AKM Virus

mikefx · 04.05.2012, 10:48

Hi @ll,

ich habe mir den AKM Virus eingefangen. Ich konnte mir mittlerweile über ein anderes Benutzerkonto einen weiteren Admin User erstellen, mit welchem ich nun arbeite.

Was ich bisher gemacht habe: Ich habe Malwarebytes Anti_Malware laufen lassen, ich habe defogger gestartet und "disable" gedrückt, ich habe mir eine dds.txt und eine attach.txt erstellen lassen.

Und jetzt bräucht ich bitte eure Hilfe!

Danke schon mal!

mikefx · 04.05.2012, 12:09

Anbei noch die extras.txt aus der OTL.exe

cosinus · 08.05.2012, 11:11

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

mikefx · 12.05.2012, 22:39

Hi,

sorry für die späte Antwort, aber das Board war ja kaum zu erreichen.

Malwarebytes habe ich upgedatet und einen Vollscan gemacht. Hier die Logs:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: STAND-PC [Administrator]

Schutz: Aktiviert

03.05.2012 16:15:16
mbam-log-2012-05-03 (16-15-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 463430
Laufzeit: 46 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: STAND-PC [Administrator]

Schutz: Aktiviert

04.05.2012 10:54:24
mbam-log-2012-05-04 (10-54-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 301638
Laufzeit: 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Papa\AppData\Roaming\itunes_service01.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Papa\AppData\Local\Temp\hnszs0.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
admin :: STAND-PC [Administrator]

Schutz: Aktiviert

12.05.2012 19:03:28
mbam-log-2012-05-12 (19-03-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 471740
Laufzeit: 1 Stunde(n), 7 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Und hier das Ergebnis vom ESET-Scan:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

DANKE! lg

cosinus · 12.05.2012, 22:49

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

mikefx · 13.05.2012, 17:39

OK, nächster Versuch:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-13 10:23:26
# local_time=2012-05-13 12:23:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18142414 18142414 0 0
# compatibility_mode=5893 16776574 100 94 27275618 88529639 0 0
# compatibility_mode=8192 67108863 100 0 852182 852182 0 0
# scanned=179887
# found=2
# cleaned=0
# scan_time=4817
C:\Users\Papa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I9S9RUET\main[1].htm	JS/Kryptik.NJ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Papa\AppData\Local\Temp\L.class	Java/Exploit.CVE-2011-3544.BK trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 14.05.2012, 08:13

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt, auch mit deinem Hauptuser?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mikefx · 14.05.2012, 10:09

Ja, ich kann mich mit meinem Hauptuser wieder normal anmelden. Internet funktioniert auch wieder. Die Desktop Symbole waren ausgeblendet - habe ich wieder eingeschalten.

Im Startmenü vermisse ich nach dem ersten Blick nichts.

Sieht also gut aus für mich. Aber so wie du schreibst, bin ich noch nicht sauber?

cosinus · 14.05.2012, 10:39

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

mikefx · 14.05.2012, 12:31

Here it is:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 5/14/2012 1:00:02 PM - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.28% Memory free
8.00 Gb Paging File | 6.13 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1366.17 Gb Total Space | 1288.18 Gb Free Space | 94.29% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 9.74 Gb Free Space | 32.48% Space Free | Partition Type: NTFS
 
Computer Name: STAND-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\..\SearchScopes,DefaultScope = {43C433CC-A157-4669-B4A3-BD8899A84F45}
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\..\SearchScopes\{43C433CC-A157-4669-B4A3-BD8899A84F45}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_deAT438
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/19 13:26:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/09/26 23:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/09/03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.3.96.67 195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85275A13-198F-4A3C-8A12-34DABCDA42DB}: DhcpNameServer = 195.3.96.67 195.3.96.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA546DC0-6E28-4A19-BDA3-FD372682FA9A}: DhcpNameServer = 195.3.96.67 195.3.96.68
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/14 11:03:14 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{74A99AD8-EF2D-4106-AF0D-9B8BA31A0F21}
[2012/05/14 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{954F0E0F-98AE-44E3-ADA7-2335B25F22A3}
[2012/05/13 10:58:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{FC025A51-D601-49F3-8350-1A6D475AD252}
[2012/05/13 10:58:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{0DAB58ED-09AF-45A3-8D43-937298504B90}
[2012/05/12 12:49:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{E5837447-E3BA-4F5A-9C88-0B3579F84E6C}
[2012/05/12 12:49:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{E7D8DD41-D654-4421-BF9A-1E40A033342D}
[2012/05/11 17:27:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/11 16:28:48 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{D2D4666A-FCBB-495B-83D4-1BBD23678DD9}
[2012/05/11 16:28:36 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{08A7756B-9764-46B7-979A-1DDA6AC77D2E}
[2012/05/08 08:05:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple
[2012/05/08 07:56:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{99FC9241-5D1F-4D3B-91A7-2EA4EA46BC9A}
[2012/05/08 07:56:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{BD35A55F-5066-410D-BFBE-7F0533905249}
[2012/05/05 17:24:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{B0427E14-0FA8-450C-9271-1B154235B8AD}
[2012/05/05 17:24:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{D12E7D22-CF95-4641-A79A-193341FD5FC1}
[2012/05/05 16:49:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{C8FF7AB1-FF08-4DCF-B3A8-D55E27BD34E4}
[2012/05/04 12:50:05 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/04 11:30:31 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Windows Live Writer
[2012/05/04 11:30:31 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Windows Live Writer
[2012/05/04 11:26:04 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\WinRAR
[2012/05/04 10:50:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{35D013D7-7C07-4AA6-981A-1061587E54D5}
[2012/05/04 10:50:06 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{7E02FCC5-DE9E-4184-9C57-B7F2AB7124EA}
[2012/05/04 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{0A4AB65A-C08A-4F17-A704-6DAAEAEECA9F}
[2012/05/04 10:45:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{AA2870C6-3266-41CC-9413-57C74DE3C75D}
[2012/05/03 16:13:24 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/03 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/03 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/03 16:13:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/03 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/03 14:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/03 14:12:22 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
[2012/05/03 14:04:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Windows Live
[2012/05/03 14:04:01 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{FBB62CD1-57DF-4FE5-801A-B7401E4CC906}
[2012/05/03 14:03:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Adobe
[2012/05/03 14:03:49 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\{34F65131-B37F-4117-B7FD-F20A97F88530}
[2012/05/03 14:03:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Google
[2012/05/03 14:03:43 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Google
[2012/05/03 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\AMD
[2012/05/03 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Power2Go
[2012/05/03 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\ATI
[2012/05/03 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ATI
[2012/05/03 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/03 14:03:28 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Apple Computer
[2012/05/03 14:03:20 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/03 14:03:20 | 000,000,000 | R--D | C] -- C:\Users\admin\Searches
[2012/05/03 14:03:20 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/03 14:03:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Identities
[2012/05/03 14:03:09 | 000,000,000 | R--D | C] -- C:\Users\admin\Contacts
[2012/05/03 14:03:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\VirtualStore
[2012/05/03 14:03:03 | 000,000,000 | --SD | C] -- C:\Users\admin\AppData\Roaming\Microsoft
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Videos
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Saved Games
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Pictures
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Music
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Links
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Favorites
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Downloads
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Documents
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\Desktop
[2012/05/03 14:03:03 | 000,000,000 | R--D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Vorlagen
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\Verlauf
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\Temporary Internet Files
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Startmenü
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\SendTo
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Recent
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Netzwerkumgebung
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Lokale Einstellungen
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\Eigene Videos
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\Eigene Musik
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Eigene Dateien
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Documents\Eigene Bilder
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Druckumgebung
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Cookies
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\AppData\Local\Anwendungsdaten
[2012/05/03 14:03:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Anwendungsdaten
[2012/05/03 14:03:03 | 000,000,000 | -H-D | C] -- C:\Users\admin\AppData
[2012/05/03 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Temp
[2012/05/03 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Help
[2012/05/03 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft
[2012/05/03 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2012/05/03 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Macromedia
[2012/05/02 09:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/02 09:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/04/26 18:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dnote Software
[2012/04/25 21:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2012/04/25 20:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012/04/25 20:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2012/04/25 20:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2012/04/20 22:49:08 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012/04/20 22:45:51 | 000,000,000 | ---D | C] -- C:\Windows\da
[2012/04/20 22:45:42 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012/04/20 22:45:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/20 22:45:19 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/04/20 22:45:02 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/04/20 22:44:54 | 000,000,000 | ---D | C] -- C:\Windows\hu
[2012/04/20 22:44:46 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012/04/20 22:44:37 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012/04/20 22:44:29 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012/04/20 22:44:21 | 000,000,000 | ---D | C] -- C:\Windows\sl
[2012/04/20 22:44:12 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012/04/20 22:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/04/20 22:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/14 12:19:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 12:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/14 11:50:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 11:09:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 11:09:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 11:02:32 | 000,000,680 | RHS- | M] () -- C:\Users\admin\ntuser.pol
[2012/05/14 11:02:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 11:02:00 | 3220,664,320 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 17:56:41 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/11 17:32:49 | 001,522,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/11 17:32:49 | 000,654,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/05/11 17:32:49 | 000,616,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/11 17:32:49 | 000,130,730 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/05/11 17:32:49 | 000,106,916 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/09 15:24:18 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/05/09 15:24:18 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/05/04 13:08:31 | 000,020,386 | ---- | M] () -- C:\Users\admin\Desktop\Extras.zip
[2012/05/04 12:50:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/04 11:25:59 | 000,002,811 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/04 11:11:45 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012/05/03 16:13:19 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2012/05/04 13:08:31 | 000,020,386 | ---- | C] () -- C:\Users\admin\Desktop\Extras.zip
[2012/05/04 11:25:59 | 000,002,811 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/04 11:11:45 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/03 16:13:19 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/03 14:03:25 | 000,001,413 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/03 14:03:21 | 000,001,447 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/03 14:03:05 | 000,000,680 | RHS- | C] () -- C:\Users\admin\ntuser.pol
[2012/01/16 13:34:48 | 000,028,768 | ---- | C] () -- C:\Windows\SysWow64\javaw.exe
[2012/01/16 13:34:48 | 000,024,670 | ---- | C] () -- C:\Windows\SysWow64\java.exe
[2011/07/02 17:46:15 | 001,527,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 18:13:22 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/25 20:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012/05/04 11:30:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windows Live Writer
[2012/04/30 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2011/11/24 07:45:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Windows Live Writer
[2012/03/25 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\.minecraft
[2012/05/06 11:23:28 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\.minecraft
[2012/03/11 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\gtk-2.0
[2012/04/26 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\SoftGrid Client
[2011/09/23 17:04:29 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\Windows Live Writer
[2011/11/19 13:15:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Amazon
[2012/02/26 13:37:19 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AquaCalculator
[2011/07/26 17:50:50 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DVDVideoSoft
[2011/07/26 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/29 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2011/11/19 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Research In Motion
[2011/07/26 17:36:16 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Samsung
[2011/07/22 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\SoftGrid Client
[2012/04/25 20:01:32 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TomTom
[2011/07/02 17:47:13 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\TP
[2011/07/24 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Windows Live Writer
[2012/05/02 18:32:01 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/05/03 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Adobe
[2012/05/03 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/03 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ATI
[2012/05/03 14:12:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Avira
[2012/05/03 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Google
[2012/05/03 14:03:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Identities
[2011/03/04 19:49:39 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Macromedia
[2012/05/03 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Media Center Programs
[2012/05/03 14:03:28 | 000,000,000 | --SD | M] -- C:\Users\admin\AppData\Roaming\Microsoft
[2012/05/04 11:30:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windows Live Writer
[2012/05/04 11:26:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/03/04 19:49:26 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 14.05.2012, 12:51

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mikefx · 14.05.2012, 13:58

Ich brauch jedesmal unglaublich lange, um ins Forum zu kommen ... liegt das am Virus/Trojaner?

Hier das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4291020081-3597032679-4274947910-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 2023839 bytes
->Temporary Internet Files folder emptied: 41814730 bytes
->Flash cache emptied: 57068 bytes
 
User: All Users
 
User: Daniel
->Temp folder emptied: 3572063 bytes
->Temporary Internet Files folder emptied: 471259679 bytes
->FireFox cache emptied: 659472020 bytes
->Flash cache emptied: 91404 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 3166688 bytes
->Temporary Internet Files folder emptied: 422963060 bytes
->Flash cache emptied: 69151 bytes
 
User: Mama
->Temp folder emptied: 288568 bytes
->Temporary Internet Files folder emptied: 832896 bytes
->FireFox cache emptied: 34368863 bytes
->Flash cache emptied: 57343 bytes
 
User: Nici
->Temp folder emptied: 28521799 bytes
->Temporary Internet Files folder emptied: 825945576 bytes
->Java cache emptied: 89960 bytes
->FireFox cache emptied: 235397774 bytes
->Flash cache emptied: 90547 bytes
 
User: Papa
->Temp folder emptied: 287963903 bytes
->Temporary Internet Files folder emptied: 764500311 bytes
->Java cache emptied: 79308 bytes
->FireFox cache emptied: 7807625 bytes
->Flash cache emptied: 98986 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 247818705 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,851.00 mb
 
 
[EMPTYFLASH]
 
User: admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Daniel
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Gast
->Flash cache emptied: 0 bytes
 
User: Mama
->Flash cache emptied: 0 bytes
 
User: Nici
->Flash cache emptied: 0 bytes
 
User: Papa
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05142012_135717

Files\Folders moved on Reboot...
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 14.05.2012, 14:07

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

mikefx · 14.05.2012, 15:15

Der TDSS-Killer hat nichts gefunden. Hier das Log:

Code:

ATTFilter

16:07:58.0491 4604	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
16:07:58.0896 4604	============================================================
16:07:58.0896 4604	Current date / time: 2012/05/14 16:07:58.0896
16:07:58.0896 4604	SystemInfo:
16:07:58.0896 4604	
16:07:58.0896 4604	OS Version: 6.1.7601 ServicePack: 1.0
16:07:58.0896 4604	Product type: Workstation
16:07:58.0896 4604	ComputerName: STAND-PC
16:07:58.0896 4604	UserName: admin
16:07:58.0896 4604	Windows directory: C:\Windows
16:07:58.0896 4604	System windows directory: C:\Windows
16:07:58.0896 4604	Running under WOW64
16:07:58.0896 4604	Processor architecture: Intel x64
16:07:58.0896 4604	Number of processors: 4
16:07:58.0896 4604	Page size: 0x1000
16:07:58.0896 4604	Boot type: Normal boot
16:07:58.0896 4604	============================================================
16:07:59.0988 4604	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:00.0019 4604	============================================================
16:08:00.0019 4604	\Device\Harddisk0\DR0:
16:08:00.0144 4604	MBR partitions:
16:08:00.0144 4604	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:08:00.0144 4604	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAAC54800
16:08:00.0144 4604	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAAC87000, BlocksNum 0x3C00000
16:08:00.0144 4604	============================================================
16:08:00.0222 4604	C: <-> \Device\Harddisk0\DR0\Partition1
16:08:00.0253 4604	D: <-> \Device\Harddisk0\DR0\Partition2
16:08:00.0253 4604	============================================================
16:08:00.0253 4604	Initialize success
16:08:00.0253 4604	============================================================
16:09:24.0603 5180	============================================================
16:09:24.0603 5180	Scan started
16:09:24.0603 5180	Mode: Manual; SigCheck; TDLFS; 
16:09:24.0603 5180	============================================================
16:09:26.0740 5180	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:09:26.0818 5180	1394ohci - ok
16:09:26.0865 5180	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:09:26.0880 5180	ACPI - ok
16:09:26.0896 5180	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:09:26.0974 5180	AcpiPmi - ok
16:09:27.0068 5180	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:09:27.0083 5180	AdobeARMservice - ok
16:09:27.0208 5180	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:09:27.0239 5180	AdobeFlashPlayerUpdateSvc - ok
16:09:27.0270 5180	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:09:27.0302 5180	adp94xx - ok
16:09:27.0317 5180	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:09:27.0333 5180	adpahci - ok
16:09:27.0348 5180	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:09:27.0364 5180	adpu320 - ok
16:09:27.0380 5180	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:09:27.0504 5180	AeLookupSvc - ok
16:09:27.0536 5180	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:09:27.0582 5180	AFD - ok
16:09:27.0598 5180	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:09:27.0614 5180	agp440 - ok
16:09:27.0629 5180	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:09:27.0676 5180	ALG - ok
16:09:27.0692 5180	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:09:27.0692 5180	aliide - ok
16:09:27.0738 5180	AMD External Events Utility (6df30f508b31112bcd2abc3e00bf3e33) C:\Windows\system32\atiesrxx.exe
16:09:27.0770 5180	AMD External Events Utility - ok
16:09:27.0832 5180	AMD FUEL Service - ok
16:09:27.0879 5180	AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
16:09:27.0894 5180	AMD Reservation Manager - ok
16:09:27.0910 5180	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:09:27.0926 5180	amdide - ok
16:09:27.0957 5180	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\drivers\amdiox64.sys
16:09:27.0988 5180	amdiox64 - ok
16:09:28.0004 5180	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:09:28.0035 5180	AmdK8 - ok
16:09:28.0440 5180	amdkmdag        (d3b70dab12fecb8453e061e719b10d86) C:\Windows\system32\DRIVERS\atikmdag.sys
16:09:28.0659 5180	amdkmdag - ok
16:09:28.0752 5180	amdkmdap        (a9b04d58abcecf6329f87c8fd3382ab1) C:\Windows\system32\DRIVERS\atikmpag.sys
16:09:28.0799 5180	amdkmdap - ok
16:09:28.0815 5180	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:09:28.0846 5180	AmdPPM - ok
16:09:28.0846 5180	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:09:28.0862 5180	amdsata - ok
16:09:28.0877 5180	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:09:28.0893 5180	amdsbs - ok
16:09:28.0893 5180	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:09:28.0908 5180	amdxata - ok
16:09:28.0908 5180	amd_sata        (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\drivers\amd_sata.sys
16:09:28.0924 5180	amd_sata - ok
16:09:28.0940 5180	amd_xata        (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\drivers\amd_xata.sys
16:09:28.0955 5180	amd_xata - ok
16:09:29.0033 5180	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:09:29.0064 5180	AntiVirSchedulerService - ok
16:09:29.0096 5180	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:09:29.0111 5180	AntiVirService - ok
16:09:29.0142 5180	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:09:29.0314 5180	AppID - ok
16:09:29.0345 5180	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:09:29.0408 5180	AppIDSvc - ok
16:09:29.0439 5180	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:09:29.0501 5180	Appinfo - ok
16:09:29.0564 5180	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:09:29.0595 5180	Apple Mobile Device - ok
16:09:29.0626 5180	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:09:29.0642 5180	arc - ok
16:09:29.0673 5180	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:09:29.0673 5180	arcsas - ok
16:09:29.0704 5180	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:09:29.0766 5180	AsyncMac - ok
16:09:29.0798 5180	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:09:29.0798 5180	atapi - ok
16:09:29.0844 5180	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
16:09:29.0844 5180	AtiHDAudioService - ok
16:09:30.0141 5180	atikmdag        (d3b70dab12fecb8453e061e719b10d86) C:\Windows\system32\drivers\atikmdag.sys
16:09:30.0219 5180	atikmdag - ok
16:09:30.0312 5180	AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
16:09:30.0328 5180	AtiPcie - ok
16:09:30.0422 5180	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:09:30.0500 5180	AudioEndpointBuilder - ok
16:09:30.0500 5180	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:09:30.0531 5180	AudioSrv - ok
16:09:30.0562 5180	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:09:30.0578 5180	avgntflt - ok
16:09:30.0593 5180	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:09:30.0609 5180	avipbb - ok
16:09:30.0624 5180	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:09:30.0640 5180	avkmgr - ok
16:09:30.0656 5180	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:09:30.0718 5180	AxInstSV - ok
16:09:30.0765 5180	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:09:30.0812 5180	b06bdrv - ok
16:09:30.0843 5180	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:09:30.0874 5180	b57nd60a - ok
16:09:30.0921 5180	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:09:30.0952 5180	BDESVC - ok
16:09:30.0968 5180	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:09:31.0014 5180	Beep - ok
16:09:31.0061 5180	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:09:31.0108 5180	BFE - ok
16:09:31.0155 5180	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:09:31.0202 5180	BITS - ok
16:09:31.0233 5180	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:09:31.0280 5180	blbdrive - ok
16:09:31.0358 5180	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:09:31.0373 5180	Bonjour Service - ok
16:09:31.0404 5180	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:09:31.0451 5180	bowser - ok
16:09:31.0467 5180	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:09:31.0498 5180	BrFiltLo - ok
16:09:31.0529 5180	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:09:31.0560 5180	BrFiltUp - ok
16:09:31.0592 5180	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:09:31.0670 5180	Browser - ok
16:09:31.0701 5180	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:09:31.0732 5180	Brserid - ok
16:09:31.0763 5180	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:09:31.0810 5180	BrSerWdm - ok
16:09:31.0841 5180	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:09:31.0857 5180	BrUsbMdm - ok
16:09:31.0872 5180	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:09:31.0888 5180	BrUsbSer - ok
16:09:31.0904 5180	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:09:31.0935 5180	BTHMODEM - ok
16:09:31.0966 5180	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:09:32.0013 5180	bthserv - ok
16:09:32.0044 5180	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:09:32.0091 5180	cdfs - ok
16:09:32.0122 5180	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:09:32.0138 5180	cdrom - ok
16:09:32.0169 5180	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:09:32.0247 5180	CertPropSvc - ok
16:09:32.0262 5180	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:09:32.0278 5180	circlass - ok
16:09:32.0309 5180	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:09:32.0325 5180	CLFS - ok
16:09:32.0387 5180	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:09:32.0403 5180	clr_optimization_v2.0.50727_32 - ok
16:09:32.0450 5180	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:09:32.0481 5180	clr_optimization_v2.0.50727_64 - ok
16:09:32.0528 5180	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:09:32.0574 5180	clr_optimization_v4.0.30319_32 - ok
16:09:32.0590 5180	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:09:32.0606 5180	clr_optimization_v4.0.30319_64 - ok
16:09:32.0637 5180	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:09:32.0652 5180	CmBatt - ok
16:09:32.0684 5180	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:09:32.0684 5180	cmdide - ok
16:09:32.0730 5180	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:09:32.0746 5180	CNG - ok
16:09:32.0762 5180	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:09:32.0777 5180	Compbatt - ok
16:09:32.0793 5180	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:09:32.0824 5180	CompositeBus - ok
16:09:32.0840 5180	COMSysApp - ok
16:09:32.0855 5180	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:09:32.0855 5180	crcdisk - ok
16:09:32.0886 5180	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:09:32.0933 5180	CryptSvc - ok
16:09:33.0042 5180	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:09:33.0074 5180	cvhsvc - ok
16:09:33.0120 5180	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:09:33.0198 5180	DcomLaunch - ok
16:09:33.0214 5180	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:09:33.0261 5180	defragsvc - ok
16:09:33.0308 5180	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:09:33.0386 5180	DfsC - ok
16:09:33.0417 5180	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:09:33.0464 5180	Dhcp - ok
16:09:33.0495 5180	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:09:33.0573 5180	discache - ok
16:09:33.0604 5180	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:09:33.0620 5180	Disk - ok
16:09:33.0635 5180	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:09:33.0666 5180	Dnscache - ok
16:09:33.0713 5180	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:09:33.0791 5180	dot3svc - ok
16:09:33.0791 5180	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:09:33.0838 5180	DPS - ok
16:09:33.0869 5180	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:09:33.0900 5180	drmkaud - ok
16:09:33.0932 5180	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:09:33.0963 5180	DXGKrnl - ok
16:09:33.0978 5180	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:09:34.0025 5180	EapHost - ok
16:09:34.0150 5180	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:09:34.0259 5180	ebdrv - ok
16:09:34.0337 5180	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:09:34.0400 5180	EFS - ok
16:09:34.0478 5180	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:09:34.0524 5180	ehRecvr - ok
16:09:34.0556 5180	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:09:34.0602 5180	ehSched - ok
16:09:34.0665 5180	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:09:34.0696 5180	elxstor - ok
16:09:34.0696 5180	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:09:34.0727 5180	ErrDev - ok
16:09:34.0758 5180	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:09:34.0805 5180	EventSystem - ok
16:09:34.0852 5180	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:09:34.0899 5180	exfat - ok
16:09:34.0930 5180	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:09:34.0977 5180	fastfat - ok
16:09:35.0024 5180	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:09:35.0055 5180	Fax - ok
16:09:35.0086 5180	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:09:35.0117 5180	fdc - ok
16:09:35.0133 5180	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:09:35.0226 5180	fdPHost - ok
16:09:35.0242 5180	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:09:35.0273 5180	FDResPub - ok
16:09:35.0289 5180	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:09:35.0289 5180	FileInfo - ok
16:09:35.0304 5180	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:09:35.0367 5180	Filetrace - ok
16:09:35.0398 5180	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:09:35.0429 5180	flpydisk - ok
16:09:35.0460 5180	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:09:35.0476 5180	FltMgr - ok
16:09:35.0523 5180	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:09:35.0585 5180	FontCache - ok
16:09:35.0648 5180	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:09:35.0663 5180	FontCache3.0.0.0 - ok
16:09:35.0694 5180	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:09:35.0726 5180	FsDepends - ok
16:09:35.0772 5180	fssfltr         (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
16:09:35.0772 5180	fssfltr - ok
16:09:35.0944 5180	fsssvc          (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:09:35.0975 5180	fsssvc - ok
16:09:36.0038 5180	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:09:36.0038 5180	Fs_Rec - ok
16:09:36.0084 5180	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:09:36.0116 5180	fvevol - ok
16:09:36.0131 5180	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:09:36.0147 5180	gagp30kx - ok
16:09:36.0178 5180	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:09:36.0194 5180	GEARAspiWDM - ok
16:09:36.0303 5180	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:09:36.0381 5180	gpsvc - ok
16:09:36.0428 5180	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:36.0459 5180	gupdate - ok
16:09:36.0474 5180	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:36.0474 5180	gupdatem - ok
16:09:36.0521 5180	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:09:36.0537 5180	gusvc - ok
16:09:36.0552 5180	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:09:36.0599 5180	hcw85cir - ok
16:09:36.0646 5180	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:09:36.0677 5180	HdAudAddService - ok
16:09:36.0708 5180	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:09:36.0740 5180	HDAudBus - ok
16:09:36.0755 5180	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:09:36.0771 5180	HidBatt - ok
16:09:36.0802 5180	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:09:36.0833 5180	HidBth - ok
16:09:36.0864 5180	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:09:36.0911 5180	HidIr - ok
16:09:36.0942 5180	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:09:37.0020 5180	hidserv - ok
16:09:37.0036 5180	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:09:37.0052 5180	HidUsb - ok
16:09:37.0098 5180	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:09:37.0176 5180	hkmsvc - ok
16:09:37.0208 5180	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:09:37.0239 5180	HomeGroupListener - ok
16:09:37.0254 5180	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:09:37.0301 5180	HomeGroupProvider - ok
16:09:37.0317 5180	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:09:37.0332 5180	HpSAMD - ok
16:09:37.0395 5180	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:09:37.0442 5180	HTTP - ok
16:09:37.0457 5180	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:09:37.0457 5180	hwpolicy - ok
16:09:37.0488 5180	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:09:37.0488 5180	i8042prt - ok
16:09:37.0520 5180	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:09:37.0535 5180	iaStorV - ok
16:09:37.0629 5180	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:09:37.0660 5180	idsvc - ok
16:09:37.0972 5180	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:09:38.0144 5180	igfx - ok
16:09:38.0222 5180	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:09:38.0237 5180	iirsp - ok
16:09:38.0268 5180	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:09:38.0315 5180	IKEEXT - ok
16:09:38.0440 5180	IntcAzAudAddService (3e49dac8eefa6016aa2a6331bec866ae) C:\Windows\system32\drivers\RTKVHD64.sys
16:09:38.0549 5180	IntcAzAudAddService - ok
16:09:38.0612 5180	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:09:38.0643 5180	intelide - ok
16:09:38.0658 5180	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:09:38.0705 5180	intelppm - ok
16:09:38.0721 5180	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:09:38.0768 5180	IPBusEnum - ok
16:09:38.0799 5180	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:09:38.0830 5180	IpFilterDriver - ok
16:09:38.0861 5180	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:09:38.0908 5180	iphlpsvc - ok
16:09:38.0924 5180	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:09:38.0955 5180	IPMIDRV - ok
16:09:38.0986 5180	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:09:39.0064 5180	IPNAT - ok
16:09:39.0173 5180	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:09:39.0189 5180	iPod Service - ok
16:09:39.0220 5180	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:09:39.0267 5180	IRENUM - ok
16:09:39.0282 5180	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:09:39.0282 5180	isapnp - ok
16:09:39.0298 5180	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:09:39.0314 5180	iScsiPrt - ok
16:09:39.0345 5180	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:09:39.0345 5180	kbdclass - ok
16:09:39.0376 5180	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:09:39.0407 5180	kbdhid - ok
16:09:39.0438 5180	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:39.0454 5180	KeyIso - ok
16:09:39.0454 5180	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:09:39.0470 5180	KSecDD - ok
16:09:39.0501 5180	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:09:39.0516 5180	KSecPkg - ok
16:09:39.0516 5180	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:09:39.0548 5180	ksthunk - ok
16:09:39.0579 5180	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:09:39.0641 5180	KtmRm - ok
16:09:39.0657 5180	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:09:39.0688 5180	LanmanServer - ok
16:09:39.0719 5180	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:09:39.0750 5180	LanmanWorkstation - ok
16:09:39.0782 5180	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:09:39.0813 5180	lltdio - ok
16:09:39.0844 5180	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:09:39.0875 5180	lltdsvc - ok
16:09:39.0891 5180	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:09:39.0922 5180	lmhosts - ok
16:09:39.0953 5180	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:09:39.0953 5180	LSI_FC - ok
16:09:39.0969 5180	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:09:39.0984 5180	LSI_SAS - ok
16:09:40.0000 5180	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:09:40.0016 5180	LSI_SAS2 - ok
16:09:40.0016 5180	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:09:40.0031 5180	LSI_SCSI - ok
16:09:40.0047 5180	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:09:40.0094 5180	luafv - ok
16:09:40.0172 5180	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:09:40.0203 5180	MBAMProtector - ok
16:09:40.0265 5180	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:09:40.0296 5180	MBAMService - ok
16:09:40.0312 5180	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:09:40.0328 5180	Mcx2Svc - ok
16:09:40.0343 5180	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:09:40.0343 5180	megasas - ok
16:09:40.0374 5180	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:09:40.0390 5180	MegaSR - ok
16:09:40.0452 5180	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:09:40.0468 5180	Microsoft Office Groove Audit Service - ok
16:09:40.0499 5180	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:09:40.0546 5180	MMCSS - ok
16:09:40.0546 5180	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:09:40.0608 5180	Modem - ok
16:09:40.0624 5180	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:09:40.0640 5180	monitor - ok
16:09:40.0671 5180	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:09:40.0671 5180	mouclass - ok
16:09:40.0702 5180	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:09:40.0718 5180	mouhid - ok
16:09:40.0749 5180	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:09:40.0764 5180	mountmgr - ok
16:09:40.0780 5180	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:09:40.0796 5180	mpio - ok
16:09:40.0811 5180	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:09:40.0842 5180	mpsdrv - ok
16:09:40.0874 5180	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:09:40.0920 5180	MpsSvc - ok
16:09:40.0952 5180	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:09:40.0967 5180	MRxDAV - ok
16:09:40.0983 5180	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:41.0014 5180	mrxsmb - ok
16:09:41.0045 5180	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:41.0076 5180	mrxsmb10 - ok
16:09:41.0092 5180	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:41.0108 5180	mrxsmb20 - ok
16:09:41.0123 5180	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:09:41.0123 5180	msahci - ok
16:09:41.0139 5180	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:09:41.0139 5180	msdsm - ok
16:09:41.0186 5180	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:09:41.0248 5180	MSDTC - ok
16:09:41.0279 5180	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:09:41.0326 5180	Msfs - ok
16:09:41.0342 5180	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:09:41.0373 5180	mshidkmdf - ok
16:09:41.0388 5180	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:09:41.0404 5180	msisadrv - ok
16:09:41.0435 5180	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:09:41.0513 5180	MSiSCSI - ok
16:09:41.0529 5180	msiserver - ok
16:09:41.0544 5180	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:09:41.0576 5180	MSKSSRV - ok
16:09:41.0576 5180	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:41.0607 5180	MSPCLOCK - ok
16:09:41.0607 5180	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:09:41.0638 5180	MSPQM - ok
16:09:41.0685 5180	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:09:41.0685 5180	MsRPC - ok
16:09:41.0700 5180	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:09:41.0716 5180	mssmbios - ok
16:09:41.0732 5180	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:09:41.0763 5180	MSTEE - ok
16:09:41.0794 5180	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:09:41.0934 5180	MTConfig - ok
16:09:41.0934 5180	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:09:41.0950 5180	Mup - ok
16:09:41.0981 5180	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:09:42.0028 5180	napagent - ok
16:09:42.0090 5180	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:09:42.0122 5180	NativeWifiP - ok
16:09:42.0168 5180	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:09:42.0200 5180	NDIS - ok
16:09:42.0200 5180	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:09:42.0278 5180	NdisCap - ok
16:09:42.0309 5180	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:42.0371 5180	NdisTapi - ok
16:09:42.0402 5180	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:42.0465 5180	Ndisuio - ok
16:09:42.0496 5180	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:42.0558 5180	NdisWan - ok
16:09:42.0574 5180	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:09:42.0636 5180	NDProxy - ok
16:09:42.0652 5180	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:09:42.0746 5180	NetBIOS - ok
16:09:42.0777 5180	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:09:42.0808 5180	NetBT - ok
16:09:42.0839 5180	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:42.0855 5180	Netlogon - ok
16:09:42.0902 5180	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:09:42.0980 5180	Netman - ok
16:09:42.0995 5180	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:09:43.0026 5180	netprofm - ok
16:09:43.0089 5180	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:09:43.0120 5180	NetTcpPortSharing - ok
16:09:43.0151 5180	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:09:43.0167 5180	nfrd960 - ok
16:09:43.0198 5180	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:09:43.0260 5180	NlaSvc - ok
16:09:43.0276 5180	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:09:43.0307 5180	Npfs - ok
16:09:43.0323 5180	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:09:43.0354 5180	nsi - ok
16:09:43.0354 5180	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:09:43.0385 5180	nsiproxy - ok
16:09:43.0463 5180	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:09:43.0510 5180	Ntfs - ok
16:09:43.0604 5180	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:09:43.0682 5180	Null - ok
16:09:43.0713 5180	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys
16:09:43.0760 5180	nusb3hub - ok
16:09:43.0791 5180	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys
16:09:43.0853 5180	nusb3xhc - ok
16:09:43.0900 5180	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:09:43.0931 5180	nvraid - ok
16:09:43.0947 5180	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:09:43.0962 5180	nvstor - ok
16:09:43.0994 5180	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:09:43.0994 5180	nv_agp - ok
16:09:44.0087 5180	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:09:44.0118 5180	odserv - ok
16:09:44.0134 5180	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:09:44.0165 5180	ohci1394 - ok
16:09:44.0196 5180	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:09:44.0212 5180	ose - ok
16:09:44.0508 5180	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:09:44.0664 5180	osppsvc - ok
16:09:44.0742 5180	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:09:44.0789 5180	p2pimsvc - ok
16:09:44.0836 5180	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:09:44.0883 5180	p2psvc - ok
16:09:44.0914 5180	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:09:44.0930 5180	Parport - ok
16:09:44.0961 5180	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:09:44.0976 5180	partmgr - ok
16:09:44.0992 5180	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:09:45.0023 5180	PcaSvc - ok
16:09:45.0039 5180	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:09:45.0054 5180	pci - ok
16:09:45.0070 5180	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:09:45.0086 5180	pciide - ok
16:09:45.0117 5180	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:09:45.0117 5180	pcmcia - ok
16:09:45.0148 5180	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:09:45.0148 5180	pcw - ok
16:09:45.0179 5180	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:09:45.0210 5180	PEAUTH - ok
16:09:45.0288 5180	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:09:45.0320 5180	PerfHost - ok
16:09:45.0398 5180	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:09:45.0460 5180	pla - ok
16:09:45.0491 5180	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:09:45.0522 5180	PlugPlay - ok
16:09:45.0538 5180	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:09:45.0554 5180	PNRPAutoReg - ok
16:09:45.0585 5180	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:09:45.0600 5180	PNRPsvc - ok
16:09:45.0616 5180	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:09:45.0647 5180	PolicyAgent - ok
16:09:45.0678 5180	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:09:45.0710 5180	Power - ok
16:09:45.0756 5180	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:09:45.0788 5180	PptpMiniport - ok
16:09:45.0819 5180	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:09:45.0834 5180	Processor - ok
16:09:45.0850 5180	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:09:45.0881 5180	ProfSvc - ok
16:09:45.0897 5180	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:45.0912 5180	ProtectedStorage - ok
16:09:45.0944 5180	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:09:45.0975 5180	Psched - ok
16:09:46.0053 5180	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:09:46.0100 5180	ql2300 - ok
16:09:46.0162 5180	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:09:46.0178 5180	ql40xx - ok
16:09:46.0193 5180	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:09:46.0209 5180	QWAVE - ok
16:09:46.0240 5180	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:09:46.0287 5180	QWAVEdrv - ok
16:09:46.0302 5180	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:09:46.0349 5180	RasAcd - ok
16:09:46.0365 5180	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:09:46.0396 5180	RasAgileVpn - ok
16:09:46.0427 5180	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:09:46.0474 5180	RasAuto - ok
16:09:46.0490 5180	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:46.0536 5180	Rasl2tp - ok
16:09:46.0568 5180	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:09:46.0599 5180	RasMan - ok
16:09:46.0614 5180	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:46.0646 5180	RasPppoe - ok
16:09:46.0661 5180	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:09:46.0692 5180	RasSstp - ok
16:09:46.0724 5180	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:09:46.0755 5180	rdbss - ok
16:09:46.0770 5180	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:09:46.0786 5180	rdpbus - ok
16:09:46.0802 5180	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:46.0833 5180	RDPCDD - ok
16:09:46.0864 5180	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:09:46.0926 5180	RDPENCDD - ok
16:09:46.0942 5180	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:09:46.0973 5180	RDPREFMP - ok
16:09:47.0004 5180	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:09:47.0036 5180	RDPWD - ok
16:09:47.0067 5180	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:09:47.0067 5180	rdyboost - ok
16:09:47.0098 5180	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:09:47.0129 5180	RemoteAccess - ok
16:09:47.0160 5180	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:09:47.0192 5180	RemoteRegistry - ok
16:09:47.0223 5180	RimUsb          (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:09:47.0254 5180	RimUsb - ok
16:09:47.0270 5180	RimVSerPort     (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:09:47.0316 5180	RimVSerPort - ok
16:09:47.0348 5180	ROOTMODEM       (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:09:47.0410 5180	ROOTMODEM - ok
16:09:47.0426 5180	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:09:47.0472 5180	RpcEptMapper - ok
16:09:47.0472 5180	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:09:47.0488 5180	RpcLocator - ok
16:09:47.0535 5180	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:09:47.0566 5180	RpcSs - ok
16:09:47.0582 5180	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:09:47.0613 5180	rspndr - ok
16:09:47.0644 5180	RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:09:47.0660 5180	RTL8167 - ok
16:09:47.0706 5180	RTL8192su       (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
16:09:47.0722 5180	RTL8192su - ok
16:09:47.0738 5180	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:47.0753 5180	SamSs - ok
16:09:47.0769 5180	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:09:47.0784 5180	sbp2port - ok
16:09:47.0800 5180	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:09:47.0847 5180	SCardSvr - ok
16:09:47.0878 5180	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:09:47.0925 5180	scfilter - ok
16:09:47.0972 5180	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:09:48.0003 5180	Schedule - ok
16:09:48.0018 5180	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:09:48.0050 5180	SCPolicySvc - ok
16:09:48.0065 5180	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:09:48.0112 5180	SDRSVC - ok
16:09:48.0143 5180	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:09:48.0206 5180	secdrv - ok
16:09:48.0237 5180	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:09:48.0284 5180	seclogon - ok
16:09:48.0284 5180	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:09:48.0330 5180	SENS - ok
16:09:48.0346 5180	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:09:48.0393 5180	SensrSvc - ok
16:09:48.0440 5180	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:09:48.0471 5180	Serenum - ok
16:09:48.0502 5180	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:09:48.0533 5180	Serial - ok
16:09:48.0549 5180	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:09:48.0580 5180	sermouse - ok
16:09:48.0611 5180	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:09:48.0674 5180	SessionEnv - ok
16:09:48.0689 5180	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:09:48.0705 5180	sffdisk - ok
16:09:48.0720 5180	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:09:48.0736 5180	sffp_mmc - ok
16:09:48.0798 5180	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:09:48.0830 5180	sffp_sd - ok
16:09:48.0830 5180	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:09:48.0861 5180	sfloppy - ok
16:09:48.0908 5180	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:09:48.0939 5180	Sftfs - ok
16:09:49.0032 5180	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:09:49.0064 5180	sftlist - ok
16:09:49.0079 5180	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:09:49.0095 5180	Sftplay - ok
16:09:49.0110 5180	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:09:49.0110 5180	Sftredir - ok
16:09:49.0126 5180	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:09:49.0126 5180	Sftvol - ok
16:09:49.0157 5180	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:09:49.0157 5180	sftvsa - ok
16:09:49.0204 5180	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:09:49.0235 5180	SharedAccess - ok
16:09:49.0266 5180	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:09:49.0313 5180	ShellHWDetection - ok
16:09:49.0329 5180	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:09:49.0344 5180	SiSRaid2 - ok
16:09:49.0360 5180	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:09:49.0376 5180	SiSRaid4 - ok
16:09:49.0391 5180	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:09:49.0438 5180	Smb - ok
16:09:49.0454 5180	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:09:49.0485 5180	SNMPTRAP - ok
16:09:49.0500 5180	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:09:49.0500 5180	spldr - ok
16:09:49.0532 5180	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:09:49.0578 5180	Spooler - ok
16:09:49.0719 5180	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:09:49.0844 5180	sppsvc - ok
16:09:49.0906 5180	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:09:49.0968 5180	sppuinotify - ok
16:09:50.0015 5180	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:09:50.0093 5180	srv - ok
16:09:50.0109 5180	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:09:50.0140 5180	srv2 - ok
16:09:50.0171 5180	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:09:50.0187 5180	srvnet - ok
16:09:50.0234 5180	sscdbus         (f4f1e1ff6986fe8914525af751ea3eac) C:\Windows\system32\DRIVERS\sscdbus.sys
16:09:50.0234 5180	sscdbus - ok
16:09:50.0249 5180	sscdmdfl        (5447690d2cfe1bde1be3a5a5a3e2f796) C:\Windows\system32\DRIVERS\sscdmdfl.sys
16:09:50.0265 5180	sscdmdfl - ok
16:09:50.0280 5180	sscdmdm         (bfda292053aeb76a0c1d63b2279d5138) C:\Windows\system32\DRIVERS\sscdmdm.sys
16:09:50.0296 5180	sscdmdm - ok
16:09:50.0312 5180	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:09:50.0358 5180	SSDPSRV - ok
16:09:50.0374 5180	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:09:50.0405 5180	SstpSvc - ok
16:09:50.0436 5180	ss_bbus         (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
16:09:50.0436 5180	ss_bbus - ok
16:09:50.0468 5180	ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
16:09:50.0468 5180	ss_bmdfl - ok
16:09:50.0483 5180	ss_bmdm         (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
16:09:50.0499 5180	ss_bmdm - ok
16:09:50.0530 5180	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:09:50.0530 5180	stexstor - ok
16:09:50.0577 5180	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:09:50.0592 5180	stisvc - ok
16:09:50.0624 5180	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:09:50.0624 5180	swenum - ok
16:09:50.0655 5180	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:09:50.0733 5180	swprv - ok
16:09:50.0811 5180	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:09:50.0873 5180	SysMain - ok
16:09:50.0951 5180	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:09:50.0998 5180	TabletInputService - ok
16:09:51.0029 5180	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:09:51.0123 5180	TapiSrv - ok
16:09:51.0138 5180	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:09:51.0170 5180	TBS - ok
16:09:51.0263 5180	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:09:51.0310 5180	Tcpip - ok
16:09:51.0435 5180	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:09:51.0466 5180	TCPIP6 - ok
16:09:51.0513 5180	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:09:51.0575 5180	tcpipreg - ok
16:09:51.0606 5180	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:09:51.0638 5180	TDPIPE - ok
16:09:51.0669 5180	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:09:51.0700 5180	TDTCP - ok
16:09:51.0731 5180	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:09:51.0794 5180	tdx - ok
16:09:51.0825 5180	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:09:51.0825 5180	TermDD - ok
16:09:51.0856 5180	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:09:51.0903 5180	TermService - ok
16:09:51.0950 5180	TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
16:09:51.0981 5180	TFsExDisk - ok
16:09:51.0996 5180	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:09:52.0043 5180	Themes - ok
16:09:52.0074 5180	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:09:52.0106 5180	THREADORDER - ok
16:09:52.0199 5180	TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:09:52.0230 5180	TomTomHOMEService - ok
16:09:52.0246 5180	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:09:52.0277 5180	TrkWks - ok
16:09:52.0308 5180	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:09:52.0355 5180	TrustedInstaller - ok
16:09:52.0371 5180	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:09:52.0418 5180	tssecsrv - ok
16:09:52.0433 5180	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:09:52.0464 5180	TsUsbFlt - ok
16:09:52.0496 5180	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:09:52.0511 5180	TsUsbGD - ok
16:09:52.0542 5180	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:09:52.0605 5180	tunnel - ok
16:09:52.0620 5180	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:09:52.0636 5180	uagp35 - ok
16:09:52.0652 5180	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:09:52.0698 5180	udfs - ok
16:09:52.0730 5180	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:09:52.0745 5180	UI0Detect - ok
16:09:52.0776 5180	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:09:52.0776 5180	uliagpkx - ok
16:09:52.0808 5180	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:09:52.0839 5180	umbus - ok
16:09:52.0854 5180	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:09:52.0886 5180	UmPass - ok
16:09:52.0917 5180	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:09:52.0948 5180	upnphost - ok
16:09:52.0979 5180	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:09:53.0026 5180	USBAAPL64 - ok
16:09:53.0042 5180	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:09:53.0088 5180	usbccgp - ok
16:09:53.0120 5180	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:09:53.0151 5180	usbcir - ok
16:09:53.0151 5180	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:09:53.0182 5180	usbehci - ok
16:09:53.0229 5180	usbfilter       (917a716639c8ff1c396d4b13889552d8) C:\Windows\system32\DRIVERS\usbfilter.sys
16:09:53.0244 5180	usbfilter - ok
16:09:53.0260 5180	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:09:53.0291 5180	usbhub - ok
16:09:53.0322 5180	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:09:53.0354 5180	usbohci - ok
16:09:53.0369 5180	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:09:53.0400 5180	usbprint - ok
16:09:53.0432 5180	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:09:53.0463 5180	USBSTOR - ok
16:09:53.0463 5180	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:09:53.0478 5180	usbuhci - ok
16:09:53.0510 5180	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:09:53.0556 5180	usb_rndisx - ok
16:09:53.0572 5180	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:09:53.0619 5180	UxSms - ok
16:09:53.0650 5180	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:53.0650 5180	VaultSvc - ok
16:09:53.0681 5180	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:09:53.0697 5180	vdrvroot - ok
16:09:53.0728 5180	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:09:53.0759 5180	vds - ok
16:09:53.0806 5180	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:09:53.0853 5180	vga - ok
16:09:53.0915 5180	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:09:53.0978 5180	VgaSave - ok
16:09:54.0009 5180	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:09:54.0024 5180	vhdmp - ok
16:09:54.0040 5180	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:09:54.0056 5180	viaide - ok
16:09:54.0071 5180	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:09:54.0071 5180	volmgr - ok
16:09:54.0102 5180	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:09:54.0118 5180	volmgrx - ok
16:09:54.0149 5180	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:09:54.0165 5180	volsnap - ok
16:09:54.0196 5180	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:09:54.0227 5180	vsmraid - ok
16:09:54.0305 5180	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:09:54.0368 5180	VSS - ok
16:09:54.0446 5180	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:09:54.0492 5180	vwifibus - ok
16:09:54.0524 5180	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:09:54.0555 5180	vwififlt - ok
16:09:54.0586 5180	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:09:54.0617 5180	W32Time - ok
16:09:54.0633 5180	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:09:54.0664 5180	WacomPen - ok
16:09:54.0680 5180	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:54.0711 5180	WANARP - ok
16:09:54.0711 5180	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:54.0726 5180	Wanarpv6 - ok
16:09:54.0836 5180	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:09:54.0882 5180	WatAdminSvc - ok
16:09:54.0960 5180	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:09:55.0038 5180	wbengine - ok
16:09:55.0101 5180	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:09:55.0132 5180	WbioSrvc - ok
16:09:55.0179 5180	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:09:55.0226 5180	wcncsvc - ok
16:09:55.0241 5180	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:09:55.0272 5180	WcsPlugInService - ok
16:09:55.0304 5180	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:09:55.0319 5180	Wd - ok
16:09:55.0366 5180	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:09:55.0382 5180	Wdf01000 - ok
16:09:55.0382 5180	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:09:55.0475 5180	WdiServiceHost - ok
16:09:55.0491 5180	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:09:55.0506 5180	WdiSystemHost - ok
16:09:55.0522 5180	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:09:55.0553 5180	WebClient - ok
16:09:55.0569 5180	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:09:55.0600 5180	Wecsvc - ok
16:09:55.0631 5180	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:09:55.0694 5180	wercplsupport - ok
16:09:55.0725 5180	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:09:55.0756 5180	WerSvc - ok
16:09:55.0787 5180	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:09:55.0803 5180	WfpLwf - ok
16:09:55.0818 5180	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:09:55.0818 5180	WIMMount - ok
16:09:55.0865 5180	WinDefend - ok
16:09:55.0865 5180	WinHttpAutoProxySvc - ok
16:09:55.0928 5180	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:09:55.0974 5180	Winmgmt - ok
16:09:56.0068 5180	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:09:56.0146 5180	WinRM - ok
16:09:56.0208 5180	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:09:56.0224 5180	WinUsb - ok
16:09:56.0271 5180	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:09:56.0286 5180	Wlansvc - ok
16:09:56.0333 5180	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:09:56.0349 5180	wlcrasvc - ok
16:09:56.0489 5180	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:09:56.0520 5180	wlidsvc - ok
16:09:56.0598 5180	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:09:56.0645 5180	WmiAcpi - ok
16:09:56.0692 5180	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:09:56.0739 5180	wmiApSrv - ok
16:09:56.0754 5180	WMPNetworkSvc - ok
16:09:56.0786 5180	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:09:56.0801 5180	WPCSvc - ok
16:09:56.0832 5180	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:09:56.0848 5180	WPDBusEnum - ok
16:09:56.0879 5180	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:09:56.0910 5180	ws2ifsl - ok
16:09:56.0926 5180	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:09:56.0988 5180	wscsvc - ok
16:09:56.0988 5180	WSearch - ok
16:09:57.0098 5180	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:09:57.0207 5180	wuauserv - ok
16:09:57.0285 5180	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:09:57.0347 5180	WudfPf - ok
16:09:57.0378 5180	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:09:57.0425 5180	WUDFRd - ok
16:09:57.0441 5180	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:09:57.0472 5180	wudfsvc - ok
16:09:57.0503 5180	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:09:57.0519 5180	WwanSvc - ok
16:09:57.0566 5180	MBR (0x1B8)     (5d949eea3beec2df38a2d7900ad89a60) \Device\Harddisk0\DR0
16:09:59.0874 5180	\Device\Harddisk0\DR0 - ok
16:09:59.0906 5180	Boot (0x1200)   (efe6ec6f5f5d6c11e3c9b17b93b734f5) \Device\Harddisk0\DR0\Partition0
16:09:59.0906 5180	\Device\Harddisk0\DR0\Partition0 - ok
16:09:59.0906 5180	Boot (0x1200)   (b880ad6696e3eb9c3e77cf98a9ae4fd2) \Device\Harddisk0\DR0\Partition1
16:09:59.0921 5180	\Device\Harddisk0\DR0\Partition1 - ok
16:09:59.0937 5180	Boot (0x1200)   (4644bd661fdaf29cc4b29febb9f76e6b) \Device\Harddisk0\DR0\Partition2
16:09:59.0937 5180	\Device\Harddisk0\DR0\Partition2 - ok
16:09:59.0937 5180	============================================================
16:09:59.0937 5180	Scan finished
16:09:59.0937 5180	============================================================
16:09:59.0952 4056	Detected object count: 0
16:09:59.0952 4056	Actual detected object count: 0
16:11:12.0415 2476	Deinitialize success

cosinus · 14.05.2012, 18:27

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

12.05.2012, 22:49	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AKM Virus ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen __________________ Logfiles bitte immer in CODE-Tags posten

14.05.2012, 08:13	#7
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AKM Virus Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt, auch mit deinem Hauptuser? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

AKM Virus

Log-Analyse und Auswertung: AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

AKM Virus

Ähnliche Themen: AKM Virus

04.05.2012, 12:09	#2
mikefx	AKM Virus Anbei noch die extras.txt aus der OTL.exe __________________

14.05.2012, 10:09	#8
mikefx	AKM Virus Ja, ich kann mich mit meinem Hauptuser wieder normal anmelden. Internet funktioniert auch wieder. Die Desktop Symbole waren ausgeblendet - habe ich wieder eingeschalten. Im Startmenü vermisse ich nach dem ersten Blick nichts. Sieht also gut aus für mich. Aber so wie du schreibst, bin ich noch nicht sauber?