost wär bereits alles schon zu lesen gewesen.

Zitat:
Warum machst du das?
Weil ich ein verunreinigtes System hatte und das Datum belegt, dass das vor dem ersten Post stattgefunden hat.
Aber ich denke meinem System wäre mehr geholfen, wenn wir beide sachlich bleiben und die eventuell noch offenen Probleme bereinigen, meinst du nicht auch?

Viele Grüße,
Martin.

cosinus 05.01.2012 15:44
Zitat:
nichts für ungut, aber in den Logfiles im Eröffnungspost wär bereits alles schon zu lesen gewesen.
Nö, nichts zu sehen. Weder von CF noch vom TDSS.
Zeig mir die Textstelle wo du diese beiden Tools deutlich erwähnst.
Mich ärgert es leider immer wieder, dass hier trotz zahlreicher Hinweise CF ausgeführt wird. Dann wird es nicht oder nur am Rande erwähnt und der Helfer muss sich mühsam in kleinen Puzzleteilen alle Infos erfragen und dabei immer wieder die gleichen Hinweise posten obwohl hier alles schon steht. :(

Zitat:
Aber ich denke meinem System wäre mehr geholfen,
Allen wäre mehr geholfen, wenn man ALLE INFOS klar und deutlich mal ansagen würde und vorher auch alle Hinweise vernünftig liest!
Du hast ein Problem und willst das verständlicherweise auch gelöst haben, aber etwas weniger Egozentrik wäre besser. Damit hilfst du letzenendes nicht du dir, sondern auch uns Helfern und allen anderen die die Strang lesen und ähnliche Probleme haben!

Martin_Oskar 05.01.2012 15:55
Hallo Cosinus,

das ist auszugsweise der Inhalt vom OTL.zip aus dem Eröffnungspost.

Code:
OTL logfile created on: 02.01.2012 16:41:06 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Cassiopeia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,06% Memory free
7,99 Gb Paging File | 6,36 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

................

C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.29 20:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.12.29 10:26:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011.12.28 19:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ftp-uploader
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase5
[2011.12.28 19:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phase 5 HTML-Editor
[2011.12.28 19:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webocton - Scriptly
[2011.12.28 19:08:25 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\AppData\Roaming\Webocton - Scriptly
[2011.12.28 19:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webocton - Scriptly
[2011.12.28 18:42:27 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\amaya
[2011.12.28 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\Documents\TagsRevisited
[2011.12.27 12:26:16 | 000,000,000 | ---D | C] -- C:\Users\Cassiopeia\XMedia Recode
[2011.12.26 11:12:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:08:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:02:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.26 11:02:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.26 11:02:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.26 11:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 11:02:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.26 10:55:11 | 004,348,814 | R--- | C] (Swearware) -- C:\Users\Cassiopeia\Desktop\ComboFix.exe
[2011.12.26 10:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group


..........


========== Alternate Data Streams ==========
 
@Alternate Data Stream - 893 bytes -> C:\Users\Cassiopeia\Documents\51D10EAC-00000EE3.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus 05.01.2012 16:04
Ach, da wär ich nicht drauf gekommen, dass die Infos im Log stehen :rofl:
Was meinst du woher ich das wusste, dass du schon diese Tools ausgeführt hast. Selbst erwähnt hast du es ja nicht, aber klar und deutlich steht es im Log :pfeiff:
Ne klar und deutlich erwähnen ist was anders, zudem ist im OTL-Log nur der Hinweis dass du diese Tools ausgeführt hast. Die Logs von diesen Tools hast du nicht gepostet

Martin_Oskar 05.01.2012 16:32
Okay Cosinus,

wir kennen uns halt nicht. Ich bin eher der Mensch, der weniger redet und die Fakten (Log files) auf den Tisch legt. Ihr habt genug zu tun.

Das sind die zwei aus Quoobox.
Code:
Update for Microsoft Office 2007 (KB2508958)
AceFTP 3 Pro
AceHTML Freeware
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.7 - Deutsch
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Ahead NeroMediaPlayer
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD DnD V1.0.19
aonFTP
aonUpdate
Apple Application Support
Apple Software Update
Autodesk Design Review 2012
Autodesk Design Review Browser Add-on v1.2
Avira Free Antivirus
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon iP4800 series Benutzerregistrierung
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Controller
Corel WinDVD 9
CSS Tab Designer v2.0
erLT
ESET Online Scanner v3
Flugschule Bregenzerwald ParaTrainer 4.10
Free FLV Converter V 6.93.0
Free YouTube Download version 3.0.16.923
Google Earth
Google SketchUp 8
Google Update Helper
Highspeed-Internet-Installation
HydraVision
IDA Pro Free v5.0
IrfanView (remove only)
Juice
LG USB Modem driver
Logitech SetPoint
Mahjong Champ
MailStore Home 4.1.0.4598
Malwarebytes' Anti-Malware Version 1.51.2.1300
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2007
Microsoft Office Access MUI (German) 2007
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MiniTool Partition Wizard Home Edition 5.2
mirkes.de Tiny Hexer
Mozilla Firefox (3.6.15)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 1.0 MuseScore score typesetter
OmniPage SE
OpenOffice.org 3.2
Opera 11.11
pdfsam
PhotoLine 32, Version 12.51
PSPad editor
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
RunAlyzer
Runtime 8.0 Libraries
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Simple Adblock
Spybot - Search & Destroy
Terragen
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
XMedia Recode 2.3.0.2
Code:
2011-12-26 10:12:03 . 2011-12-26 10:12:03              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-AceFTP 3 Pro.reg.dat
2011-12-26 10:11:45 . 2011-12-26 10:11:45              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987}.reg.dat
2011-12-26 10:11:39 . 2011-12-26 10:11:39              466 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Notify-LBTWlgn.reg.dat
2011-12-26 10:05:20 . 2011-12-26 10:05:20            3,917 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-26 10:02:26 . 2011-12-26 10:02:26              51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2011-12-26 09:39:44 . 2011-12-26 09:39:44          262,144 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\ntuser.dat.vir
2011-05-12 18:17:29 . 2011-03-23 12:24:21            5,529 ----a-w-  C:\Qoobox\Quarantine\C\Users\Cassiopeia\AppData\Roaming\Mozilla\Firefox\Profiles\z5rgx61s.default\searchplugins\SearchquWebSearch.xml.vir
2011-05-12 18:17:29 . 2011-03-23 12:24:21            5,529 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml.vir
2010-08-31 19:11:06 . 2010-12-06 18:17:26          737,280 ----a-w-  C:\Qoobox\Quarantine\C\Windows\iun6002.exe.vir
2010-08-31 15:39:04 . 2010-07-07 05:55:10              545 ----a-w-  C:\Qoobox\Quarantine\C\Windows\pkzip.pif.vir
2010-08-31 15:39:04 . 2010-07-07 05:55:10              545 ----a-w-  C:\Qoobox\Quarantine\C\Windows\pkunzip.pif.vir
Es gäb auch noch einen SnapShot, was immer das auch ist. Möchtest du das auch sehen?

TDSS-Killer
Code:
[InfectedObject]
Verdict: UnsignedFile.Multi.Generic
Code:
[InfectedObject]
Type: Service
Name: StarOpen
Type: File system driver (0x2)
Start: Demand (0x3)
Code:
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\drivers\StarOpen.sys
md5: e57b778208c783d8debab320c16a1b82
Viele Grüße,
Martin.

cosinus 05.01.2012 16:33
Zitat:
der weniger redet und die Fakten (Log files) auf den Tisch legt.
:lach:

Ne, die Logs von TDSS-Killer und Combofix fehlen ja (immer noch) ;)

Martin_Oskar 05.01.2012 16:49
Hallo Arne,

gibt es einen speziellen Ort wo die abgelegt werden? Denn ich finde nur das was ich dir offengelegt habe.

Viele Grüße,
Martin.

cosinus 05.01.2012 16:57
TDSS-Killer direkt auf c:
Combofix in C:\combofix.txt oder in Qoobox
Beim ncähsten Mal die Anleitungen zu diesen gefährlicheren Tools auch komplett lesen wenn man es schon auf eigene Faust ausführt

Martin_Oskar 05.01.2012 17:10
Code:
ComboFix 11-12-22.04 - Cassiopeia 26.12.2011  11:03:23.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4094.2483 [GMT 1:00]
ausgeführt von:: c:\users\Cassiopeia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\programdata\ntuser.dat
c:\users\Cassiopeia\AppData\Roaming\Mozilla\Firefox\Profiles\z5rgx61s.default\searchplugins\SearchquWebSearch.xml
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-26 bis 2011-12-26  ))))))))))))))))))))))))))))))
.
.
2011-12-26 09:36 . 2011-12-26 09:36        --------        d-----w-        c:\program files (x86)\VS Revo Group
2011-12-26 09:19 . 2011-12-26 09:19        --------        d-----w-        c:\program files\CCleaner
2011-12-25 18:10 . 2011-12-25 18:10        --------        d-----w-        c:\program files (x86)\Common Files\Simple Adblock
2011-12-24 22:17 . 2011-12-24 22:17        --------        d-----w-        c:\users\Dania
2011-12-24 18:02 . 2011-12-24 18:18        --------        d-----w-        c:\users\Cassiopeia\AppData\Local\NPE
2011-12-24 18:02 . 2011-12-24 18:02        --------        d-----w-        c:\programdata\Norton
2011-12-24 14:02 . 2011-12-24 14:02        16200        ----a-w-        c:\windows\stinger.sys
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\VDLL.DLL
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\SysWow64\runouce.exe
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\rundll16.exe
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\RUNDL132.EXE
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\logo1_.exe
2011-12-24 11:57 . 2011-12-24 11:57        --------        d---a-w-        c:\windows\logo_1.exe
2011-12-24 11:56 . 2011-12-24 11:56        632064        ----a-w-        c:\windows\SysWow64\msvcr80.dll
2011-12-24 11:56 . 2011-12-24 11:56        554240        ----a-w-        c:\windows\SysWow64\msvcp80.dll
2011-12-24 11:56 . 2011-12-24 11:56        572928        ----a-w-        c:\windows\SysWow64\msvcp90.dll
2011-12-24 11:56 . 2011-12-24 11:56        655872        ----a-w-        c:\windows\SysWow64\msvcr90.dll
2011-12-24 11:56 . 2011-12-24 11:56        34048        ----a-w-        c:\windows\SysWow64\eEmpty.exe
2011-12-24 11:56 . 2011-12-24 11:56        --------        d-----w-        c:\program files (x86)\Common Files\MicroWorld
2011-12-24 11:55 . 2011-12-24 11:56        --------        d-----w-        c:\programdata\MicroWorld
2011-12-24 08:59 . 2011-12-24 09:30        81984        ----a-w-        c:\windows\system32\bdod.bin
2011-12-23 19:52 . 2011-12-23 19:52        --------        d-----w-        c:\users\Cassiopeia\AppData\Roaming\BitDefender
2011-12-23 19:52 . 2011-12-24 09:31        --------        d-----w-        c:\program files\Common Files\BitDefender
2011-12-23 19:52 . 2011-12-24 08:46        --------        d-----w-        c:\programdata\BitDefender
2011-12-23 19:52 . 2011-12-23 19:52        --------        d-----w-        c:\program files\BitDefender
2011-12-23 19:51 . 2011-12-23 19:51        --------        d-----w-        c:\program files (x86)\Common Files\BitDefender
2011-12-23 18:54 . 2011-12-23 18:54        --------        d-----w-        c:\program files (x86)\Safer Networking
2011-12-23 17:43 . 2011-12-23 17:43        --------        d-----w-        c:\program files (x86)\ESET
2011-12-23 14:38 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B86A55E5-5EDB-42B6-BEE2-80B8700E0BDD}\mpengine.dll
2011-12-22 21:59 . 2011-12-22 21:59        --------        d-----w-        c:\users\Cassiopeia\AppData\Local\Threat Expert
2011-12-22 21:41 . 2011-12-22 22:07        --------        d-----w-        c:\program files (x86)\PC Tools
2011-12-22 21:29 . 2011-12-22 21:33        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2011-12-22 21:29 . 2011-12-22 21:29        12872        ----a-w-        c:\windows\system32\bootdelete.exe
2011-12-22 21:24 . 2011-12-22 22:07        --------        d-----w-        c:\program files (x86)\Common Files\PC Tools
2011-12-22 21:24 . 2011-11-22 18:42        230952        ----a-w-        c:\windows\system32\drivers\PCTSD64.sys
2011-12-22 21:23 . 2011-12-22 22:04        --------        d-----w-        c:\programdata\PC Tools
2011-12-22 21:23 . 2011-12-22 21:23        --------        d-----w-        c:\users\Cassiopeia\AppData\Roaming\TestApp
2011-12-22 21:20 . 2011-12-22 21:20        25160        ----a-w-        c:\windows\system32\drivers\hitmanpro35.sys
2011-12-22 21:20 . 2011-12-22 21:20        --------        d-----w-        c:\program files\Hitman Pro 3.5
2011-12-22 21:20 . 2011-12-22 21:29        --------        d-----w-        c:\programdata\Hitman Pro
2011-12-22 20:08 . 2011-12-22 20:08        --------        d-----w-        c:\users\Cassiopeia\AppData\Roaming\Malwarebytes
2011-12-22 20:06 . 2011-12-22 20:06        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-22 20:06 . 2011-12-22 20:06        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-22 20:06 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-19 18:33 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-19 18:33 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-25 19:28 . 2010-08-25 17:08        2828        --sha-w-        c:\programdata\KGyGaAvL.sys
2011-12-24 11:58 . 2011-12-24 11:57        18745487        ----a-w-        c:\windows\REGBK00.ZIP
2011-12-08 16:52 . 2011-11-02 12:06        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-11-21 19:11 . 2011-11-21 19:11        45280        ----a-w-        c:\windows\system32\AcSignIcon.dll
2011-11-21 19:11 . 2011-11-21 19:11        432864        ----a-w-        c:\windows\system32\AcSignOpt.exe
2011-11-21 19:11 . 2011-11-21 19:11        35040        ----a-w-        c:\windows\system32\AcSignExt.dll
2011-11-21 19:11 . 2011-11-21 19:11        94208        ----a-w-        c:\windows\SysWow64\msstkprp.dll
2011-11-21 19:10 . 2011-11-21 19:10        354528        ----a-w-        c:\windows\system32\plotman.cpl
2011-11-21 19:10 . 2011-11-21 19:10        14560        ----a-w-        c:\windows\system32\AcSignExtRes.dll
2011-11-15 13:29 . 2010-08-24 20:50        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-10-18 15:59 . 2011-06-06 14:57        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 14:00 . 2011-11-02 12:06        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-10-11 14:00 . 2011-11-02 12:06        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-10-03 14:41 . 2011-10-03 14:41        165680        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys
2011-10-03 14:41 . 2011-10-03 14:41        146736        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys
2011-10-03 14:41 . 2011-10-08 20:02        224048        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2011-10-03 14:41 . 2011-10-08 20:02        130864        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys
2011-10-03 14:41 . 2011-10-03 14:41        320816        ----a-w-        c:\windows\system32\VBoxNetFltNobj.dll
2011-10-03 14:41 . 2011-10-03 14:41        117040        ----a-w-        c:\windows\system32\drivers\VBoxUSB.sys
2011-09-29 16:29 . 2011-11-12 18:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-12-18 11:13 . 2010-12-18 11:13        581632        ----a-w-        c:\program files (x86)\convert.exe
2010-09-01 06:32 . 2010-09-01 06:32        573736        ----a-w-        c:\program files\iTunesPhotoProcessor.exe
2010-09-01 06:32 . 2010-09-01 06:32        294688        ----a-w-        c:\program files\iTunesOutlookAddIn.dll
2010-09-01 06:32 . 2010-09-01 06:32        421160        ----a-w-        c:\program files\iTunesHelper.exe
2010-09-01 06:31 . 2010-09-01 06:31        387368        ----a-w-        c:\program files\iTunesAdmin.dll
2010-09-01 06:31 . 2010-09-01 06:31        173344        ----a-w-        c:\program files\iTunesHelper.dll
2010-09-01 06:31 . 2010-09-01 06:31        9777448        ----a-w-        c:\program files\iTunes.exe
2010-09-01 06:31 . 2010-09-01 06:31        18658592        ----a-w-        c:\program files\iTunes.dll
2010-09-01 06:31 . 2010-09-01 06:31        726304        ----a-w-        c:\program files\gnsdk_sdkmanager.dll
2010-09-01 06:31 . 2010-09-01 06:31        259360        ----a-w-        c:\program files\gnsdk_submit.dll
2010-09-01 06:31 . 2010-09-01 06:31        197920        ----a-w-        c:\program files\gnsdk_musicid.dll
2010-09-01 06:31 . 2010-09-01 06:31        111912        ----a-w-        c:\program files\ITDetector.ocx
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Cassiopeia\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe [2010-8-27 845584]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Omnipage"=c:\program files (x86)\ScanSoft\OmniPageSE\opware32.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys [x]
R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys [x]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VMLiteUSB;VMLite USB;c:\windows\system32\Drivers\VMLiteUSB.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17        302592        ----a-w-        c:\windows\System32\cmd.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 09:32]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-05 09:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Free YouTube Download - c:\users\Cassiopeia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\Cassiopeia\AppData\Roaming\Mozilla\Firefox\Profiles\z5rgx61s.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-LBTWlgn - (no file)
WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
AddRemove-AceFTP 3 Pro - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-26  11:12:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-26 10:12
.
Vor Suchlauf: 8 Verzeichnis(se), 371.601.539.072 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 371.072.790.528 Bytes frei
.
- - End Of File - - ADC77271C62C6CB20F5634644AD5EFCB
Code:
10:24:26.0109 2736        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
10:24:26.0301 2736        ============================================================
10:24:26.0301 2736        Current date / time: 2011/12/29 10:24:26.0301
10:24:26.0301 2736        SystemInfo:
10:24:26.0301 2736       
10:24:26.0302 2736        OS Version: 6.1.7601 ServicePack: 1.0
10:24:26.0302 2736        Product type: Workstation
10:24:26.0302 2736        ComputerName: CASSIOPEIA-PC
10:24:26.0302 2736        UserName: Cassiopeia
10:24:26.0302 2736        Windows directory: C:\Windows
10:24:26.0302 2736        System windows directory: C:\Windows
10:24:26.0302 2736        Running under WOW64
10:24:26.0302 2736        Processor architecture: Intel x64
10:24:26.0302 2736        Number of processors: 4
10:24:26.0302 2736        Page size: 0x1000
10:24:26.0302 2736        Boot type: Normal boot
10:24:26.0302 2736        ============================================================
10:24:33.0648 2736        Initialize success
10:24:59.0091 2352        ============================================================
10:24:59.0091 2352        Scan started
10:24:59.0091 2352        Mode: Manual;
10:24:59.0091 2352        ============================================================
10:25:00.0933 2352        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:25:00.0954 2352        1394ohci - ok
10:25:01.0013 2352        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:25:01.0020 2352        ACPI - ok
10:25:01.0039 2352        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:25:01.0047 2352        AcpiPmi - ok
10:25:01.0100 2352        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:25:01.0125 2352        adp94xx - ok
10:25:01.0154 2352        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:25:01.0173 2352        adpahci - ok
10:25:01.0194 2352        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:25:01.0209 2352        adpu320 - ok
10:25:01.0285 2352        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:25:01.0294 2352        AFD - ok
10:25:01.0331 2352        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:25:01.0338 2352        agp440 - ok
10:25:01.0420 2352        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:25:01.0429 2352        aliide - ok
10:25:01.0468 2352        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:25:01.0473 2352        amdide - ok
10:25:01.0515 2352        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:25:01.0526 2352        AmdK8 - ok
10:25:01.0543 2352        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:25:01.0545 2352        AmdPPM - ok
10:25:01.0583 2352        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:25:01.0591 2352        amdsata - ok
10:25:01.0616 2352        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:25:01.0626 2352        amdsbs - ok
10:25:01.0639 2352        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:25:01.0644 2352        amdxata - ok
10:25:01.0772 2352        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:25:01.0783 2352        AppID - ok
10:25:01.0851 2352        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:25:01.0860 2352        arc - ok
10:25:01.0876 2352        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:25:01.0884 2352        arcsas - ok
10:25:01.0927 2352        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:25:01.0931 2352        AsyncMac - ok
10:25:01.0958 2352        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:25:01.0959 2352        atapi - ok
10:25:02.0102 2352        atikmdag        (428e352f7cba6be1dc964dcd29de0eab) C:\Windows\system32\DRIVERS\atikmdag.sys
10:25:02.0241 2352        atikmdag - ok
10:25:02.0324 2352        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:25:02.0339 2352        avgntflt - ok
10:25:02.0401 2352        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
10:25:02.0418 2352        avipbb - ok
10:25:02.0450 2352        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:25:02.0460 2352        avkmgr - ok
10:25:02.0516 2352        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:25:02.0539 2352        b06bdrv - ok
10:25:02.0585 2352        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:25:02.0602 2352        b57nd60a - ok
10:25:02.0644 2352        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:25:02.0648 2352        Beep - ok
10:25:02.0697 2352        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:25:02.0703 2352        blbdrive - ok
10:25:02.0755 2352        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:25:02.0767 2352        bowser - ok
10:25:02.0787 2352        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:25:02.0794 2352        BrFiltLo - ok
10:25:02.0814 2352        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:25:02.0819 2352        BrFiltUp - ok
10:25:02.0853 2352        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:25:02.0866 2352        Brserid - ok
10:25:02.0881 2352        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:25:02.0887 2352        BrSerWdm - ok
10:25:02.0904 2352        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:25:02.0907 2352        BrUsbMdm - ok
10:25:02.0923 2352        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:25:02.0927 2352        BrUsbSer - ok
10:25:02.0948 2352        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:25:02.0954 2352        BTHMODEM - ok
10:25:02.0989 2352        catchme - ok
10:25:03.0018 2352        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:25:03.0025 2352        cdfs - ok
10:25:03.0071 2352        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:25:03.0081 2352        cdrom - ok
10:25:03.0114 2352        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:25:03.0122 2352        circlass - ok
10:25:03.0152 2352        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:25:03.0156 2352        CLFS - ok
10:25:03.0208 2352        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:25:03.0212 2352        CmBatt - ok
10:25:03.0234 2352        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:25:03.0240 2352        cmdide - ok
10:25:03.0294 2352        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:25:03.0323 2352        CNG - ok
10:25:03.0344 2352        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:25:03.0352 2352        Compbatt - ok
10:25:03.0388 2352        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:25:03.0395 2352        CompositeBus - ok
10:25:03.0439 2352        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:25:03.0449 2352        crcdisk - ok
10:25:03.0533 2352        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:25:03.0545 2352        DfsC - ok
10:25:03.0580 2352        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:25:03.0581 2352        discache - ok
10:25:03.0625 2352        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:25:03.0638 2352        Disk - ok
10:25:03.0703 2352        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:25:03.0709 2352        drmkaud - ok
10:25:03.0775 2352        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:25:03.0803 2352        DXGKrnl - ok
10:25:03.0917 2352        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:25:03.0978 2352        ebdrv - ok
10:25:04.0004 2352        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:25:04.0016 2352        elxstor - ok
10:25:04.0037 2352        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:25:04.0040 2352        ErrDev - ok
10:25:04.0059 2352        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:25:04.0065 2352        exfat - ok
10:25:04.0080 2352        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:25:04.0087 2352        fastfat - ok
10:25:04.0122 2352        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:25:04.0126 2352        fdc - ok
10:25:04.0143 2352        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:25:04.0148 2352        FileInfo - ok
10:25:04.0163 2352        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:25:04.0167 2352        Filetrace - ok
10:25:04.0179 2352        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:25:04.0182 2352        flpydisk - ok
10:25:04.0238 2352        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:25:04.0262 2352        FltMgr - ok
10:25:04.0300 2352        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:25:04.0312 2352        FsDepends - ok
10:25:04.0327 2352        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:25:04.0337 2352        Fs_Rec - ok
10:25:04.0376 2352        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:25:04.0378 2352        fvevol - ok
10:25:04.0407 2352        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:25:04.0442 2352        gagp30kx - ok
10:25:04.0503 2352        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:25:04.0512 2352        GEARAspiWDM - ok
10:25:04.0581 2352        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:25:04.0593 2352        hcw85cir - ok
10:25:04.0651 2352        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:25:04.0673 2352        HdAudAddService - ok
10:25:04.0716 2352        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:25:04.0717 2352        HDAudBus - ok
10:25:04.0748 2352        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:25:04.0753 2352        HidBatt - ok
10:25:04.0770 2352        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:25:04.0777 2352        HidBth - ok
10:25:04.0797 2352        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:25:04.0804 2352        HidIr - ok
10:25:04.0847 2352        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:25:04.0853 2352        HidUsb - ok
10:25:04.0912 2352        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:25:04.0925 2352        HpSAMD - ok
10:25:04.0996 2352        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:25:05.0010 2352        HTTP - ok
10:25:05.0056 2352        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:25:05.0058 2352        hwpolicy - ok
10:25:05.0096 2352        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:25:05.0112 2352        i8042prt - ok
10:25:05.0171 2352        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:25:05.0193 2352        iaStorV - ok
10:25:05.0228 2352        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:25:05.0239 2352        iirsp - ok
10:25:05.0359 2352        IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
10:25:05.0382 2352        IntcAzAudAddService - ok
10:25:05.0409 2352        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:25:05.0413 2352        intelide - ok
10:25:05.0451 2352        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:25:05.0464 2352        intelppm - ok
10:25:05.0518 2352        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:25:05.0531 2352        IpFilterDriver - ok
10:25:05.0559 2352        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:25:05.0574 2352        IPMIDRV - ok
10:25:05.0593 2352        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:25:05.0604 2352        IPNAT - ok
10:25:05.0636 2352        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:25:05.0640 2352        IRENUM - ok
10:25:05.0657 2352        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:25:05.0663 2352        isapnp - ok
10:25:05.0691 2352        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:25:05.0705 2352        iScsiPrt - ok
10:25:05.0735 2352        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:25:05.0742 2352        kbdclass - ok
10:25:05.0786 2352        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:25:05.0795 2352        kbdhid - ok
10:25:05.0848 2352        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:25:05.0862 2352        KSecDD - ok
10:25:05.0883 2352        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:25:05.0902 2352        KSecPkg - ok
10:25:05.0938 2352        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:25:05.0946 2352        ksthunk - ok
10:25:06.0014 2352        L8042Kbd        (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
10:25:06.0022 2352        L8042Kbd - ok
10:25:06.0098 2352        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:25:06.0109 2352        LHidFilt - ok
10:25:06.0163 2352        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:25:06.0174 2352        lltdio - ok
10:25:06.0208 2352        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:25:06.0213 2352        LMouFilt - ok
10:25:06.0252 2352        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:25:06.0260 2352        LSI_FC - ok
10:25:06.0278 2352        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:25:06.0286 2352        LSI_SAS - ok
10:25:06.0302 2352        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:25:06.0309 2352        LSI_SAS2 - ok
10:25:06.0330 2352        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:25:06.0339 2352        LSI_SCSI - ok
10:25:06.0369 2352        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:25:06.0370 2352        luafv - ok
10:25:06.0386 2352        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:25:06.0393 2352        megasas - ok
10:25:06.0415 2352        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:25:06.0427 2352        MegaSR - ok
10:25:06.0459 2352        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:25:06.0465 2352        Modem - ok
10:25:06.0502 2352        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:25:06.0503 2352        monitor - ok
10:25:06.0557 2352        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:25:06.0568 2352        mouclass - ok
10:25:06.0611 2352        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:25:06.0620 2352        mouhid - ok
10:25:06.0675 2352        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:25:06.0678 2352        mountmgr - ok
10:25:06.0722 2352        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:25:06.0733 2352        mpio - ok
10:25:06.0765 2352        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:25:06.0774 2352        mpsdrv - ok
10:25:06.0822 2352        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:25:06.0837 2352        MRxDAV - ok
10:25:06.0883 2352        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:25:06.0898 2352        mrxsmb - ok
10:25:06.0948 2352        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:25:06.0968 2352        mrxsmb10 - ok
10:25:07.0012 2352        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:25:07.0025 2352        mrxsmb20 - ok
10:25:07.0058 2352        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:25:07.0068 2352        msahci - ok
10:25:07.0091 2352        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:25:07.0104 2352        msdsm - ok
10:25:07.0152 2352        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:25:07.0157 2352        Msfs - ok
10:25:07.0193 2352        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:25:07.0196 2352        mshidkmdf - ok
10:25:07.0212 2352        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:25:07.0217 2352        msisadrv - ok
10:25:07.0271 2352        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:25:07.0275 2352        MSKSSRV - ok
10:25:07.0314 2352        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:25:07.0320 2352        MSPCLOCK - ok
10:25:07.0342 2352        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:25:07.0348 2352        MSPQM - ok
10:25:07.0400 2352        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:25:07.0421 2352        MsRPC - ok
10:25:07.0458 2352        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:25:07.0459 2352        mssmbios - ok
10:25:07.0478 2352        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:25:07.0484 2352        MSTEE - ok
10:25:07.0497 2352        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:25:07.0504 2352        MTConfig - ok
10:25:07.0542 2352        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:25:07.0553 2352        Mup - ok
10:25:07.0625 2352        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:25:07.0646 2352        NativeWifiP - ok
10:25:07.0721 2352        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:25:07.0734 2352        NDIS - ok
10:25:07.0760 2352        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:25:07.0765 2352        NdisCap - ok
10:25:07.0797 2352        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:25:07.0801 2352        NdisTapi - ok
10:25:07.0849 2352        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:25:07.0860 2352        Ndisuio - ok
10:25:07.0901 2352        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:25:07.0918 2352        NdisWan - ok
10:25:07.0964 2352        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:25:07.0975 2352        NDProxy - ok
10:25:07.0994 2352        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:25:08.0004 2352        NetBIOS - ok
10:25:08.0055 2352        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:25:08.0060 2352        NetBT - ok
10:25:08.0188 2352        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:25:08.0200 2352        nfrd960 - ok
10:25:08.0254 2352        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:25:08.0263 2352        Npfs - ok
10:25:08.0283 2352        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:25:08.0285 2352        nsiproxy - ok
10:25:08.0373 2352        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:25:08.0442 2352        Ntfs - ok
10:25:08.0464 2352        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:25:08.0469 2352        Null - ok
10:25:08.0551 2352        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:25:08.0565 2352        nvraid - ok
10:25:08.0611 2352        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:25:08.0627 2352        nvstor - ok
10:25:08.0678 2352        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:25:08.0694 2352        nv_agp - ok
10:25:08.0745 2352        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:25:08.0758 2352        ohci1394 - ok
10:25:08.0833 2352        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:25:08.0843 2352        Parport - ok
10:25:08.0883 2352        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:25:08.0897 2352        partmgr - ok
10:25:08.0934 2352        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:25:08.0936 2352        pci - ok
10:25:08.0960 2352        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:25:08.0965 2352        pciide - ok
10:25:08.0987 2352        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:25:08.0999 2352        pcmcia - ok
10:25:09.0018 2352        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:25:09.0024 2352        pcw - ok
10:25:09.0052 2352        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:25:09.0076 2352        PEAUTH - ok
10:25:09.0201 2352        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:25:09.0216 2352        PptpMiniport - ok
10:25:09.0236 2352        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:25:09.0250 2352        Processor - ok
10:25:09.0332 2352        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:25:09.0335 2352        Psched - ok
10:25:09.0385 2352        pwdrvio        (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
10:25:09.0398 2352        pwdrvio - ok
10:25:09.0427 2352        pwdspio        (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
10:25:09.0438 2352        pwdspio - ok
10:25:09.0502 2352        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:25:09.0576 2352        ql2300 - ok
10:25:09.0594 2352        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:25:09.0604 2352        ql40xx - ok
10:25:09.0621 2352        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:25:09.0627 2352        QWAVEdrv - ok
10:25:09.0639 2352        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:25:09.0643 2352        RasAcd - ok
10:25:09.0695 2352        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:25:09.0707 2352        RasAgileVpn - ok
10:25:09.0753 2352        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:25:09.0768 2352        Rasl2tp - ok
10:25:09.0798 2352        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:25:09.0807 2352        RasPppoe - ok
10:25:09.0825 2352        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:25:09.0833 2352        RasSstp - ok
10:25:09.0877 2352        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:25:09.0891 2352        rdbss - ok
10:25:09.0910 2352        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:25:09.0916 2352        rdpbus - ok
10:25:09.0930 2352        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:25:09.0931 2352        RDPCDD - ok
10:25:09.0959 2352        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:25:09.0960 2352        RDPENCDD - ok
10:25:09.0974 2352        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:25:09.0975 2352        RDPREFMP - ok
10:25:10.0025 2352        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:25:10.0041 2352        RDPWD - ok
10:25:10.0091 2352        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:25:10.0111 2352        rdyboost - ok
10:25:10.0157 2352        regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
10:25:10.0165 2352        regi - ok
10:25:10.0245 2352        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:25:10.0255 2352        rspndr - ok
10:25:10.0317 2352        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
10:25:10.0336 2352        RTHDMIAzAudService - ok
10:25:10.0383 2352        RTL8167        (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:25:10.0398 2352        RTL8167 - ok
10:25:10.0435 2352        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:25:10.0450 2352        sbp2port - ok
10:25:10.0516 2352        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:25:10.0527 2352        scfilter - ok
10:25:10.0582 2352        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:25:10.0586 2352        secdrv - ok
10:25:10.0608 2352        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:25:10.0613 2352        Serenum - ok
10:25:10.0642 2352        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:25:10.0649 2352        Serial - ok
10:25:10.0680 2352        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:25:10.0684 2352        sermouse - ok
10:25:10.0711 2352        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:25:10.0714 2352        sffdisk - ok
10:25:10.0731 2352        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:25:10.0735 2352        sffp_mmc - ok
10:25:10.0748 2352        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:25:10.0752 2352        sffp_sd - ok
10:25:10.0766 2352        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:25:10.0769 2352        sfloppy - ok
10:25:10.0806 2352        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:25:10.0812 2352        SiSRaid2 - ok
10:25:10.0830 2352        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:25:10.0836 2352        SiSRaid4 - ok
10:25:10.0870 2352        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:25:10.0876 2352        Smb - ok
10:25:10.0917 2352        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:25:10.0921 2352        spldr - ok
10:25:10.0969 2352        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:25:10.0995 2352        srv - ok
10:25:11.0053 2352        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:25:11.0081 2352        srv2 - ok
10:25:11.0129 2352        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:25:11.0145 2352        srvnet - ok
10:25:11.0215 2352        ST330          (7b6e1e5094a2d0cc884a6be05ff805ec) C:\Windows\system32\DRIVERS\st330.sys
10:25:11.0225 2352        ST330 - ok
10:25:11.0280 2352        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
10:25:11.0286 2352        StarOpen - ok
10:25:11.0310 2352        STBUS          (ba847a2ebc01fc9ba94e0e9a6ee4b2b7) C:\Windows\system32\DRIVERS\stbus.sys
10:25:11.0318 2352        STBUS - ok
10:25:11.0340 2352        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:25:11.0350 2352        stexstor - ok
10:25:11.0395 2352        stppp          (d0d21c5084af093f5e7bcd77e57ef3c9) C:\Windows\system32\DRIVERS\stppp.sys
10:25:11.0402 2352        stppp - ok
10:25:11.0425 2352        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:25:11.0430 2352        swenum - ok
10:25:11.0533 2352        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:25:11.0597 2352        Tcpip - ok
10:25:11.0655 2352        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:25:11.0669 2352        TCPIP6 - ok
10:25:11.0709 2352        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:25:11.0715 2352        tcpipreg - ok
10:25:11.0743 2352        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:25:11.0747 2352        TDPIPE - ok
10:25:11.0759 2352        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:25:11.0764 2352        TDTCP - ok
10:25:11.0814 2352        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:25:11.0827 2352        tdx - ok
10:25:11.0857 2352        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:25:11.0864 2352        TermDD - ok
10:25:11.0924 2352        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:25:11.0929 2352        tssecsrv - ok
10:25:11.0996 2352        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:25:12.0010 2352        TsUsbFlt - ok
10:25:12.0066 2352        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:25:12.0081 2352        tunnel - ok
10:25:12.0112 2352        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:25:12.0124 2352        uagp35 - ok
10:25:12.0175 2352        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:25:12.0195 2352        udfs - ok
10:25:12.0240 2352        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:25:12.0248 2352        uliagpkx - ok
10:25:12.0288 2352        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:25:12.0300 2352        umbus - ok
10:25:12.0324 2352        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:25:12.0333 2352        UmPass - ok
10:25:12.0397 2352        usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
10:25:12.0401 2352        usbbus - ok
10:25:12.0445 2352        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
10:25:12.0451 2352        usbccgp - ok
10:25:12.0482 2352        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:25:12.0491 2352        usbcir - ok
10:25:12.0507 2352        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:25:12.0511 2352        usbehci - ok
10:25:12.0561 2352        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:25:12.0572 2352        usbhub - ok
10:25:12.0630 2352        USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
10:25:12.0635 2352        USBModem - ok
10:25:12.0664 2352        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:25:12.0667 2352        usbohci - ok
10:25:12.0709 2352        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:25:12.0714 2352        usbprint - ok
10:25:12.0746 2352        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:25:12.0747 2352        USBSTOR - ok
10:25:12.0766 2352        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:25:12.0770 2352        usbuhci - ok
10:25:12.0831 2352        VBoxDrv        (6372eaa7cc0e8a2fc4be7b3f2de1ed62) C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:25:12.0838 2352        VBoxDrv - ok
10:25:12.0892 2352        VBoxNetAdp      (b996117f6202464a56901cbc13999fe2) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:25:12.0910 2352        VBoxNetAdp - ok
10:25:12.0971 2352        VBoxNetFlt      (89835a2f779979f1d545e40f36d737e0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:25:12.0989 2352        VBoxNetFlt - ok
10:25:13.0040 2352        VBoxUSB        (718c4301b7b4e45e93f6013d3cf04183) C:\Windows\system32\Drivers\VBoxUSB.sys
10:25:13.0057 2352        VBoxUSB - ok
10:25:13.0139 2352        VBoxUSBMon      (f9bd6cff0376d1daddb1cb2f794d9bc7) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:25:13.0155 2352        VBoxUSBMon - ok
10:25:13.0212 2352        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:25:13.0222 2352        vdrvroot - ok
10:25:13.0297 2352        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:25:13.0306 2352        vga - ok
10:25:13.0326 2352        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:25:13.0336 2352        VgaSave - ok
10:25:13.0374 2352        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:25:13.0387 2352        vhdmp - ok
10:25:13.0412 2352        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:25:13.0418 2352        viaide - ok
10:25:13.0458 2352        VMLiteUSB      (ae3a5225aa7f4fc644288505e33d575c) C:\Windows\system32\Drivers\VMLiteUSB.sys
10:25:13.0473 2352        VMLiteUSB - ok
10:25:13.0494 2352        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:25:13.0507 2352        volmgr - ok
10:25:13.0564 2352        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:25:13.0571 2352        volmgrx - ok
10:25:13.0605 2352        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:25:13.0628 2352        volsnap - ok
10:25:13.0685 2352        vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
10:25:13.0703 2352        vpcbus - ok
10:25:13.0760 2352        vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:25:13.0771 2352        vpcnfltr - ok
10:25:13.0810 2352        vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
10:25:13.0824 2352        vpcusb - ok
10:25:13.0871 2352        vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
10:25:13.0878 2352        vpcuxd - ok
10:25:13.0955 2352        vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
10:25:13.0961 2352        vpcvmm - ok
10:25:14.0007 2352        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:25:14.0022 2352        vsmraid - ok
10:25:14.0047 2352        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:25:14.0057 2352        vwifibus - ok
10:25:14.0091 2352        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:25:14.0096 2352        WacomPen - ok
10:25:14.0146 2352        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:25:14.0157 2352        WANARP - ok
10:25:14.0166 2352        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:25:14.0169 2352        Wanarpv6 - ok
10:25:14.0222 2352        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:25:14.0226 2352        Wd - ok
10:25:14.0250 2352        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:25:14.0264 2352        Wdf01000 - ok
10:25:14.0307 2352        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:25:14.0310 2352        WfpLwf - ok
10:25:14.0327 2352        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:25:14.0333 2352        WIMMount - ok
10:25:14.0411 2352        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:25:14.0417 2352        WinUsb - ok
10:25:14.0460 2352        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:25:14.0467 2352        WmiAcpi - ok
10:25:14.0514 2352        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:25:14.0519 2352        ws2ifsl - ok
10:25:14.0569 2352        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:25:14.0582 2352        WudfPf - ok
10:25:14.0621 2352        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:25:14.0633 2352        WUDFRd - ok
10:25:14.0658 2352        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:25:14.0707 2352        \Device\Harddisk0\DR0 - ok
10:25:14.0714 2352        MBR (0x1B8)    (891a5a795784628f5a01eb95b84d278c) \Device\Harddisk1\DR1
10:25:14.0726 2352        \Device\Harddisk1\DR1 - ok
10:25:14.0739 2352        Boot (0x1200)  (cd2db1555d3829805cba41760cfd7a05) \Device\Harddisk0\DR0\Partition0
10:25:14.0742 2352        \Device\Harddisk0\DR0\Partition0 - ok
10:25:14.0753 2352        Boot (0x1200)  (5108b38b5d5db5e7b8de0ecf2ee15bee) \Device\Harddisk0\DR0\Partition1
10:25:14.0755 2352        \Device\Harddisk0\DR0\Partition1 - ok
10:25:14.0755 2352        ============================================================
10:25:14.0755 2352        Scan finished
10:25:14.0755 2352        ============================================================
10:25:14.0768 3544        Detected object count: 0
10:25:14.0768 3544        Actual detected object count: 0
10:25:29.0903 3592        ============================================================
10:25:29.0903 3592        Scan started
10:25:29.0903 3592        Mode: Manual; SigCheck;
10:25:29.0903 3592        ============================================================
10:25:29.0903 3592        ============================================================
10:25:29.0903 3592        Scan finished
10:25:29.0903 3592        ============================================================
10:25:29.0913 1880        Detected object count: 0
10:25:29.0913 1880        Actual detected object count: 0
10:25:33.0793 3532        ============================================================
10:25:33.0793 3532        Scan started
10:25:33.0793 3532        Mode: Manual; SigCheck;
10:25:33.0793 3532        ============================================================
10:25:33.0793 3532        ============================================================
10:25:33.0793 3532        Scan finished
10:25:33.0793 3532        ============================================================
10:25:33.0804 3232        Detected object count: 0
10:25:33.0804 3232        Actual detected object count: 0
10:25:40.0096 1860        ============================================================
10:25:40.0096 1860        Scan started
10:25:40.0096 1860        Mode: Manual; TDLFS;
10:25:40.0096 1860        ============================================================
10:25:40.0096 1860        ============================================================
10:25:40.0096 1860        Scan finished
10:25:40.0096 1860        ============================================================
10:25:40.0106 2412        Detected object count: 0
10:25:40.0106 2412        Actual detected object count: 0
10:25:47.0025 3984        ============================================================
10:25:47.0025 3984        Scan started
10:25:47.0025 3984        Mode: Manual; SigCheck; TDLFS;
10:25:47.0025 3984        ============================================================
10:25:47.0284 3984        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:25:47.0406 3984        1394ohci - ok
10:25:47.0429 3984        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:25:47.0443 3984        ACPI - ok
10:25:47.0457 3984        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:25:47.0535 3984        AcpiPmi - ok
10:25:47.0565 3984        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:25:47.0579 3984        adp94xx - ok
10:25:47.0594 3984        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:25:47.0605 3984        adpahci - ok
10:25:47.0619 3984        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:25:47.0628 3984        adpu320 - ok
10:25:47.0675 3984        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:25:47.0743 3984        AFD - ok
10:25:47.0774 3984        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:25:47.0786 3984        agp440 - ok
10:25:47.0822 3984        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:25:47.0833 3984        aliide - ok
10:25:47.0853 3984        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:25:47.0864 3984        amdide - ok
10:25:47.0883 3984        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:25:47.0954 3984        AmdK8 - ok
10:25:47.0978 3984        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:25:48.0006 3984        AmdPPM - ok
10:25:48.0034 3984        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:25:48.0047 3984        amdsata - ok
10:25:48.0068 3984        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:25:48.0082 3984        amdsbs - ok
10:25:48.0099 3984        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:25:48.0110 3984        amdxata - ok
10:25:48.0165 3984        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:25:48.0312 3984        AppID - ok
10:25:48.0353 3984        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:25:48.0361 3984        arc - ok
10:25:48.0377 3984        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:25:48.0385 3984        arcsas - ok
10:25:48.0412 3984        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:25:48.0571 3984        AsyncMac - ok
10:25:48.0601 3984        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:25:48.0608 3984        atapi - ok
10:25:48.0737 3984        atikmdag        (428e352f7cba6be1dc964dcd29de0eab) C:\Windows\system32\DRIVERS\atikmdag.sys
10:25:48.0861 3984        atikmdag - ok
10:25:48.0900 3984        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:25:48.0958 3984        avgntflt - ok
10:25:48.0977 3984        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
10:25:48.0985 3984        avipbb - ok
10:25:49.0027 3984        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:25:49.0047 3984        avkmgr - ok
10:25:49.0084 3984        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:25:49.0148 3984        b06bdrv - ok
10:25:49.0185 3984        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:25:49.0224 3984        b57nd60a - ok
10:25:49.0262 3984        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:25:49.0321 3984        Beep - ok
10:25:49.0349 3984        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:25:49.0391 3984        blbdrive - ok
10:25:49.0456 3984        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:25:49.0518 3984        bowser - ok
10:25:49.0539 3984        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:25:49.0596 3984        BrFiltLo - ok
10:25:49.0615 3984        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:25:49.0633 3984        BrFiltUp - ok
10:25:49.0654 3984        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:25:49.0712 3984        Brserid - ok
10:25:49.0733 3984        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:25:49.0789 3984        BrSerWdm - ok
10:25:49.0822 3984        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:25:49.0850 3984        BrUsbMdm - ok
10:25:49.0874 3984        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:25:49.0905 3984        BrUsbSer - ok
10:25:49.0932 3984        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:25:49.0979 3984        BTHMODEM - ok
10:25:49.0996 3984        catchme - ok
10:25:50.0029 3984        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:25:50.0082 3984        cdfs - ok
10:25:50.0106 3984        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:25:50.0155 3984        cdrom - ok
10:25:50.0191 3984        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:25:50.0261 3984        circlass - ok
10:25:50.0303 3984        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:25:50.0321 3984        CLFS - ok
10:25:50.0351 3984        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:25:50.0379 3984        CmBatt - ok
10:25:50.0410 3984        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:25:50.0417 3984        cmdide - ok
10:25:50.0462 3984        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:25:50.0503 3984        CNG - ok
10:25:50.0528 3984        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:25:50.0535 3984        Compbatt - ok
10:25:50.0548 3984        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:25:50.0573 3984        CompositeBus - ok
10:25:50.0598 3984        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:25:50.0605 3984        crcdisk - ok
10:25:50.0667 3984        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:25:50.0744 3984        DfsC - ok
10:25:50.0772 3984        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:25:50.0800 3984        discache - ok
10:25:50.0817 3984        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:25:50.0824 3984        Disk - ok
10:25:50.0863 3984        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:25:50.0910 3984        drmkaud - ok
10:25:50.0967 3984        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:25:51.0004 3984        DXGKrnl - ok
10:25:51.0077 3984        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:25:51.0130 3984        ebdrv - ok
10:25:51.0164 3984        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:25:51.0177 3984        elxstor - ok
10:25:51.0196 3984        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:25:51.0226 3984        ErrDev - ok
10:25:51.0260 3984        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:25:51.0289 3984        exfat - ok
10:25:51.0306 3984        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:25:51.0349 3984        fastfat - ok
10:25:51.0373 3984        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:25:51.0383 3984        fdc - ok
10:25:51.0402 3984        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:25:51.0410 3984        FileInfo - ok
10:25:51.0439 3984        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:25:51.0482 3984        Filetrace - ok
10:25:51.0504 3984        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:25:51.0531 3984        flpydisk - ok
10:25:51.0570 3984        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:25:51.0580 3984        FltMgr - ok
10:25:51.0609 3984        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:25:51.0616 3984        FsDepends - ok
10:25:51.0628 3984        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:25:51.0635 3984        Fs_Rec - ok
10:25:51.0660 3984        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:25:51.0671 3984        fvevol - ok
10:25:51.0691 3984        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:25:51.0698 3984        gagp30kx - ok
10:25:51.0754 3984        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:25:51.0772 3984        GEARAspiWDM - ok
10:25:51.0807 3984        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:25:51.0851 3984        hcw85cir - ok
10:25:51.0883 3984        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:25:51.0905 3984        HdAudAddService - ok
10:25:51.0925 3984        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:25:51.0958 3984        HDAudBus - ok
10:25:51.0991 3984        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:25:52.0034 3984        HidBatt - ok
10:25:52.0063 3984        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:25:52.0118 3984        HidBth - ok
10:25:52.0232 3984        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:25:52.0310 3984        HidIr - ok
10:25:52.0340 3984        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:25:52.0366 3984        HidUsb - ok
10:25:52.0412 3984        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:25:52.0421 3984        HpSAMD - ok
10:25:52.0472 3984        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:25:52.0534 3984        HTTP - ok
10:25:52.0574 3984        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:25:52.0582 3984        hwpolicy - ok
10:25:52.0604 3984        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:25:52.0617 3984        i8042prt - ok
10:25:52.0661 3984        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:25:52.0675 3984        iaStorV - ok
10:25:52.0704 3984        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:25:52.0713 3984        iirsp - ok
10:25:52.0767 3984        IntcAzAudAddService (76877dd763a2287f58908795f3f5cccb) C:\Windows\system32\drivers\RTKVHD64.sys
10:25:52.0804 3984        IntcAzAudAddService - ok
10:25:52.0826 3984        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:25:52.0833 3984        intelide - ok
10:25:52.0851 3984        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:25:52.0903 3984        intelppm - ok
10:25:52.0960 3984        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:25:53.0027 3984        IpFilterDriver - ok
10:25:53.0067 3984        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:25:53.0077 3984        IPMIDRV - ok
10:25:53.0093 3984        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:25:53.0138 3984        IPNAT - ok
10:25:53.0162 3984        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:25:53.0241 3984        IRENUM - ok
10:25:53.0266 3984        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:25:53.0275 3984        isapnp - ok
10:25:53.0300 3984        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:25:53.0313 3984        iScsiPrt - ok
10:25:53.0336 3984        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:25:53.0345 3984        kbdclass - ok
10:25:53.0395 3984        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:25:53.0441 3984        kbdhid - ok
10:25:53.0481 3984        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:25:53.0494 3984        KSecDD - ok
10:25:53.0533 3984        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:25:53.0547 3984        KSecPkg - ok
10:25:53.0572 3984        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:25:53.0629 3984        ksthunk - ok
10:25:53.0655 3984        L8042Kbd        (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
10:25:53.0662 3984        L8042Kbd - ok
10:25:53.0698 3984        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:25:53.0704 3984        LHidFilt - ok
10:25:53.0730 3984        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:25:53.0799 3984        lltdio - ok
10:25:53.0825 3984        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:25:53.0831 3984        LMouFilt - ok
10:25:53.0878 3984        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:25:53.0902 3984        LSI_FC - ok
10:25:53.0920 3984        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:25:53.0933 3984        LSI_SAS - ok
10:25:53.0952 3984        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:25:53.0964 3984        LSI_SAS2 - ok
10:25:53.0980 3984        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:25:53.0992 3984        LSI_SCSI - ok
10:25:54.0019 3984        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:25:54.0062 3984        luafv - ok
10:25:54.0087 3984        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:25:54.0094 3984        megasas - ok
10:25:54.0139 3984        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:25:54.0171 3984        MegaSR - ok
10:25:54.0193 3984        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:25:54.0239 3984        Modem - ok
10:25:54.0260 3984        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:25:54.0288 3984        monitor - ok
10:25:54.0324 3984        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:25:54.0348 3984        mouclass - ok
10:25:54.0369 3984        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:25:54.0385 3984        mouhid - ok
10:25:54.0425 3984        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:25:54.0438 3984        mountmgr - ok
10:25:54.0472 3984        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:25:54.0486 3984        mpio - ok
10:25:54.0516 3984        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:25:54.0560 3984        mpsdrv - ok
10:25:54.0604 3984        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:25:54.0686 3984        MRxDAV - ok
10:25:54.0724 3984        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:25:54.0746 3984        mrxsmb - ok
10:25:54.0813 3984        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:25:54.0846 3984        mrxsmb10 - ok
10:25:54.0878 3984        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:25:54.0893 3984        mrxsmb20 - ok
10:25:54.0916 3984        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:25:54.0928 3984        msahci - ok
10:25:54.0974 3984        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:25:54.0988 3984        msdsm - ok
10:25:55.0019 3984        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:25:55.0054 3984        Msfs - ok
10:25:55.0068 3984        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:25:55.0115 3984        mshidkmdf - ok
10:25:55.0146 3984        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:25:55.0153 3984        msisadrv - ok
10:25:55.0171 3984        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:25:55.0240 3984        MSKSSRV - ok
10:25:55.0264 3984        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:25:55.0327 3984        MSPCLOCK - ok
10:25:55.0350 3984        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:25:55.0427 3984        MSPQM - ok
10:25:55.0475 3984        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:25:55.0500 3984        MsRPC - ok
10:25:55.0524 3984        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:25:55.0536 3984        mssmbios - ok
10:25:55.0553 3984        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:25:55.0590 3984        MSTEE - ok
10:25:55.0598 3984        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:25:55.0627 3984        MTConfig - ok
10:25:55.0650 3984        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:25:55.0658 3984        Mup - ok
10:25:55.0689 3984        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:25:55.0718 3984        NativeWifiP - ok
10:25:55.0805 3984        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:25:55.0837 3984        NDIS - ok
10:25:55.0859 3984        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:25:55.0887 3984        NdisCap - ok
10:25:55.0905 3984        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:25:55.0948 3984        NdisTapi - ok
10:25:55.0982 3984        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:25:56.0048 3984        Ndisuio - ok
10:25:56.0083 3984        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:25:56.0147 3984        NdisWan - ok
10:25:56.0189 3984        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:25:56.0264 3984        NDProxy - ok
10:25:56.0294 3984        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:25:56.0333 3984        NetBIOS - ok
10:25:56.0369 3984        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:25:56.0411 3984        NetBT - ok
10:25:56.0453 3984        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:25:56.0461 3984        nfrd960 - ok
10:25:56.0476 3984        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:25:56.0519 3984        Npfs - ok
10:25:56.0548 3984        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:25:56.0595 3984        nsiproxy - ok
10:25:56.0664 3984        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:25:56.0713 3984        Ntfs - ok
10:25:56.0729 3984        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:25:56.0799 3984        Null - ok
10:25:56.0841 3984        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:25:56.0869 3984        nvraid - ok
10:25:56.0892 3984        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:25:56.0903 3984        nvstor - ok
10:25:56.0942 3984        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:25:56.0953 3984        nv_agp - ok
10:25:57.0002 3984        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:25:57.0046 3984        ohci1394 - ok
10:25:57.0107 3984        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:25:57.0136 3984        Parport - ok
10:25:57.0174 3984        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:25:57.0198 3984        partmgr - ok
10:25:57.0233 3984        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:25:57.0247 3984        pci - ok
10:25:57.0284 3984        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:25:57.0291 3984        pciide - ok
10:25:57.0327 3984        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:25:57.0340 3984        pcmcia - ok
10:25:57.0358 3984        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:25:57.0366 3984        pcw - ok
10:25:57.0399 3984        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:25:57.0457 3984        PEAUTH - ok
10:25:57.0524 3984        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:25:57.0551 3984        PptpMiniport - ok
10:25:57.0568 3984        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:25:57.0604 3984        Processor - ok
10:25:57.0654 3984        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:25:57.0697 3984        Psched - ok
10:25:57.0726 3984        pwdrvio        (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
10:25:57.0735 3984        pwdrvio - ok
10:25:57.0759 3984        pwdspio        (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
10:25:57.0767 3984        pwdspio - ok
10:25:57.0813 3984        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:25:57.0838 3984        ql2300 - ok
10:25:57.0851 3984        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:25:57.0859 3984        ql40xx - ok
10:25:57.0878 3984        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:25:57.0891 3984        QWAVEdrv - ok
10:25:57.0921 3984        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:25:57.0964 3984        RasAcd - ok
10:25:57.0977 3984        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:25:58.0005 3984        RasAgileVpn - ok
10:25:58.0060 3984        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:25:58.0144 3984        Rasl2tp - ok
10:25:58.0156 3984        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:25:58.0198 3984        RasPppoe - ok
10:25:58.0206 3984        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:25:58.0238 3984        RasSstp - ok
10:25:58.0295 3984        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:25:58.0345 3984        rdbss - ok
10:25:58.0367 3984        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:25:58.0379 3984        rdpbus - ok
10:25:58.0395 3984        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:25:58.0445 3984        RDPCDD - ok
10:25:58.0459 3984        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:25:58.0503 3984        RDPENCDD - ok
10:25:58.0513 3984        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:25:58.0541 3984        RDPREFMP - ok
10:25:58.0598 3984        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:25:58.0683 3984        RDPWD - ok
10:25:58.0721 3984        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:25:58.0733 3984        rdyboost - ok
10:25:58.0755 3984        regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
10:25:58.0764 3984        regi - ok
10:25:58.0802 3984        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:25:58.0869 3984        rspndr - ok
10:25:58.0905 3984        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
10:25:58.0913 3984        RTHDMIAzAudService - ok
10:25:58.0938 3984        RTL8167        (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:25:58.0994 3984        RTL8167 - ok
10:25:59.0025 3984        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:25:59.0035 3984        sbp2port - ok
10:25:59.0081 3984        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:25:59.0146 3984        scfilter - ok
10:25:59.0180 3984        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:25:59.0226 3984        secdrv - ok
10:25:59.0256 3984        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:25:59.0266 3984        Serenum - ok
10:25:59.0282 3984        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:25:59.0318 3984        Serial - ok
10:25:59.0362 3984        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:25:59.0371 3984        sermouse - ok
10:25:59.0401 3984        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:25:59.0456 3984        sffdisk - ok
10:25:59.0479 3984        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:25:59.0523 3984        sffp_mmc - ok
10:25:59.0555 3984        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:25:59.0602 3984        sffp_sd - ok
10:25:59.0631 3984        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:25:59.0662 3984        sfloppy - ok
10:25:59.0696 3984        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:25:59.0708 3984        SiSRaid2 - ok
10:25:59.0718 3984        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:25:59.0727 3984        SiSRaid4 - ok
10:25:59.0768 3984        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:25:59.0837 3984        Smb - ok
10:25:59.0865 3984        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:25:59.0872 3984        spldr - ok
10:25:59.0925 3984        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:25:59.0973 3984        srv - ok
10:26:00.0018 3984        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:26:00.0068 3984        srv2 - ok
10:26:00.0101 3984        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:26:00.0132 3984        srvnet - ok
10:26:00.0180 3984        ST330          (7b6e1e5094a2d0cc884a6be05ff805ec) C:\Windows\system32\DRIVERS\st330.sys
10:26:00.0228 3984        ST330 - ok
10:26:00.0261 3984        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
10:26:00.0281 3984        StarOpen ( UnsignedFile.Multi.Generic ) - warning
10:26:00.0281 3984        StarOpen - detected UnsignedFile.Multi.Generic (1)
10:26:00.0308 3984        STBUS          (ba847a2ebc01fc9ba94e0e9a6ee4b2b7) C:\Windows\system32\DRIVERS\stbus.sys
10:26:00.0343 3984        STBUS - ok
10:26:00.0379 3984        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:26:00.0402 3984        stexstor - ok
10:26:00.0435 3984        stppp          (d0d21c5084af093f5e7bcd77e57ef3c9) C:\Windows\system32\DRIVERS\stppp.sys
10:26:00.0488 3984        stppp - ok
10:26:00.0515 3984        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:26:00.0539 3984        swenum - ok
10:26:00.0649 3984        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:26:00.0690 3984        Tcpip - ok
10:26:00.0725 3984        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:26:00.0754 3984        TCPIP6 - ok
10:26:00.0799 3984        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:26:00.0901 3984        tcpipreg - ok
10:26:00.0950 3984        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:26:01.0026 3984        TDPIPE - ok
10:26:01.0050 3984        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:26:01.0077 3984        TDTCP - ok
10:26:01.0112 3984        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:26:01.0178 3984        tdx - ok
10:26:01.0205 3984        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:26:01.0213 3984        TermDD - ok
10:26:01.0264 3984        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:26:01.0328 3984        tssecsrv - ok
10:26:01.0370 3984        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:26:01.0403 3984        TsUsbFlt - ok
10:26:01.0447 3984        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:26:01.0499 3984        tunnel - ok
10:26:01.0534 3984        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:26:01.0542 3984        uagp35 - ok
10:26:01.0590 3984        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:26:01.0648 3984        udfs - ok
10:26:01.0688 3984        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:26:01.0696 3984        uliagpkx - ok
10:26:01.0711 3984        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:26:01.0721 3984        umbus - ok
10:26:01.0748 3984        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:26:01.0773 3984        UmPass - ok
10:26:01.0846 3984        usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
10:26:01.0903 3984        usbbus - ok
10:26:01.0927 3984        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
10:26:01.0985 3984        usbccgp - ok
10:26:02.0014 3984        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:26:02.0047 3984        usbcir - ok
10:26:02.0080 3984        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:26:02.0121 3984        usbehci - ok
10:26:02.0162 3984        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:26:02.0201 3984        usbhub - ok
10:26:02.0237 3984        USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
10:26:02.0258 3984        USBModem - ok
10:26:02.0295 3984        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:26:02.0322 3984        usbohci - ok
10:26:02.0358 3984        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:26:02.0392 3984        usbprint - ok
10:26:02.0428 3984        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:26:02.0479 3984        USBSTOR - ok
10:26:02.0498 3984        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:26:02.0526 3984        usbuhci - ok
10:26:02.0579 3984        VBoxDrv        (6372eaa7cc0e8a2fc4be7b3f2de1ed62) C:\Windows\system32\DRIVERS\VBoxDrv.sys
10:26:02.0594 3984        VBoxDrv - ok
10:26:02.0631 3984        VBoxNetAdp      (b996117f6202464a56901cbc13999fe2) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
10:26:02.0656 3984        VBoxNetAdp - ok
10:26:02.0694 3984        VBoxNetFlt      (89835a2f779979f1d545e40f36d737e0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
10:26:02.0719 3984        VBoxNetFlt - ok
10:26:02.0754 3984        VBoxUSB        (718c4301b7b4e45e93f6013d3cf04183) C:\Windows\system32\Drivers\VBoxUSB.sys
10:26:02.0766 3984        VBoxUSB - ok
10:26:02.0811 3984        VBoxUSBMon      (f9bd6cff0376d1daddb1cb2f794d9bc7) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
10:26:02.0824 3984        VBoxUSBMon - ok
10:26:02.0852 3984        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:26:02.0863 3984        vdrvroot - ok
10:26:02.0895 3984        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:26:02.0927 3984        vga - ok
10:26:02.0949 3984        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:26:02.0995 3984        VgaSave - ok
10:26:03.0030 3984        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:26:03.0039 3984        vhdmp - ok
10:26:03.0068 3984        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:26:03.0076 3984        viaide - ok
10:26:03.0124 3984        VMLiteUSB      (ae3a5225aa7f4fc644288505e33d575c) C:\Windows\system32\Drivers\VMLiteUSB.sys
10:26:03.0154 3984        VMLiteUSB - ok
10:26:03.0184 3984        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:26:03.0209 3984        volmgr - ok
10:26:03.0254 3984        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:26:03.0289 3984        volmgrx - ok
10:26:03.0309 3984        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:26:03.0322 3984        volsnap - ok
10:26:03.0349 3984        vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
10:26:03.0358 3984        vpcbus - ok
10:26:03.0391 3984        vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:26:03.0445 3984        vpcnfltr - ok
10:26:03.0475 3984        vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
10:26:03.0519 3984        vpcusb - ok
10:26:03.0552 3984        vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\DRIVERS\vpcuxd.sys
10:26:03.0580 3984        vpcuxd - ok
10:26:03.0628 3984        vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
10:26:03.0657 3984        vpcvmm - ok
10:26:03.0679 3984        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:26:03.0693 3984        vsmraid - ok
10:26:03.0712 3984        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:26:03.0723 3984        vwifibus - ok
10:26:03.0747 3984        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:26:03.0769 3984        WacomPen - ok
10:26:03.0811 3984        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:03.0849 3984        WANARP - ok
10:26:03.0853 3984        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:26:03.0880 3984        Wanarpv6 - ok
10:26:03.0912 3984        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:26:03.0919 3984        Wd - ok
10:26:03.0940 3984        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:26:03.0955 3984        Wdf01000 - ok
10:26:03.0981 3984        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:26:04.0008 3984        WfpLwf - ok
10:26:04.0025 3984        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:26:04.0032 3984        WIMMount - ok
10:26:04.0093 3984        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:26:04.0139 3984        WinUsb - ok
10:26:04.0183 3984        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:26:04.0212 3984        WmiAcpi - ok
10:26:04.0246 3984        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:26:04.0287 3984        ws2ifsl - ok
10:26:04.0326 3984        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:26:04.0373 3984        WudfPf - ok
10:26:04.0392 3984        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:26:04.0431 3984        WUDFRd - ok
10:26:04.0456 3984        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:26:04.0583 3984        \Device\Harddisk0\DR0 - ok
10:26:04.0590 3984        MBR (0x1B8)    (891a5a795784628f5a01eb95b84d278c) \Device\Harddisk1\DR1
10:26:04.0722 3984        \Device\Harddisk1\DR1 - ok
10:26:04.0729 3984        Boot (0x1200)  (cd2db1555d3829805cba41760cfd7a05) \Device\Harddisk0\DR0\Partition0
10:26:04.0731 3984        \Device\Harddisk0\DR0\Partition0 - ok
10:26:04.0768 3984        Boot (0x1200)  (5108b38b5d5db5e7b8de0ecf2ee15bee) \Device\Harddisk0\DR0\Partition1
10:26:04.0770 3984        \Device\Harddisk0\DR0\Partition1 - ok
10:26:04.0771 3984        ============================================================
10:26:04.0771 3984        Scan finished
10:26:04.0771 3984        ============================================================
10:26:04.0791 0440        Detected object count: 1
10:26:04.0791 0440        Actual detected object count: 1
10:26:36.0286 0440        C:\Windows\system32\drivers\StarOpen.sys - copied to quarantine
10:26:36.0288 0440        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
10:28:36.0244 3828        Deinitialize success

Martin_Oskar 05.01.2012 17:11
Code:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22.12.2011 at 21:04:03.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Cassiopeia\AppData\Local\Akamai\netsession_win.exe
C:\Users\Cassiopeia\AppData\Local\Akamai\netsession_win.exe
C:\Users\Cassiopeia\AppData\Local\egu.exe


Rkill completed on 22.12.2011 at 21:04:10.

cosinus 05.01.2012 20:58
Sry nochmal für die grobe Standpauke :o aber wir wollen hier wirklich den Usern helfen und auch in zukünftigen Fällen Probleme vermeiden. Gerade mit CF und TDSS-Killer kann man sich schön das System schrotten. Hatte einmal einen Fall { da war mein Hinweis nichts voreilig mit dem TDSS-Killer zu löschen noch nicht bunt und fett genug (:D) } wo der User dann einfach alle Funde löschen ließ und er danach weder Tastatur noch Maus bedienen konnte auch im abgesicherten nichtmehr :(

Du hast dir offensichtlich "StarOpen" mit dem TDSS-Killer entfernt, wenn ich das richtig sehe ist das ein Kopierschutztreiber für bestimmte Spiele. Wunder dich also nicht, wenn manche Spiele oder Programme nicht mehr laufen sollten.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - No CLSID value found.
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Martin_Oskar 05.01.2012 22:49
Einen schönen guten Abend Arne,

Code:
All processes killed
========== OTL ==========
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8287-79A187E26987} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8287-79A187E26987}\ not found.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cassiopeia
->Temp folder emptied: 681591614 bytes
->Temporary Internet Files folder emptied: 279185235 bytes
->Java cache emptied: 17336232 bytes
->FireFox cache emptied: 35326256 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 4624 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 25986 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105634954 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 734 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.067,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_223347

Files\Folders moved on Reboot...
C:\Users\Cassiopeia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Danke für die Unterstützung,
Martin.

cosinus 05.01.2012 22:52
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Martin_Oskar 05.01.2012 23:56
Code:
aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-05 23:25:18
-----------------------------
23:25:18.843    OS Version: Windows x64 6.1.7601 Service Pack 1
23:25:18.843    Number of processors: 4 586 0x503
23:25:18.844    ComputerName: CASSIOPEIA-PC  UserName: Cassiopeia
23:25:22.415    Initialize success
23:25:22.481    AVAST engine defs: 12010501
23:25:31.813    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:25:31.814    Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
23:25:31.817    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
23:25:31.819    Disk 1 Vendor: WDC_WD5000AAJS-00YFA0 12.01C02 Size: 476940MB BusType: 3
23:25:31.868    Disk 0 MBR read successfully
23:25:31.869    Disk 0 MBR scan
23:25:31.876    Disk 0 Windows 7 default MBR code
23:25:31.885    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:25:31.906    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      476838 MB offset 206848
23:25:31.926    Service scanning
23:25:33.226    Modules scanning
23:25:33.234    Disk 0 trace - called modules:
23:25:33.256    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:25:33.267    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a13060]
23:25:33.275    3 CLASSPNP.SYS[fffff8800195543f] -> nt!IofCallDriver -> [0xfffffa8004799d10]
23:25:33.282    5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047aa060]
23:25:34.749    AVAST engine scan C:\Windows
23:25:41.616    AVAST engine scan C:\Windows\system32
23:26:59.486    AVAST engine scan C:\Windows\system32\drivers
23:27:09.291    AVAST engine scan C:\Users\Cassiopeia
23:53:15.101    AVAST engine scan C:\ProgramData
23:54:21.823    Scan finished successfully
23:54:52.811    Disk 0 MBR has been saved successfully to "C:\Users\Cassiopeia\Downloads\Viren-killer\MBR.dat"
23:54:52.816    The log file has been saved successfully to "C:\Users\Cassiopeia\Downloads\Viren-killer\aswMBR-12-01-05-2.txt"
Greets, Martin.

cosinus 06.01.2012 11:19
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Martin_Oskar 06.01.2012 12:48
Hallo Arne,

das ist das Log vom Superspyware.

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/06/2012 at 12:42 PM

Application Version : 5.0.1142

Core Rules Database Version : 8107
Trace Rules Database Version: 5919

Scan type      : Complete Scan
Total Scan Time : 00:46:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 787
Memory threats detected  : 0
Registry items scanned    : 70643
Registry threats detected : 0
File items scanned        : 73653
File threats detected    : 118

Adware.Tracking Cookie
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\L0WK3H1L.txt [ /zanox.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\J4PE01SX.txt [ /www.counter.gd ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\ILOZL6EW.txt [ /www.belstat.be ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\W3YT6W74.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\EIH3O1IH.txt [ /de.sitestat.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\XO3DFJ3S.txt [ /ad.yieldmanager.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\PZA9CYT9.txt [ /imrworldwide.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\7T4HHGET.txt [ /ad.ad-srv.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\IGQ4G9NP.txt [ /adx.chip.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\RMJDD3R5.txt [ /tribalfusion.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\16LYPS8W.txt [ /www.qsstats.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\8EF42QQU.txt [ /ads.webme.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\8I16T3YQ.txt [ /adfarm1.adition.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\PFEJ472O.txt [ /www.qsstats.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\QFPROYWF.txt [ /ads.bleepingcomputer.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\LMKZA6MM.txt [ /xiti.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\KE1KIJ7O.txt [ /adtech.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\IK9Q8X1V.txt [ /www.googleadservices.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\SL9W2YVB.txt [ /dyntracker.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\3DI4KWVE.txt [ /count.asnetworks.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\5PO5HN49.txt [ /amazon-adsystem.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\GUGA3EE1.txt [ /asknetag.112.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\FE0ITLFG.txt [ /ads.proz.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\L4X1G212.txt [ /yahoogroups.112.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\CGX2SRIR.txt [ /ads.snautz.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\SEM01IAU.txt [ /legolas-media.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\FRQHWVL2.txt [ /findix.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\J4U5HY4E.txt [ /trafficmp.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\426ND3ZC.txt [ /toplist.cz ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\1KYZE774.txt [ /revsci.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\QARNNU9C.txt [ /gfi.122.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\T0QOYAMD.txt [ /dmtracker.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\31NREC42.txt [ /ads.quartermedia.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\GPZT3RG5.txt [ /webmasterplan.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\NNAMR4ZS.txt [ /serving-sys.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\QQ636BFV.txt [ /o1.qnsr.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\SD8J78LL.txt [ /www.etracker.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\NK1HBNAH.txt [ /www.counter-gratis.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\BU1KFIWZ.txt [ /qnsr.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\F9QVEZ94.txt [ /invitemedia.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\YT1SR6G8.txt [ /livestat.derstandard.at ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\Y9H5AAKT.txt [ /www.googleadservices.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\C2JTJPCI.txt [ /tracking.mlsat02.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\EIRN70G9.txt [ /stat.onestat.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\JSUUOD0P.txt [ /gmeurope.112.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\QK8X9D4U.txt [ /count.primawebtools.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\E6TOAQMK.txt [ /diegesundheitsexperten.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\U89MT4P2.txt [ /mycounter.tinycounter.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\TW5WF5TU.txt [ /microsoftsto.112.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\B6H4YJ1O.txt [ /ads.leitmotiv.de ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\B64QTLI9.txt [ /ad.zanox.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\JZ6KCNYQ.txt [ /e-2dj6wjmyqmdpgep.stats.esomniture.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\YTU139KI.txt [ /kaspersky.122.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\3PHXDVXP.txt [ /wlw.122.2o7.net ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\Y21DGSYD.txt [ /media6degrees.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\5NO1FY5O.txt [ /de.sitestat.com ]
        C:\Users\Cassiopeia\AppData\Roaming\Microsoft\Windows\Cookies\RYLI8ZK9.txt [ /ad.hyperactive.de ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WA73MCMP.txt [ Cookie:cassiopeia@zanox.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8AJWEZA.txt [ Cookie:cassiopeia@track.effiliation.com/servlet/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCMNFMVC.txt [ Cookie:cassiopeia@revsci.net/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XY8Q4S8.txt [ Cookie:cassiopeia@ads.quartermedia.de/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\AJLSZSOS.txt [ Cookie:cassiopeia@adx.chip.de/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EZW6POO.txt [ Cookie:cassiopeia@eas.apm.emediate.eu/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C86Y6T3Q.txt [ Cookie:cassiopeia@amazon-adsystem.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9XR5EJ6.txt [ Cookie:cassiopeia@track.effiliation.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8OLU6Y8.txt [ Cookie:cassiopeia@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BNQ2HJO.txt [ Cookie:cassiopeia@clickfuse.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHPH6UHV.txt [ Cookie:cassiopeia@im.banner.t-online.de/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\N74XAUQ5.txt [ Cookie:cassiopeia@collective-media.net/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAZ22OOD.txt [ Cookie:cassiopeia@legolas-media.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGZV20VK.txt [ Cookie:cassiopeia@liveperson.net/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3E94O9ER.txt [ Cookie:cassiopeia@count.primawebtools.de/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9VQCJH4U.txt [ Cookie:cassiopeia@xiti.com/ ]
        C:\USERS\CASSIOPEIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HS83NB91.txt [ Cookie:cassiopeia@liveperson.net/hc/61298727 ]
        C:\USERS\CASSIOPEIA\Cookies\L0WK3H1L.txt [ Cookie:cassiopeia@zanox.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\J4PE01SX.txt [ Cookie:cassiopeia@www.counter.gd/ ]
        C:\USERS\CASSIOPEIA\Cookies\ILOZL6EW.txt [ Cookie:cassiopeia@www.belstat.be/ ]
        C:\USERS\CASSIOPEIA\Cookies\W3YT6W74.txt [ Cookie:cassiopeia@ad2.adfarm1.adition.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\EIH3O1IH.txt [ Cookie:cassiopeia@de.sitestat.com/idgcom-de/pcwelt/ ]
        C:\USERS\CASSIOPEIA\Cookies\XO3DFJ3S.txt [ Cookie:cassiopeia@ad.yieldmanager.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\IGQ4G9NP.txt [ Cookie:cassiopeia@adx.chip.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\RMJDD3R5.txt [ Cookie:cassiopeia@tribalfusion.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\16LYPS8W.txt [ Cookie:cassiopeia@www.qsstats.com/dcs3h4t8400000kvxm3q670wa_4v4y ]
        C:\USERS\CASSIOPEIA\Cookies\PFEJ472O.txt [ Cookie:cassiopeia@www.qsstats.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\LMKZA6MM.txt [ Cookie:cassiopeia@xiti.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\KE1KIJ7O.txt [ Cookie:cassiopeia@adtech.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\SL9W2YVB.txt [ Cookie:cassiopeia@dyntracker.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\3DI4KWVE.txt [ Cookie:cassiopeia@count.asnetworks.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\5PO5HN49.txt [ Cookie:cassiopeia@amazon-adsystem.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\L4X1G212.txt [ Cookie:cassiopeia@yahoogroups.112.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\SEM01IAU.txt [ Cookie:cassiopeia@legolas-media.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\FRQHWVL2.txt [ Cookie:cassiopeia@findix.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\J4U5HY4E.txt [ Cookie:cassiopeia@trafficmp.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\1KYZE774.txt [ Cookie:cassiopeia@revsci.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\QARNNU9C.txt [ Cookie:cassiopeia@gfi.122.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\T0QOYAMD.txt [ Cookie:cassiopeia@dmtracker.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\31NREC42.txt [ Cookie:cassiopeia@ads.quartermedia.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\QQ636BFV.txt [ Cookie:cassiopeia@o1.qnsr.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\SD8J78LL.txt [ Cookie:cassiopeia@www.etracker.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\NK1HBNAH.txt [ Cookie:cassiopeia@www.counter-gratis.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\BU1KFIWZ.txt [ Cookie:cassiopeia@qnsr.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\YT1SR6G8.txt [ Cookie:cassiopeia@livestat.derstandard.at/ ]
        C:\USERS\CASSIOPEIA\Cookies\C2JTJPCI.txt [ Cookie:cassiopeia@tracking.mlsat02.de/tmobile/ ]
        C:\USERS\CASSIOPEIA\Cookies\EIRN70G9.txt [ Cookie:cassiopeia@stat.onestat.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\JSUUOD0P.txt [ Cookie:cassiopeia@gmeurope.112.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\QK8X9D4U.txt [ Cookie:cassiopeia@count.primawebtools.de/ ]
        C:\USERS\CASSIOPEIA\Cookies\E6TOAQMK.txt [ Cookie:cassiopeia@diegesundheitsexperten.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\TW5WF5TU.txt [ Cookie:cassiopeia@microsoftsto.112.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\JZ6KCNYQ.txt [ Cookie:cassiopeia@e-2dj6wjmyqmdpgep.stats.esomniture.com/ ]
        C:\USERS\CASSIOPEIA\Cookies\YTU139KI.txt [ Cookie:cassiopeia@kaspersky.122.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\3PHXDVXP.txt [ Cookie:cassiopeia@wlw.122.2o7.net/ ]
        C:\USERS\CASSIOPEIA\Cookies\5NO1FY5O.txt [ Cookie:cassiopeia@de.sitestat.com/otto-eu/at/ ]

Trojan.Agent/Gen-Cryptor[Egun]
        C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS\POLARISATOR.EXE
        ZIP ARCHIVE( C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS.ZIP )/POLARISATOR.EXE
        C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS.ZIP

Trojan.Agent/Gen-Koobface[Bonkers]
        C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\CRYPT\HTCRYPT.EXE
        ZIP ARCHIVE( C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\HTCRYPT.ZIP )/HTCRYPT.EXE
        C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\HTCRYPT.ZIP
Zum Eset Online Scanner, wenn da alles aus ist, also Firewall und Virenscanner, ist der Rechner doch die ganze Zeit verwundbar, oder täusche ich mich da?

Im Grunde sind keine Spiele auf unserem PC installiert. Bis auf MahjongChamp. Der MSFlighsim war mal drauf, aber das ist schon eine Weile her. Corel WinDVD 9 lässt sich mit Protexis schützen, soweit ich das richtig im Kopf habe. Von daher ist mir nicht ganz begreiflich warum StarOpen auf meinem Rechner ist.

Viele Grüße,
Martin.

cosinus 06.01.2012 15:01
Zitat:
ist der Rechner doch die ganze Zeit verwundbar, oder täusche ich mich da?
Nein. Normalerweise kann die Windows-Firewall auch an bleiben.

Martin_Oskar 06.01.2012 22:18
Okay Arne,

hier der Log von Malwarebytes:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cassiopeia :: CASSIOPEIA-PC [Administrator]

06.01.2012 19:47:27
mbam-log-2012-01-06 (22-16-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 317221
Laufzeit: 41 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Visicom Media (Adware.KeenValue) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Viele Grüße,
Martin.

Martin_Oskar 07.01.2012 12:01
So, noch der Scan vom ESET:
Code:
C:\Users\Cassiopeia\Downloads\cdburnerxp_setup_4.3.8.2523.exe        Win32/OpenCandy application
C:\Users\Cassiopeia\Downloads\filme aus dem www downladen\OrbitSetup4.1.02.exe        Win32/OpenCandy application
C:\Users\Cassiopeia\Downloads\installed gut\cdbxp_setup_4.3.7.2356.exe        Win32/OpenCandy application
F:\CASSIOPEIA-PC\Backup Set 2011-04-03 170207\Backup Files 2011-04-03 170207\Backup files 11.zip        multiple threats
Viele Grüße,
Martin.

cosinus 07.01.2012 15:33
Sieht eigentlich soweit ok aus. Aber wir sollten mal klären was das hier ist:

Zitat:
Trojan.Agent/Gen-Cryptor[Egun]
C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS\POLARISATOR.EXE
ZIP ARCHIVE( C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS.ZIP )/POLARISATOR.EXE
C:\USERS\CASSIOPEIA\DOWNLOADS\POLARIS.ZIP

Trojan.Agent/Gen-Koobface[Bonkers]
C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\CRYPT\HTCRYPT.EXE
ZIP ARCHIVE( C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\HTCRYPT.ZIP )/HTCRYPT.EXE
C:\USERS\CASSIOPEIA\WEBS\COME-IN-BENGAL\MEMBERSONLY\HTCRYPT.ZIP

Martin_Oskar 07.01.2012 15:57
Hallo Arne,

HTCRYPT.EXE - Trojan.Agent/Gen-Koobface[Bonkers]
ist uralt, hab ich meines Wissens nie eingesetzt.

POLARISATOR.EXE - Trojan.Agent/Gen-Cryptor[Egun]
Quelle: hxxp://www.borntoglide.de/polexe.html hat mit Gleitschirmfliegen zu tun. Hatte ich auch einmal in Verwendung.

In der Registry hat sich Polaris.exe nicht verewigt. Hab mit "suchen" in Regedit darin suchen lassen.

Beide Verzeichnisse hab ich samt Inhalt gelöscht.

Viele Grüße,
Martin.

cosinus 07.01.2012 16:30
Ok. Rechner soweit wieder im Lot?

Martin_Oskar 07.01.2012 20:18
Hallo Arne,

okay danke. Ja der Rechner fühlt sich okay an.
Hab dann noch das Benutzerkonto, das wir täglich benutzen auf Standardbenutzer gesetzt.
Hast du noch einen Rat den du mir mit auf den Weg geben kannst? Weil mir ist nicht ganz klar wo ich mir den Mist eingefangen habe. Updates werden und wurden immer gemacht. Bedenkliche oder dubiose Websites besuchen wir auch nicht.

Viele Grüße,
Martin.

cosinus 07.01.2012 20:58
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Martin_Oskar 08.01.2012 13:15
Hallo Arne,

CF ist runter. Habs im CMD-Fenster gemacht.
Den Adobe - Reader hab ich durch PDF Exchange ersetzt. Die Flash-Varianten sind nun auf neuestem Stand.

Java hab ich bis jetzt noch nicht wieder installiert. Das mach ich erst dann wenn ich es wirklich brauche.

Win 7 wird automatisch mit nachfragen upgedatet.

Opera und Firefox wurden auch auf den neuesten Stand gebracht. Opera wird zu meinem Standardbrowser werden. Meine Frau will den IE benutzen, da ist nichts zu machen.

Danke sind wertvolle Tipps gewesen.

Viele Grüße,
Martin.

Martin_Oskar 09.01.2012 18:47
Hallo Arne,

bin gerade dabei einen neue Sicherung meiner Festplatte C: zu machen und hab dabei den Ordner C:\32788R22FWJFW entdeckt. Laut Google ist der von Combofix. Der Inhalt des Ordners sind die Laufwerke C:, D: und F:

Viele Grüße,
Martin.

cosinus 09.01.2012 20:33
Ja der ist von CF und und somit nicht von einem Schädling

Martin_Oskar 09.01.2012 21:42
Hallo Arne,

als ich den Ordner probeweise auf eine zweite Festplatte verschoben habe, schlug Avast Alarm.
Win32:Rootkit-gen:
betroffene Dateien PEV.exe, pev.3xe, \license\firefox.exe, license\iexplore.exe,

Avast hat alles in den Container verschoben und danach vor dem Boot noch einen Vollscan gemacht und weitere Dateien in den Container verschoben.

Danach hab ich den Ordner 32788R22FWJFW in den Papierkorb geschoben.

Ich hoffe nun, dass das ein false / positiv ist, weil sonst krieg ich die Krise.

Viele Grüße,
ein total aufgelöster Martin.

cosinus 09.01.2012 22:41
Zitat:
als ich den Ordner probeweise auf eine zweite Festplatte verschoben habe, schlug Avast Alarm.
Was meinst du wohl warum du den Virenscanner deaktivieren solltest vor der Ausführung von CF
CF ist ein mächtiges Tool, das ein Sammelsurium von verschiedenen Programmen und Scripten ausführt, die u.U. auch für böse Zwecke missbraucht werden können.

Martin_Oskar 10.01.2012 19:14
Hallo Arne,

das klingt auch wieder logisch.

Viele Grüße,
Martin.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131