Exp/2010-0840

Warsta · 28.10.2011, 15:01

Hallo Leute,

ich hatte heute die Funde:

EXP/2010-0840.BC
Quelle: C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\15d49b47-4d7ea05f
Quelle: C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2300428c-5405285b

Scan vom 22.10:

Code:

ATTFilter

Beginne mit der Suche in 'C:\'
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\33a465c2-709ae481
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.LL.2
  --> buildService/VirtualTable.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e0d8316-54406758
  [0] Archivtyp: ZIP
  --> support/ForMail.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6ade6383-7590b44e
  [0] Archivtyp: ZIP
  --> support/ForMail.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1c499420-19e17c2f
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO
  --> buildService/VirtualTable.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\756918a0-761dae08
  [0] Archivtyp: ZIP
  --> support/ForMail.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\350c3de2-7fe3f607
  [0] Archivtyp: ZIP
  --> main.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7c47d765-526cab75
  [0] Archivtyp: ZIP
  --> support/ForMail.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2e77cfe9-51a70426
  [0] Archivtyp: ZIP
  --> support/ForMail.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H

Beginne mit der Desinfektion:
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2e77cfe9-51a70426
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '020ce5e8.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\7c47d765-526cab75
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6436aa2c.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\350c3de2-7fe3f607
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Pruno.F
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '21b68724.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\756918a0-761dae08
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5ea7b545.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\1c499420-19e17c2f
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '12119939.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6ade6383-7590b44e
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE2010-0840.CX
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6fd9d96b.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e0d8316-54406758
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.H
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4357f622.qua' verschoben!
C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\33a465c2-709ae481
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AN
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5be8cd8f.qua' verschoben!

Habe im Internet gelesen, dass der EXP/2010-0840 eher ungefährlich bis mittelgefährlich ist. Bei mir ist schon seit längerem die Java Version 6 Update 29 installiert. Kann ich dieses Exploit einfach ignorieren, schnell beheben, oder lohnt sich eher ein Neuaufsetzen (wenn das Entfernen zuuu lange dauert z.B. und es Schaden anrichten kann, da ich gelegentlich mit einem Programm Aktien handle und wichtige Daten angeben muss!!!).

cosinus · 29.10.2011, 16:36

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Warsta · 30.10.2011, 16:14

Hi und danke erstmal für deine Antwort.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8046

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.10.2011 12:58:48
mbam-log-2011-10-30 (12-58-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 367504
Laufzeit: 1 Stunde(n), 38 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88dc6e29ca8e384f84f41ef245f98433
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-30 02:53:47
# local_time=2011-10-30 03:53:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 844917 844917 0 0
# compatibility_mode=5893 16776573 100 94 12669 71606235 0 0
# compatibility_mode=8192 67108863 100 0 4004 4004 0 0
# scanned=192796
# found=2
# cleaned=0
# scan_time=10041
C:\Users\Skulls\Downloads\OrbitSetup4.1.00.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
D:\ZBC\Samsung Laptop\Desktop\MsgPlusLive-420.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I

Die letzte Meldung in ZBC habe ich einfach manuell gelöscht, weil ich das nie installiert hatte, sondern nur einmal bei einem Freund ein Backup gemacht habe.
Vor den Scans habe ich kurz mit CCleaner alles gesäubert, es kam aber während dem Malwarebytes-Scan die Meldungen von meinem Antivirenprogramm:

Code:

ATTFilter

'C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5caf8796-2c0a6eaa'
wurde ein Virus oder unerwünschtes Programm 'EXP/Java.AC' [exploit] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Datei 'C:\Users\Skulls\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5caf8796-2c0a6eaa'
enthielt einen Virus oder unerwünschtes Programm 'EXP/Java.AF' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49668394.qua' verschoben!

Tja, die EXP/Java.xx kommen irgendwie immer wieder woher.

cosinus · 30.10.2011, 18:40

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Warsta · 31.10.2011, 01:57

Ohje ist der lang:

Code:

ATTFilter

OTL logfile created on: 31.10.2011 01:25:08 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Skulls\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,45% Memory free
3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,30 Gb Total Space | 1,16 Gb Free Space | 3,95% Space Free | Partition Type: NTFS
Drive D: | 268,69 Gb Total Space | 120,18 Gb Free Space | 44,73% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: *| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.31 00:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.26 18:17:26 | 000,008,192 | ---- | M] () -- C:\Windows\SysWOW64\srvany.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\cvpnd.exe
PRC - [2009.12.30 18:36:06 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\cvpnd.exe -- (CVPND)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.28 02:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2005.07.06 11:43:24 | 000,414,720 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcecoms.exe -- (lxce_device)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.08 06:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.08.30 10:17:50 | 000,090,112 | ---- | M] (Clarus, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe -- (SZASSIST)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.30 18:36:06 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.14 15:53:43 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 16:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.19 11:28:55 | 008,080,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.16 03:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.02 09:45:38 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.11 21:34:38 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.01.26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\vsdatant.sys -- (vsdatant)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 EB CB 0C 38 08 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 20:24:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.30 15:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skulls\AppData\Roaming\mozilla\Extensions
[2011.10.30 10:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions
[2011.05.16 10:47:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.05.01 20:02:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com
[2011.10.21 00:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.15 22:38:22 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.04 20:11:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.05 14:20:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.25 17:26:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 00:04:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\EXTENSIONS\FACEPASTE.FIREFOX.ADDON@AZABANI.COM.XPI
[2011.10.02 14:18:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.02 14:18:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 14:18:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 14:18:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.16 10:47:26 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 14:18:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 14:18:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 14:18:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TaskTray]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tu-darmstadt.de ([clix] https in Vertrauenswürdige Sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A0050C0-4C72-4B1B-B589-CDD8EA26D540}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EumexInst - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: FLMOFFICE4DMOUSE - hkey= - key= - C:\Program Files (x86)\Office Mouse\moffice.exe ()
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
MsConfig:64bit - StartUpReg: HPUsageTracking - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LXCECATS - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PrnStatusMX - hkey= - key= - C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: routcnf - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.lsgc - C:\Windows\SysWow64\lsgc.dll (imc AG)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.31 00:26:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe
[2011.10.29 10:46:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.23 00:14:17 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\Malwarebytes
[2011.10.23 00:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.23 00:14:01 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.23 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.21 12:04:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.10.21 00:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.20 18:25:01 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\Avira
[2011.10.20 18:24:31 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.20 18:24:31 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.20 18:24:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.20 18:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.20 18:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.16 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2011.10.13 01:44:47 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Roaming\DivX
[2011.10.12 20:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.10.12 20:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.10.12 20:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.10.12 20:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.10.12 20:22:26 | 000,000,000 | ---D | C] -- C:\Users\Skulls\AppData\Local\Apple
[2011.10.12 20:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.10.12 20:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.10.12 18:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.10.12 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.10.12 18:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011.10.12 18:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.10.12 18:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.03.23 12:29:08 | 000,067,760 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\VAInst64.exe
[2010.03.23 12:22:46 | 001,549,088 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\vpngui.exe
[2010.03.23 12:20:18 | 000,217,896 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\SetMTU.exe
[2010.03.23 12:19:32 | 001,528,616 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\cvpnd.exe
[2010.03.23 12:18:40 | 000,181,048 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\ipsecdialer.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.31 01:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.31 00:51:57 | 000,730,813 | R--- | M] () -- C:\Users\Skulls\Desktop\MH_Allgemeine Elktrotechnik Bachelor 2011.pdf
[2011.10.31 00:26:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Skulls\Desktop\OTL.exe
[2011.10.30 20:44:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.30 20:44:24 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.30 20:41:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.30 20:41:15 | 000,652,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.30 20:41:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.30 20:41:15 | 000,129,674 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.30 20:41:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.30 20:37:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.30 20:36:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.30 20:36:48 | 1606,619,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.13 08:43:38 | 000,477,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 15:22:30 | 000,000,215 | ---- | M] () -- C:\Program Files\vpnclient.ini
[2011.10.11 15:22:26 | 000,000,213 | ---- | M] () -- C:\Program Files\internal.ini
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.10.31 00:51:57 | 000,730,813 | R--- | C] () -- C:\Users\Skulls\Desktop\MH_Allgemeine Elktrotechnik Bachelor 2011.pdf
[2011.10.12 20:22:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.08.05 16:14:56 | 000,853,829 | ---- | C] () -- C:\Users\Skulls\AppData\Local\census.cache
[2011.08.05 16:14:07 | 000,104,911 | ---- | C] () -- C:\Users\Skulls\AppData\Local\ars.cache
[2011.08.05 15:58:02 | 000,000,036 | ---- | C] () -- C:\Users\Skulls\AppData\Local\housecall.guid.cache
[2011.07.13 22:27:38 | 000,000,596 | ---- | C] () -- C:\Users\Skulls\AppData\Roaming\history.PowerPoint.pwcdat
[2011.06.26 18:17:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.06.17 19:33:31 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI
[2011.05.27 13:24:00 | 000,290,904 | ---- | C] () -- C:\Windows\SysWow64\vc6-re200l.dll
[2011.05.26 22:17:09 | 000,029,744 | ---- | C] () -- C:\Windows\SysWow64\InstHelper.dll
[2011.05.26 22:17:00 | 000,197,672 | ---- | C] () -- C:\Windows\SysWow64\vpnapi.dll
[2011.05.26 22:16:59 | 000,193,576 | ---- | C] () -- C:\Windows\SysWow64\CSGina.dll
[2011.05.02 22:25:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.30 09:39:35 | 000,007,597 | ---- | C] () -- C:\Users\Skulls\AppData\Local\Resmon.ResmonCfg
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Program Files\vpnapi.dll
[2010.03.23 12:23:26 | 000,176,944 | ---- | C] () -- C:\Program Files\ipseclog.exe
[2010.03.23 12:21:44 | 000,271,144 | ---- | C] () -- C:\Program Files\vpnclient.exe
[2010.03.23 12:21:00 | 000,230,184 | ---- | C] () -- C:\Program Files\ppptool.exe
[2010.03.23 12:10:20 | 001,028,219 | ---- | C] () -- C:\Program Files\cisco_cert_mgr.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.06.14 12:02:52 | 000,000,215 | ---- | C] () -- C:\Program Files\vpnclient.ini
[2007.06.14 12:02:52 | 000,000,213 | ---- | C] () -- C:\Program Files\internal.ini
[2005.09.21 02:57:56 | 004,325,376 | ---- | C] () -- C:\Program Files\qt-mt335.dll
 
========== LOP Check ==========
 
[2011.05.08 15:52:04 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Dropbox
[2011.05.05 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\EndNote
[2011.05.06 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\GrabPro
[2011.05.02 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Marvell
[2011.09.06 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Orbit
[2011.05.06 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\ProgSense
[2011.10.01 02:25:38 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.30 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Adobe
[2011.10.20 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Avira
[2011.10.13 01:44:47 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\DivX
[2011.05.08 15:52:04 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Dropbox
[2011.05.05 16:15:38 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\EndNote
[2011.05.06 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\GrabPro
[2011.05.01 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Hewlett-Packard
[2011.05.01 20:48:14 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\HP
[2011.04.30 08:42:21 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Identities
[2011.04.30 13:26:43 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Macromedia
[2011.10.23 00:14:17 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Malwarebytes
[2011.05.02 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Marvell
[2011.05.16 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\MathWorks
[2009.07.14 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Media Center Programs
[2011.10.28 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Media Player Classic
[2011.09.07 17:28:42 | 000,000,000 | --SD | M] -- C:\Users\Skulls\AppData\Roaming\Microsoft
[2011.04.30 15:22:16 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Mozilla
[2011.09.06 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Orbit
[2011.05.06 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\ProgSense
[2011.10.27 00:41:17 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\Skype
[2011.10.26 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\skypePM
[2011.05.02 00:52:02 | 000,000,000 | ---D | M] -- C:\Users\Skulls\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.04.26 06:36:24 | 024,131,184 | ---- | M] (Dropbox, Inc.) -- C:\Users\Skulls\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.04.26 06:36:30 | 000,173,248 | ---- | M] (Dropbox, Inc.) -- C:\Users\Skulls\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.09.01 14:40:18 | 000,188,152 | ---- | M] () -- C:\Users\Skulls\AppData\Roaming\Mozilla\Firefox\Profiles\eq5eo9ld.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.11.11 17:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.11.11 17:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 31.10.2011, 10:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 EB CB 0C 38 08 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
[2011.05.16 10:47:25 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011.05.01 20:02:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [TaskTray]  File not found
O32 - HKLM CDRom: AutoRun - 1

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Warsta · 31.10.2011, 22:24

Oh, ich hab beim ersten Suchlauf ALLE Programme, bis auf den Virenscanner beendet. Muss ich das alles nochmal machen, oder war das einfach nur zur Sicherheit, damit es nicht abstürzt?

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Skulls\AppData\Roaming\mozilla\Firefox\Profiles\eq5eo9ld.default\extensions\engine@conduit.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Skulls
->Temp folder emptied: 67946 bytes
->Temporary Internet Files folder emptied: 147858 bytes
->Java cache emptied: 4363 bytes
->FireFox cache emptied: 45836936 bytes
->Flash cache emptied: 1964 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 843688 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 45,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 10312011_221651

Files\Folders moved on Reboot...
File\Folder C:\Users\Skulls\AppData\Local\Temp\OICE_E7720B06-A7A0-4188-AFB1-44AB7A93F65A.0\6D61AC60. not found!
C:\Users\Skulls\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 31.10.2011, 22:28

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Warsta · 01.11.2011, 02:43

War alles ok. Ichweiß ja nicht. Hab ich jetzt was? Oder finde ich nur nix, obwohl du was vermutest?
Habe unhide jetzt nicht ausgeführt, weil ich alles sehen und ausführen konnte.

Code:

ATTFilter

02:36:16.0854 1320	TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
02:36:17.0010 1320	============================================================
02:36:17.0010 1320	Current date / time: 2011/11/01 02:36:17.0010
02:36:17.0010 1320	SystemInfo:
02:36:17.0010 1320	
02:36:17.0010 1320	OS Version: 6.1.7601 ServicePack: 1.0
02:36:17.0010 1320	Product type: Workstation
02:36:17.0010 1320	ComputerName: *
02:36:17.0010 1320	UserName: *
02:36:17.0010 1320	Windows directory: C:\Windows
02:36:17.0010 1320	System windows directory: C:\Windows
02:36:17.0010 1320	Running under WOW64
02:36:17.0010 1320	Processor architecture: Intel x64
02:36:17.0010 1320	Number of processors: 2
02:36:17.0010 1320	Page size: 0x1000
02:36:17.0010 1320	Boot type: Normal boot
02:36:17.0010 1320	============================================================
02:36:18.0133 1320	Initialize success
02:38:09.0642 2436	============================================================
02:38:09.0642 2436	Scan started
02:38:09.0642 2436	Mode: Manual; SigCheck; TDLFS; 
02:38:09.0642 2436	============================================================
02:38:10.0516 2436	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:38:10.0703 2436	1394ohci - ok
02:38:10.0797 2436	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:38:10.0828 2436	ACPI - ok
02:38:10.0875 2436	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:38:10.0953 2436	AcpiPmi - ok
02:38:11.0109 2436	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:38:11.0171 2436	adp94xx - ok
02:38:11.0218 2436	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:38:11.0233 2436	adpahci - ok
02:38:11.0249 2436	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:38:11.0280 2436	adpu320 - ok
02:38:11.0343 2436	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
02:38:11.0452 2436	AFD - ok
02:38:11.0530 2436	AgereSoftModem  (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
02:38:11.0670 2436	AgereSoftModem - ok
02:38:11.0717 2436	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:38:11.0733 2436	agp440 - ok
02:38:11.0779 2436	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:38:11.0795 2436	aliide - ok
02:38:11.0826 2436	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:38:11.0842 2436	amdide - ok
02:38:11.0889 2436	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:38:11.0951 2436	AmdK8 - ok
02:38:11.0967 2436	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:38:12.0013 2436	AmdPPM - ok
02:38:12.0045 2436	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:38:12.0060 2436	amdsata - ok
02:38:12.0091 2436	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:38:12.0123 2436	amdsbs - ok
02:38:12.0138 2436	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:38:12.0154 2436	amdxata - ok
02:38:12.0247 2436	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:38:12.0466 2436	AppID - ok
02:38:12.0575 2436	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:38:12.0606 2436	arc - ok
02:38:12.0653 2436	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:38:12.0669 2436	arcsas - ok
02:38:12.0700 2436	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:38:12.0887 2436	AsyncMac - ok
02:38:12.0918 2436	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:38:12.0918 2436	atapi - ok
02:38:13.0012 2436	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
02:38:13.0215 2436	avgntflt - ok
02:38:13.0371 2436	avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
02:38:13.0386 2436	avipbb - ok
02:38:13.0417 2436	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
02:38:13.0433 2436	avkmgr - ok
02:38:13.0495 2436	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:38:13.0573 2436	b06bdrv - ok
02:38:13.0636 2436	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:38:13.0698 2436	b57nd60a - ok
02:38:13.0745 2436	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:38:13.0823 2436	Beep - ok
02:38:13.0885 2436	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:38:13.0901 2436	blbdrive - ok
02:38:13.0932 2436	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:38:13.0995 2436	bowser - ok
02:38:14.0026 2436	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:38:14.0119 2436	BrFiltLo - ok
02:38:14.0135 2436	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:38:14.0151 2436	BrFiltUp - ok
02:38:14.0182 2436	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:38:14.0229 2436	Brserid - ok
02:38:14.0244 2436	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:38:14.0275 2436	BrSerWdm - ok
02:38:14.0322 2436	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:38:14.0353 2436	BrUsbMdm - ok
02:38:14.0369 2436	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:38:14.0400 2436	BrUsbSer - ok
02:38:14.0431 2436	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:38:14.0463 2436	BTHMODEM - ok
02:38:14.0525 2436	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:38:14.0572 2436	cdfs - ok
02:38:14.0619 2436	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:38:14.0665 2436	cdrom - ok
02:38:14.0728 2436	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:38:14.0759 2436	circlass - ok
02:38:14.0790 2436	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:38:14.0821 2436	CLFS - ok
02:38:14.0868 2436	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:38:14.0915 2436	CmBatt - ok
02:38:14.0946 2436	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:38:14.0977 2436	cmdide - ok
02:38:15.0009 2436	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
02:38:15.0055 2436	CNG - ok
02:38:15.0102 2436	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:38:15.0133 2436	Compbatt - ok
02:38:15.0165 2436	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:38:15.0227 2436	CompositeBus - ok
02:38:15.0258 2436	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:38:15.0274 2436	crcdisk - ok
02:38:15.0352 2436	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:38:15.0430 2436	CSC - ok
02:38:15.0461 2436	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
02:38:15.0477 2436	CVirtA - ok
02:38:15.0570 2436	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
02:38:15.0601 2436	CVPNDRVA - ok
02:38:15.0679 2436	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:38:15.0757 2436	DfsC - ok
02:38:15.0773 2436	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:38:15.0835 2436	discache - ok
02:38:15.0851 2436	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:38:15.0882 2436	Disk - ok
02:38:15.0929 2436	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
02:38:15.0929 2436	DNE - ok
02:38:15.0991 2436	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:38:16.0023 2436	drmkaud - ok
02:38:16.0085 2436	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:38:16.0179 2436	DXGKrnl - ok
02:38:16.0210 2436	E504C - ok
02:38:16.0319 2436	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:38:16.0475 2436	ebdrv - ok
02:38:16.0522 2436	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:38:16.0569 2436	elxstor - ok
02:38:16.0584 2436	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:38:16.0647 2436	ErrDev - ok
02:38:16.0693 2436	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:38:16.0740 2436	exfat - ok
02:38:16.0771 2436	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:38:16.0818 2436	fastfat - ok
02:38:16.0865 2436	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:38:16.0912 2436	fdc - ok
02:38:16.0943 2436	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:38:16.0959 2436	FileInfo - ok
02:38:16.0974 2436	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:38:17.0021 2436	Filetrace - ok
02:38:17.0052 2436	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:38:17.0068 2436	flpydisk - ok
02:38:17.0115 2436	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:38:17.0161 2436	FltMgr - ok
02:38:17.0177 2436	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:38:17.0193 2436	FsDepends - ok
02:38:17.0208 2436	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:38:17.0224 2436	Fs_Rec - ok
02:38:17.0271 2436	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:38:17.0317 2436	fvevol - ok
02:38:17.0333 2436	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:38:17.0349 2436	gagp30kx - ok
02:38:17.0380 2436	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:38:17.0411 2436	hcw85cir - ok
02:38:17.0473 2436	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:38:17.0536 2436	HdAudAddService - ok
02:38:17.0567 2436	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:38:17.0598 2436	HDAudBus - ok
02:38:17.0629 2436	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:38:17.0661 2436	HidBatt - ok
02:38:17.0676 2436	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:38:17.0707 2436	HidBth - ok
02:38:17.0739 2436	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:38:17.0770 2436	HidIr - ok
02:38:17.0817 2436	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:38:17.0848 2436	HidUsb - ok
02:38:17.0879 2436	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:38:17.0895 2436	HpSAMD - ok
02:38:17.0957 2436	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:38:18.0035 2436	HTTP - ok
02:38:18.0066 2436	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:38:18.0082 2436	hwpolicy - ok
02:38:18.0144 2436	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:38:18.0175 2436	i8042prt - ok
02:38:18.0222 2436	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:38:18.0253 2436	iaStorV - ok
02:38:18.0300 2436	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:38:18.0316 2436	iirsp - ok
02:38:18.0441 2436	IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
02:38:18.0597 2436	IntcAzAudAddService - ok
02:38:18.0659 2436	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:38:18.0675 2436	intelide - ok
02:38:18.0721 2436	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:38:18.0753 2436	intelppm - ok
02:38:18.0799 2436	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:38:18.0846 2436	IpFilterDriver - ok
02:38:18.0893 2436	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:38:18.0924 2436	IPMIDRV - ok
02:38:18.0940 2436	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:38:18.0987 2436	IPNAT - ok
02:38:19.0018 2436	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:38:19.0065 2436	IRENUM - ok
02:38:19.0096 2436	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:38:19.0111 2436	isapnp - ok
02:38:19.0143 2436	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:38:19.0174 2436	iScsiPrt - ok
02:38:19.0205 2436	k57nd60a        (1d7aab58f4e21697af8f46eaa81823dd) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:38:19.0236 2436	k57nd60a - ok
02:38:19.0283 2436	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:38:19.0299 2436	kbdclass - ok
02:38:19.0330 2436	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:38:19.0377 2436	kbdhid - ok
02:38:19.0455 2436	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
02:38:19.0486 2436	KSecDD - ok
02:38:19.0517 2436	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
02:38:19.0548 2436	KSecPkg - ok
02:38:19.0579 2436	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:38:19.0657 2436	ksthunk - ok
02:38:19.0720 2436	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:38:19.0782 2436	lltdio - ok
02:38:19.0813 2436	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:38:19.0829 2436	LSI_FC - ok
02:38:19.0845 2436	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:38:19.0876 2436	LSI_SAS - ok
02:38:19.0891 2436	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:38:19.0907 2436	LSI_SAS2 - ok
02:38:19.0938 2436	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:38:19.0954 2436	LSI_SCSI - ok
02:38:19.0985 2436	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:38:20.0032 2436	luafv - ok
02:38:20.0125 2436	mdf16 - ok
02:38:20.0203 2436	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:38:20.0235 2436	megasas - ok
02:38:20.0281 2436	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:38:20.0328 2436	MegaSR - ok
02:38:20.0375 2436	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:38:20.0422 2436	Modem - ok
02:38:20.0437 2436	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:38:20.0469 2436	monitor - ok
02:38:20.0515 2436	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:38:20.0531 2436	mouclass - ok
02:38:20.0578 2436	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:38:20.0593 2436	mouhid - ok
02:38:20.0625 2436	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:38:20.0656 2436	mountmgr - ok
02:38:20.0687 2436	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:38:20.0703 2436	mpio - ok
02:38:20.0718 2436	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:38:20.0781 2436	mpsdrv - ok
02:38:20.0827 2436	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:38:20.0890 2436	MRxDAV - ok
02:38:20.0937 2436	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:38:20.0983 2436	mrxsmb - ok
02:38:21.0015 2436	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:38:21.0077 2436	mrxsmb10 - ok
02:38:21.0093 2436	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:38:21.0108 2436	mrxsmb20 - ok
02:38:21.0171 2436	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:38:21.0186 2436	msahci - ok
02:38:21.0217 2436	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:38:21.0249 2436	msdsm - ok
02:38:21.0295 2436	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:38:21.0327 2436	Msfs - ok
02:38:21.0358 2436	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:38:21.0420 2436	mshidkmdf - ok
02:38:21.0436 2436	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:38:21.0436 2436	msisadrv - ok
02:38:21.0483 2436	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:38:21.0529 2436	MSKSSRV - ok
02:38:21.0545 2436	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:38:21.0607 2436	MSPCLOCK - ok
02:38:21.0639 2436	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:38:21.0701 2436	MSPQM - ok
02:38:21.0748 2436	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:38:21.0795 2436	MsRPC - ok
02:38:21.0826 2436	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:38:21.0841 2436	mssmbios - ok
02:38:21.0888 2436	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:38:21.0966 2436	MSTEE - ok
02:38:21.0997 2436	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:38:22.0029 2436	MTConfig - ok
02:38:22.0075 2436	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:38:22.0091 2436	Mup - ok
02:38:22.0169 2436	mvd22 - ok
02:38:22.0263 2436	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:38:22.0309 2436	NativeWifiP - ok
02:38:22.0434 2436	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:38:22.0497 2436	NDIS - ok
02:38:22.0543 2436	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:38:22.0606 2436	NdisCap - ok
02:38:22.0621 2436	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:38:22.0653 2436	NdisTapi - ok
02:38:22.0684 2436	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:38:22.0746 2436	Ndisuio - ok
02:38:22.0777 2436	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:38:22.0824 2436	NdisWan - ok
02:38:22.0855 2436	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:38:22.0918 2436	NDProxy - ok
02:38:22.0965 2436	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:38:23.0011 2436	NetBIOS - ok
02:38:23.0058 2436	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:38:23.0121 2436	NetBT - ok
02:38:23.0355 2436	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
02:38:23.0620 2436	NETw5s64 - ok
02:38:23.0901 2436	NETwNs64        (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
02:38:24.0213 2436	NETwNs64 - ok
02:38:24.0306 2436	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:38:24.0322 2436	nfrd960 - ok
02:38:24.0384 2436	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:38:24.0431 2436	Npfs - ok
02:38:24.0462 2436	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:38:24.0509 2436	nsiproxy - ok
02:38:24.0587 2436	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:38:24.0696 2436	Ntfs - ok
02:38:24.0696 2436	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:38:24.0759 2436	Null - ok
02:38:24.0805 2436	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
02:38:24.0821 2436	NVHDA - ok
02:38:25.0149 2436	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:38:25.0648 2436	nvlddmkm - ok
02:38:25.0788 2436	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:38:25.0819 2436	nvraid - ok
02:38:25.0882 2436	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:38:25.0913 2436	nvstor - ok
02:38:25.0944 2436	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:38:25.0960 2436	nv_agp - ok
02:38:25.0991 2436	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:38:26.0022 2436	ohci1394 - ok
02:38:26.0085 2436	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:38:26.0100 2436	Parport - ok
02:38:26.0131 2436	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:38:26.0147 2436	partmgr - ok
02:38:26.0163 2436	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:38:26.0194 2436	pci - ok
02:38:26.0209 2436	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:38:26.0225 2436	pciide - ok
02:38:26.0256 2436	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:38:26.0272 2436	pcmcia - ok
02:38:26.0287 2436	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:38:26.0303 2436	pcw - ok
02:38:26.0334 2436	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:38:26.0412 2436	PEAUTH - ok
02:38:26.0521 2436	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:38:26.0584 2436	PptpMiniport - ok
02:38:26.0599 2436	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:38:26.0646 2436	Processor - ok
02:38:26.0709 2436	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:38:26.0771 2436	Psched - ok
02:38:26.0818 2436	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:38:26.0911 2436	ql2300 - ok
02:38:26.0927 2436	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:38:26.0958 2436	ql40xx - ok
02:38:26.0974 2436	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:38:27.0005 2436	QWAVEdrv - ok
02:38:27.0021 2436	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:38:27.0083 2436	RasAcd - ok
02:38:27.0114 2436	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:38:27.0161 2436	RasAgileVpn - ok
02:38:27.0192 2436	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:38:27.0270 2436	Rasl2tp - ok
02:38:27.0301 2436	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:38:27.0348 2436	RasPppoe - ok
02:38:27.0379 2436	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:38:27.0442 2436	RasSstp - ok
02:38:27.0473 2436	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:38:27.0582 2436	rdbss - ok
02:38:27.0598 2436	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:38:27.0629 2436	rdpbus - ok
02:38:27.0676 2436	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:38:27.0738 2436	RDPCDD - ok
02:38:27.0769 2436	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:38:27.0801 2436	RDPDR - ok
02:38:27.0832 2436	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:38:27.0879 2436	RDPENCDD - ok
02:38:27.0894 2436	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:38:27.0941 2436	RDPREFMP - ok
02:38:28.0003 2436	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
02:38:28.0035 2436	RdpVideoMiniport - ok
02:38:28.0066 2436	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
02:38:28.0113 2436	RDPWD - ok
02:38:28.0175 2436	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:38:28.0206 2436	rdyboost - ok
02:38:28.0269 2436	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:38:28.0315 2436	rspndr - ok
02:38:28.0347 2436	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:38:28.0378 2436	s3cap - ok
02:38:28.0393 2436	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:38:28.0409 2436	sbp2port - ok
02:38:28.0456 2436	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:38:28.0518 2436	scfilter - ok
02:38:28.0565 2436	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:38:28.0627 2436	secdrv - ok
02:38:28.0659 2436	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:38:28.0690 2436	Serenum - ok
02:38:28.0721 2436	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:38:28.0768 2436	Serial - ok
02:38:28.0799 2436	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:38:28.0815 2436	sermouse - ok
02:38:28.0862 2436	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:38:28.0893 2436	sffdisk - ok
02:38:28.0908 2436	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:38:28.0924 2436	sffp_mmc - ok
02:38:28.0940 2436	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:38:28.0971 2436	sffp_sd - ok
02:38:29.0002 2436	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:38:29.0033 2436	sfloppy - ok
02:38:29.0064 2436	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:38:29.0080 2436	SiSRaid2 - ok
02:38:29.0096 2436	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:38:29.0111 2436	SiSRaid4 - ok
02:38:29.0142 2436	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:38:29.0205 2436	Smb - ok
02:38:29.0252 2436	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:38:29.0252 2436	spldr - ok
02:38:29.0314 2436	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:38:29.0392 2436	srv - ok
02:38:29.0423 2436	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:38:29.0486 2436	srv2 - ok
02:38:29.0517 2436	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:38:29.0564 2436	srvnet - ok
02:38:29.0610 2436	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:38:29.0626 2436	stexstor - ok
02:38:29.0688 2436	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:38:29.0704 2436	storflt - ok
02:38:29.0735 2436	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:38:29.0751 2436	storvsc - ok
02:38:29.0766 2436	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:38:29.0782 2436	swenum - ok
02:38:29.0813 2436	Synth3dVsc - ok
02:38:29.0907 2436	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
02:38:30.0032 2436	Tcpip - ok
02:38:30.0094 2436	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
02:38:30.0141 2436	TCPIP6 - ok
02:38:30.0188 2436	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:38:30.0234 2436	tcpipreg - ok
02:38:30.0297 2436	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:38:30.0344 2436	TDPIPE - ok
02:38:30.0359 2436	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:38:30.0406 2436	TDTCP - ok
02:38:30.0453 2436	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:38:30.0500 2436	tdx - ok
02:38:30.0531 2436	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:38:30.0562 2436	TermDD - ok
02:38:30.0609 2436	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:38:30.0656 2436	tssecsrv - ok
02:38:30.0702 2436	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:38:30.0718 2436	TsUsbFlt - ok
02:38:30.0734 2436	tsusbhub - ok
02:38:30.0780 2436	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:38:30.0827 2436	tunnel - ok
02:38:30.0858 2436	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:38:30.0874 2436	uagp35 - ok
02:38:30.0905 2436	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:38:30.0968 2436	udfs - ok
02:38:30.0999 2436	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:38:31.0014 2436	uliagpkx - ok
02:38:31.0061 2436	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:38:31.0092 2436	umbus - ok
02:38:31.0108 2436	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:38:31.0139 2436	UmPass - ok
02:38:31.0186 2436	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:38:31.0217 2436	usbccgp - ok
02:38:31.0248 2436	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:38:31.0280 2436	usbcir - ok
02:38:31.0311 2436	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:38:31.0326 2436	usbehci - ok
02:38:31.0389 2436	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:38:31.0436 2436	usbhub - ok
02:38:31.0467 2436	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:38:31.0482 2436	usbohci - ok
02:38:31.0514 2436	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:38:31.0545 2436	usbprint - ok
02:38:31.0592 2436	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:38:31.0638 2436	usbscan - ok
02:38:31.0670 2436	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:38:31.0685 2436	USBSTOR - ok
02:38:31.0716 2436	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
02:38:31.0748 2436	usbuhci - ok
02:38:31.0779 2436	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:38:31.0810 2436	usbvideo - ok
02:38:31.0841 2436	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:38:31.0857 2436	vdrvroot - ok
02:38:31.0904 2436	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:38:31.0919 2436	vga - ok
02:38:31.0950 2436	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:38:31.0997 2436	VgaSave - ok
02:38:32.0013 2436	VGPU - ok
02:38:32.0044 2436	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
02:38:32.0060 2436	vhdmp - ok
02:38:32.0091 2436	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:38:32.0106 2436	viaide - ok
02:38:32.0138 2436	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:38:32.0153 2436	vmbus - ok
02:38:32.0169 2436	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:38:32.0200 2436	VMBusHID - ok
02:38:32.0216 2436	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:38:32.0231 2436	volmgr - ok
02:38:32.0278 2436	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:38:32.0309 2436	volmgrx - ok
02:38:32.0340 2436	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:38:32.0372 2436	volsnap - ok
02:38:32.0387 2436	vsdatant - ok
02:38:32.0418 2436	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:38:32.0450 2436	vsmraid - ok
02:38:32.0465 2436	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:38:32.0496 2436	vwifibus - ok
02:38:32.0512 2436	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:38:32.0543 2436	vwififlt - ok
02:38:32.0559 2436	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:38:32.0590 2436	WacomPen - ok
02:38:32.0637 2436	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:38:32.0699 2436	WANARP - ok
02:38:32.0699 2436	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:38:32.0746 2436	Wanarpv6 - ok
02:38:32.0777 2436	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:38:32.0793 2436	Wd - ok
02:38:32.0824 2436	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:38:32.0871 2436	Wdf01000 - ok
02:38:32.0902 2436	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:38:32.0949 2436	WfpLwf - ok
02:38:32.0964 2436	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:38:32.0980 2436	WIMMount - ok
02:38:33.0042 2436	WinDriver6      (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys
02:38:33.0089 2436	WinDriver6 - ok
02:38:33.0167 2436	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:38:33.0198 2436	WmiAcpi - ok
02:38:33.0245 2436	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:38:33.0292 2436	ws2ifsl - ok
02:38:33.0339 2436	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:38:33.0401 2436	WudfPf - ok
02:38:33.0448 2436	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:38:33.0495 2436	WUDFRd - ok
02:38:33.0526 2436	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:38:33.0729 2436	\Device\Harddisk0\DR0 - ok
02:38:33.0729 2436	Boot (0x1200)   (21024f24d09098c2c2e4868a73eceb40) \Device\Harddisk0\DR0\Partition0
02:38:33.0729 2436	\Device\Harddisk0\DR0\Partition0 - ok
02:38:33.0776 2436	Boot (0x1200)   (d6d82d57183cacda9755d2270b03dc03) \Device\Harddisk0\DR0\Partition1
02:38:33.0776 2436	\Device\Harddisk0\DR0\Partition1 - ok
02:38:33.0791 2436	Boot (0x1200)   (18ccaae9dded57674ca72cbc6617c2ef) \Device\Harddisk0\DR0\Partition2
02:38:33.0791 2436	\Device\Harddisk0\DR0\Partition2 - ok
02:38:33.0791 2436	============================================================
02:38:33.0791 2436	Scan finished
02:38:33.0791 2436	============================================================
02:38:33.0807 2288	Detected object count: 0
02:38:33.0807 2288	Actual detected object count: 0
02:38:49.0157 2388	============================================================
02:38:49.0157 2388	Scan started
02:38:49.0157 2388	Mode: Manual; SigCheck; TDLFS; 
02:38:49.0157 2388	============================================================
02:38:49.0734 2388	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:38:49.0781 2388	1394ohci - ok
02:38:49.0812 2388	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:38:49.0828 2388	ACPI - ok
02:38:49.0844 2388	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:38:49.0859 2388	AcpiPmi - ok
02:38:49.0906 2388	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:38:49.0922 2388	adp94xx - ok
02:38:49.0953 2388	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:38:49.0968 2388	adpahci - ok
02:38:49.0984 2388	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:38:50.0000 2388	adpu320 - ok
02:38:50.0031 2388	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
02:38:50.0062 2388	AFD - ok
02:38:50.0124 2388	AgereSoftModem  (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys
02:38:50.0140 2388	AgereSoftModem - ok
02:38:50.0171 2388	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:38:50.0187 2388	agp440 - ok
02:38:50.0218 2388	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:38:50.0218 2388	aliide - ok
02:38:50.0234 2388	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:38:50.0249 2388	amdide - ok
02:38:50.0265 2388	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:38:50.0280 2388	AmdK8 - ok
02:38:50.0296 2388	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:38:50.0312 2388	AmdPPM - ok
02:38:50.0327 2388	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:38:50.0343 2388	amdsata - ok
02:38:50.0358 2388	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:38:50.0374 2388	amdsbs - ok
02:38:50.0390 2388	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:38:50.0405 2388	amdxata - ok
02:38:50.0436 2388	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:38:50.0468 2388	AppID - ok
02:38:50.0499 2388	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:38:50.0514 2388	arc - ok
02:38:50.0546 2388	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:38:50.0546 2388	arcsas - ok
02:38:50.0577 2388	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:38:50.0608 2388	AsyncMac - ok
02:38:50.0624 2388	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:38:50.0639 2388	atapi - ok
02:38:50.0670 2388	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
02:38:50.0686 2388	avgntflt - ok
02:38:50.0702 2388	avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
02:38:50.0717 2388	avipbb - ok
02:38:50.0733 2388	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
02:38:50.0733 2388	avkmgr - ok
02:38:50.0780 2388	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:38:50.0811 2388	b06bdrv - ok
02:38:50.0826 2388	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:38:50.0842 2388	b57nd60a - ok
02:38:50.0873 2388	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:38:50.0904 2388	Beep - ok
02:38:50.0936 2388	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:38:50.0951 2388	blbdrive - ok
02:38:50.0998 2388	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:38:50.0998 2388	bowser - ok
02:38:51.0029 2388	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:38:51.0045 2388	BrFiltLo - ok
02:38:51.0060 2388	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:38:51.0076 2388	BrFiltUp - ok
02:38:51.0107 2388	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:38:51.0123 2388	Brserid - ok
02:38:51.0138 2388	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:38:51.0154 2388	BrSerWdm - ok
02:38:51.0170 2388	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:38:51.0185 2388	BrUsbMdm - ok
02:38:51.0201 2388	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:38:51.0216 2388	BrUsbSer - ok
02:38:51.0232 2388	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:38:51.0248 2388	BTHMODEM - ok
02:38:51.0279 2388	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:38:51.0310 2388	cdfs - ok
02:38:51.0357 2388	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:38:51.0357 2388	cdrom - ok
02:38:51.0388 2388	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:38:51.0404 2388	circlass - ok
02:38:51.0435 2388	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:38:51.0450 2388	CLFS - ok
02:38:51.0482 2388	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:38:51.0497 2388	CmBatt - ok
02:38:51.0513 2388	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:38:51.0528 2388	cmdide - ok
02:38:51.0560 2388	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
02:38:51.0575 2388	CNG - ok
02:38:51.0591 2388	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:38:51.0606 2388	Compbatt - ok
02:38:51.0638 2388	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:38:51.0653 2388	CompositeBus - ok
02:38:51.0669 2388	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:38:51.0684 2388	crcdisk - ok
02:38:51.0716 2388	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:38:51.0731 2388	CSC - ok
02:38:51.0762 2388	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
02:38:51.0778 2388	CVirtA - ok
02:38:51.0809 2388	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
02:38:51.0825 2388	CVPNDRVA - ok
02:38:51.0872 2388	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:38:51.0918 2388	DfsC - ok
02:38:51.0934 2388	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:38:51.0965 2388	discache - ok
02:38:51.0981 2388	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:38:51.0996 2388	Disk - ok
02:38:52.0012 2388	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
02:38:52.0028 2388	DNE - ok
02:38:52.0059 2388	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:38:52.0074 2388	drmkaud - ok
02:38:52.0121 2388	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:38:52.0152 2388	DXGKrnl - ok
02:38:52.0168 2388	E504C - ok
02:38:52.0262 2388	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:38:52.0324 2388	ebdrv - ok
02:38:52.0355 2388	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:38:52.0386 2388	elxstor - ok
02:38:52.0402 2388	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:38:52.0418 2388	ErrDev - ok
02:38:52.0449 2388	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:38:52.0480 2388	exfat - ok
02:38:52.0511 2388	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:38:52.0542 2388	fastfat - ok
02:38:52.0574 2388	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:38:52.0589 2388	fdc - ok
02:38:52.0620 2388	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:38:52.0636 2388	FileInfo - ok
02:38:52.0636 2388	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:38:52.0683 2388	Filetrace - ok
02:38:52.0698 2388	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:38:52.0714 2388	flpydisk - ok
02:38:52.0745 2388	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:38:52.0761 2388	FltMgr - ok
02:38:52.0792 2388	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:38:52.0792 2388	FsDepends - ok
02:38:52.0823 2388	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:38:52.0823 2388	Fs_Rec - ok
02:38:52.0870 2388	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:38:52.0886 2388	fvevol - ok
02:38:52.0901 2388	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:38:52.0917 2388	gagp30kx - ok
02:38:52.0932 2388	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:38:52.0948 2388	hcw85cir - ok
02:38:52.0995 2388	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:38:53.0010 2388	HdAudAddService - ok
02:38:53.0042 2388	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:38:53.0057 2388	HDAudBus - ok
02:38:53.0088 2388	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:38:53.0088 2388	HidBatt - ok
02:38:53.0120 2388	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:38:53.0135 2388	HidBth - ok
02:38:53.0151 2388	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:38:53.0166 2388	HidIr - ok
02:38:53.0198 2388	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:38:53.0213 2388	HidUsb - ok
02:38:53.0244 2388	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:38:53.0260 2388	HpSAMD - ok
02:38:53.0291 2388	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:38:53.0338 2388	HTTP - ok
02:38:53.0369 2388	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:38:53.0369 2388	hwpolicy - ok
02:38:53.0400 2388	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:38:53.0400 2388	i8042prt - ok
02:38:53.0432 2388	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:38:53.0447 2388	iaStorV - ok
02:38:53.0478 2388	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:38:53.0494 2388	iirsp - ok
02:38:53.0603 2388	IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
02:38:53.0650 2388	IntcAzAudAddService - ok
02:38:53.0681 2388	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:38:53.0681 2388	intelide - ok
02:38:53.0712 2388	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:38:53.0728 2388	intelppm - ok
02:38:53.0759 2388	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:38:53.0806 2388	IpFilterDriver - ok
02:38:53.0822 2388	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:38:53.0837 2388	IPMIDRV - ok
02:38:53.0853 2388	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:38:53.0884 2388	IPNAT - ok
02:38:53.0915 2388	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:38:53.0931 2388	IRENUM - ok
02:38:53.0946 2388	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:38:53.0962 2388	isapnp - ok
02:38:53.0978 2388	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:38:53.0993 2388	iScsiPrt - ok
02:38:54.0040 2388	k57nd60a        (1d7aab58f4e21697af8f46eaa81823dd) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:38:54.0056 2388	k57nd60a - ok
02:38:54.0087 2388	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:38:54.0102 2388	kbdclass - ok
02:38:54.0134 2388	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:38:54.0134 2388	kbdhid - ok
02:38:54.0180 2388	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
02:38:54.0180 2388	KSecDD - ok
02:38:54.0227 2388	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
02:38:54.0227 2388	KSecPkg - ok
02:38:54.0258 2388	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:38:54.0305 2388	ksthunk - ok
02:38:54.0321 2388	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:38:54.0368 2388	lltdio - ok
02:38:54.0399 2388	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:38:54.0399 2388	LSI_FC - ok
02:38:54.0430 2388	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:38:54.0446 2388	LSI_SAS - ok
02:38:54.0461 2388	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:38:54.0477 2388	LSI_SAS2 - ok
02:38:54.0508 2388	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:38:54.0524 2388	LSI_SCSI - ok
02:38:54.0539 2388	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:38:54.0570 2388	luafv - ok
02:38:54.0648 2388	mdf16 - ok
02:38:54.0664 2388	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:38:54.0680 2388	megasas - ok
02:38:54.0711 2388	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:38:54.0726 2388	MegaSR - ok
02:38:54.0758 2388	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:38:54.0789 2388	Modem - ok
02:38:54.0804 2388	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:38:54.0820 2388	monitor - ok
02:38:54.0851 2388	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:38:54.0867 2388	mouclass - ok
02:38:54.0882 2388	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:38:54.0898 2388	mouhid - ok
02:38:54.0929 2388	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:38:54.0945 2388	mountmgr - ok
02:38:54.0976 2388	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:38:54.0976 2388	mpio - ok
02:38:55.0007 2388	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:38:55.0038 2388	mpsdrv - ok
02:38:55.0085 2388	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:38:55.0116 2388	MRxDAV - ok
02:38:55.0148 2388	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:38:55.0163 2388	mrxsmb - ok
02:38:55.0210 2388	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:38:55.0226 2388	mrxsmb10 - ok
02:38:55.0257 2388	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:38:55.0272 2388	mrxsmb20 - ok
02:38:55.0288 2388	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:38:55.0304 2388	msahci - ok
02:38:55.0350 2388	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:38:55.0366 2388	msdsm - ok
02:38:55.0413 2388	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:38:55.0444 2388	Msfs - ok
02:38:55.0460 2388	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:38:55.0491 2388	mshidkmdf - ok
02:38:55.0522 2388	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:38:55.0538 2388	msisadrv - ok
02:38:55.0553 2388	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:38:55.0584 2388	MSKSSRV - ok
02:38:55.0600 2388	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:38:55.0647 2388	MSPCLOCK - ok
02:38:55.0662 2388	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:38:55.0694 2388	MSPQM - ok
02:38:55.0725 2388	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:38:55.0740 2388	MsRPC - ok
02:38:55.0772 2388	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:38:55.0787 2388	mssmbios - ok
02:38:55.0803 2388	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:38:55.0834 2388	MSTEE - ok
02:38:55.0865 2388	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:38:55.0881 2388	MTConfig - ok
02:38:55.0896 2388	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:38:55.0912 2388	Mup - ok
02:38:55.0974 2388	mvd22 - ok
02:38:56.0006 2388	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:38:56.0037 2388	NativeWifiP - ok
02:38:56.0084 2388	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:38:56.0130 2388	NDIS - ok
02:38:56.0162 2388	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:38:56.0193 2388	NdisCap - ok
02:38:56.0208 2388	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:38:56.0240 2388	NdisTapi - ok
02:38:56.0271 2388	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:38:56.0302 2388	Ndisuio - ok
02:38:56.0349 2388	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:38:56.0396 2388	NdisWan - ok
02:38:56.0427 2388	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:38:56.0458 2388	NDProxy - ok
02:38:56.0489 2388	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:38:56.0520 2388	NetBIOS - ok
02:38:56.0552 2388	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:38:56.0598 2388	NetBT - ok
02:38:56.0786 2388	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
02:38:56.0864 2388	NETw5s64 - ok
02:38:57.0144 2388	NETwNs64        (9ec1edebba8cf6a30899ee38ab1352cc) C:\Windows\system32\DRIVERS\NETwNs64.sys
02:38:57.0238 2388	NETwNs64 - ok
02:38:57.0269 2388	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:38:57.0269 2388	nfrd960 - ok
02:38:57.0300 2388	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:38:57.0332 2388	Npfs - ok
02:38:57.0363 2388	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:38:57.0394 2388	nsiproxy - ok
02:38:57.0456 2388	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:38:57.0503 2388	Ntfs - ok
02:38:57.0519 2388	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:38:57.0550 2388	Null - ok
02:38:57.0581 2388	NVHDA           (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
02:38:57.0597 2388	NVHDA - ok
02:38:57.0909 2388	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:38:58.0127 2388	nvlddmkm - ok
02:38:58.0190 2388	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:38:58.0205 2388	nvraid - ok
02:38:58.0252 2388	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:38:58.0268 2388	nvstor - ok
02:38:58.0299 2388	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:38:58.0299 2388	nv_agp - ok
02:38:58.0330 2388	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:38:58.0346 2388	ohci1394 - ok
02:38:58.0377 2388	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:38:58.0392 2388	Parport - ok
02:38:58.0424 2388	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:38:58.0439 2388	partmgr - ok
02:38:58.0455 2388	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:38:58.0470 2388	pci - ok
02:38:58.0502 2388	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:38:58.0502 2388	pciide - ok
02:38:58.0533 2388	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:38:58.0548 2388	pcmcia - ok
02:38:58.0564 2388	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:38:58.0580 2388	pcw - ok
02:38:58.0611 2388	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:38:58.0658 2388	PEAUTH - ok
02:38:58.0720 2388	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:38:58.0767 2388	PptpMiniport - ok
02:38:58.0782 2388	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:38:58.0798 2388	Processor - ok
02:38:58.0829 2388	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:38:58.0876 2388	Psched - ok
02:38:58.0938 2388	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:38:58.0970 2388	ql2300 - ok
02:38:58.0985 2388	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:38:59.0001 2388	ql40xx - ok
02:38:59.0032 2388	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:38:59.0048 2388	QWAVEdrv - ok
02:38:59.0063 2388	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:38:59.0094 2388	RasAcd - ok
02:38:59.0141 2388	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:38:59.0172 2388	RasAgileVpn - ok
02:38:59.0219 2388	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:38:59.0250 2388	Rasl2tp - ok
02:38:59.0282 2388	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:38:59.0313 2388	RasPppoe - ok
02:38:59.0328 2388	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:38:59.0375 2388	RasSstp - ok
02:38:59.0422 2388	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:38:59.0453 2388	rdbss - ok
02:38:59.0469 2388	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:38:59.0484 2388	rdpbus - ok
02:38:59.0500 2388	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:38:59.0547 2388	RDPCDD - ok
02:38:59.0578 2388	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:38:59.0594 2388	RDPDR - ok
02:38:59.0609 2388	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:38:59.0656 2388	RDPENCDD - ok
02:38:59.0672 2388	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:38:59.0703 2388	RDPREFMP - ok
02:38:59.0734 2388	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
02:38:59.0750 2388	RdpVideoMiniport - ok
02:38:59.0781 2388	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
02:38:59.0812 2388	RDPWD - ok
02:38:59.0859 2388	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:38:59.0874 2388	rdyboost - ok
02:38:59.0906 2388	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:38:59.0952 2388	rspndr - ok
02:38:59.0968 2388	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:38:59.0999 2388	s3cap - ok
02:39:00.0030 2388	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:39:00.0046 2388	sbp2port - ok
02:39:00.0077 2388	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:39:00.0108 2388	scfilter - ok
02:39:00.0124 2388	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:39:00.0171 2388	secdrv - ok
02:39:00.0202 2388	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:39:00.0218 2388	Serenum - ok
02:39:00.0233 2388	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:39:00.0233 2388	Serial - ok
02:39:00.0264 2388	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:39:00.0264 2388	sermouse - ok
02:39:00.0311 2388	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:39:00.0327 2388	sffdisk - ok
02:39:00.0358 2388	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:39:00.0374 2388	sffp_mmc - ok
02:39:00.0374 2388	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:39:00.0389 2388	sffp_sd - ok
02:39:00.0420 2388	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:39:00.0436 2388	sfloppy - ok
02:39:00.0452 2388	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:39:00.0467 2388	SiSRaid2 - ok
02:39:00.0483 2388	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:39:00.0498 2388	SiSRaid4 - ok
02:39:00.0530 2388	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:39:00.0561 2388	Smb - ok
02:39:00.0592 2388	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:39:00.0592 2388	spldr - ok
02:39:00.0654 2388	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:39:00.0670 2388	srv - ok
02:39:00.0701 2388	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:39:00.0717 2388	srv2 - ok
02:39:00.0732 2388	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:39:00.0732 2388	srvnet - ok
02:39:00.0764 2388	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:39:00.0779 2388	stexstor - ok
02:39:00.0810 2388	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:39:00.0826 2388	storflt - ok
02:39:00.0842 2388	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:39:00.0857 2388	storvsc - ok
02:39:00.0873 2388	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:39:00.0888 2388	swenum - ok
02:39:00.0888 2388	Synth3dVsc - ok
02:39:00.0982 2388	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
02:39:01.0029 2388	Tcpip - ok
02:39:01.0076 2388	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
02:39:01.0122 2388	TCPIP6 - ok
02:39:01.0154 2388	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:39:01.0200 2388	tcpipreg - ok
02:39:01.0216 2388	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:39:01.0263 2388	TDPIPE - ok
02:39:01.0278 2388	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:39:01.0310 2388	TDTCP - ok
02:39:01.0341 2388	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:39:01.0388 2388	tdx - ok
02:39:01.0403 2388	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:39:01.0419 2388	TermDD - ok
02:39:01.0466 2388	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:39:01.0497 2388	tssecsrv - ok
02:39:01.0544 2388	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:39:01.0559 2388	TsUsbFlt - ok
02:39:01.0575 2388	tsusbhub - ok
02:39:01.0606 2388	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:39:01.0637 2388	tunnel - ok
02:39:01.0668 2388	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:39:01.0684 2388	uagp35 - ok
02:39:01.0731 2388	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:39:01.0762 2388	udfs - ok
02:39:01.0793 2388	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:39:01.0809 2388	uliagpkx - ok
02:39:01.0840 2388	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:39:01.0856 2388	umbus - ok
02:39:01.0887 2388	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:39:01.0902 2388	UmPass - ok
02:39:01.0934 2388	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:39:01.0965 2388	usbccgp - ok
02:39:01.0980 2388	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:39:01.0996 2388	usbcir - ok
02:39:02.0027 2388	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
02:39:02.0043 2388	usbehci - ok
02:39:02.0074 2388	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:39:02.0090 2388	usbhub - ok
02:39:02.0105 2388	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:39:02.0121 2388	usbohci - ok
02:39:02.0136 2388	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:39:02.0152 2388	usbprint - ok
02:39:02.0183 2388	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:39:02.0199 2388	usbscan - ok
02:39:02.0230 2388	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:39:02.0246 2388	USBSTOR - ok
02:39:02.0277 2388	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
02:39:02.0292 2388	usbuhci - ok
02:39:02.0308 2388	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:39:02.0324 2388	usbvideo - ok
02:39:02.0355 2388	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:39:02.0355 2388	vdrvroot - ok
02:39:02.0386 2388	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:39:02.0402 2388	vga - ok
02:39:02.0417 2388	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:39:02.0448 2388	VgaSave - ok
02:39:02.0464 2388	VGPU - ok
02:39:02.0480 2388	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
02:39:02.0495 2388	vhdmp - ok
02:39:02.0526 2388	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:39:02.0526 2388	viaide - ok
02:39:02.0558 2388	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:39:02.0573 2388	vmbus - ok
02:39:02.0589 2388	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:39:02.0604 2388	VMBusHID - ok
02:39:02.0636 2388	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:39:02.0636 2388	volmgr - ok
02:39:02.0682 2388	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:39:02.0698 2388	volmgrx - ok
02:39:02.0714 2388	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:39:02.0729 2388	volsnap - ok
02:39:02.0745 2388	vsdatant - ok
02:39:02.0792 2388	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:39:02.0807 2388	vsmraid - ok
02:39:02.0838 2388	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:39:02.0870 2388	vwifibus - ok
02:39:02.0885 2388	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:39:02.0901 2388	vwififlt - ok
02:39:02.0916 2388	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:39:02.0932 2388	WacomPen - ok
02:39:02.0963 2388	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:39:02.0994 2388	WANARP - ok
02:39:02.0994 2388	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:39:03.0026 2388	Wanarpv6 - ok
02:39:03.0057 2388	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:39:03.0072 2388	Wd - ok
02:39:03.0104 2388	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:39:03.0119 2388	Wdf01000 - ok
02:39:03.0166 2388	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:39:03.0197 2388	WfpLwf - ok
02:39:03.0213 2388	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:39:03.0213 2388	WIMMount - ok
02:39:03.0260 2388	WinDriver6      (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\drivers\windrvr6.sys
02:39:03.0291 2388	WinDriver6 - ok
02:39:03.0338 2388	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:39:03.0353 2388	WmiAcpi - ok
02:39:03.0384 2388	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:39:03.0416 2388	ws2ifsl - ok
02:39:03.0462 2388	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:39:03.0494 2388	WudfPf - ok
02:39:03.0525 2388	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:39:03.0556 2388	WUDFRd - ok
02:39:03.0587 2388	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:39:03.0696 2388	\Device\Harddisk0\DR0 - ok
02:39:03.0712 2388	Boot (0x1200)   (21024f24d09098c2c2e4868a73eceb40) \Device\Harddisk0\DR0\Partition0
02:39:03.0712 2388	\Device\Harddisk0\DR0\Partition0 - ok
02:39:03.0743 2388	Boot (0x1200)   (d6d82d57183cacda9755d2270b03dc03) \Device\Harddisk0\DR0\Partition1
02:39:03.0743 2388	\Device\Harddisk0\DR0\Partition1 - ok
02:39:03.0759 2388	Boot (0x1200)   (18ccaae9dded57674ca72cbc6617c2ef) \Device\Harddisk0\DR0\Partition2
02:39:03.0759 2388	\Device\Harddisk0\DR0\Partition2 - ok
02:39:03.0759 2388	============================================================
02:39:03.0759 2388	Scan finished
02:39:03.0759 2388	============================================================
02:39:03.0774 3668	Detected object count: 0
02:39:03.0774 3668	Actual detected object count: 0

cosinus · 01.11.2011, 11:58

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Warsta · 01.11.2011, 15:14

Ich mödchte hinzufügen, dass vpn (von Cisco Systems) zwar gelöscht wurde, es aber wahrscheinlich kein Virus ist, sondern eine Einwahlsoftware für die Uni.

Code:

ATTFilter

ComboFix 11-11-01.02 - Skulls 01.11.2011  14:20:13.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.2043.955 [GMT 1:00]
ausgeführt von:: c:\users\Skulls\Desktop\cofi.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Skulls\setx.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-01 bis 2011-11-01  ))))))))))))))))))))))))))))))
.
.
2011-11-01 13:14 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{647215B2-CA9A-41D3-A6B9-41E7B11EE3DA}\mpengine.dll
2011-10-31 21:16 . 2011-10-31 21:16	--------	d-----w-	C:\_OTL
2011-10-29 09:46 . 2011-10-29 09:46	--------	d-----w-	c:\windows\system32\Macromed
2011-10-22 23:14 . 2011-10-22 23:14	--------	d-----w-	c:\users\Skulls\AppData\Roaming\Malwarebytes
2011-10-22 23:14 . 2011-10-22 23:14	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-22 23:14 . 2011-08-31 15:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-22 23:14 . 2011-10-22 23:14	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-20 23:04 . 2011-10-20 23:04	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-10-20 17:25 . 2011-10-20 17:25	--------	d-----w-	c:\users\Skulls\AppData\Roaming\Avira
2011-10-20 17:24 . 2011-10-11 13:00	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-20 17:24 . 2011-10-11 13:00	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-20 17:24 . 2011-10-11 13:00	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-20 17:24 . 2011-10-20 17:24	--------	d-----w-	c:\programdata\Avira
2011-10-20 17:24 . 2011-10-20 17:24	--------	d-----w-	c:\program files (x86)\Avira
2011-10-16 22:00 . 2011-10-16 22:00	--------	d-----w-	c:\program files (x86)\Combined Community Codec Pack
2011-10-13 00:44 . 2011-10-13 00:44	--------	d-----w-	c:\users\Skulls\AppData\Roaming\DivX
2011-10-12 19:26 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 19:26 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 19:26 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-12 19:26 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-12 19:26 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 19:26 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-12 19:26 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 19:26 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-10-12 19:24 . 2011-10-12 19:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-12 19:23 . 2011-10-12 19:24	--------	d-----w-	c:\program files (x86)\QuickTime
2011-10-12 19:23 . 2011-10-12 19:23	--------	d-----w-	c:\programdata\Apple Computer
2011-10-12 19:22 . 2011-10-12 19:22	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2011-10-12 19:22 . 2011-10-12 19:22	--------	d-----w-	c:\users\Skulls\AppData\Local\Apple
2011-10-12 19:22 . 2011-10-12 19:22	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-10-12 19:22 . 2011-10-12 19:22	--------	d-----w-	c:\programdata\Apple
2011-10-12 17:51 . 2011-10-12 17:51	--------	d-----w-	c:\program files\DivX
2011-10-12 17:50 . 2011-10-12 17:51	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2011-10-12 17:49 . 2011-10-12 17:51	--------	d-----w-	c:\program files (x86)\DivX
2011-10-12 17:48 . 2011-10-12 17:51	--------	d-----w-	c:\programdata\DivX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-29 09:46 . 2011-05-15 12:49	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 03:06 . 2011-05-04 19:11	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2010-03-23 11:29 . 2010-03-23 11:29	67760	----a-w-	c:\program files\VAInst64.exe
2010-03-23 11:26 . 2010-03-23 11:26	201512	----a-w-	c:\program files\vpnapi.dll
2010-03-23 11:23 . 2010-03-23 11:23	176944	----a-w-	c:\program files\ipseclog.exe
2010-03-23 11:22 . 2010-03-23 11:22	1549088	----a-w-	c:\program files\vpngui.exe
2010-03-23 11:21 . 2010-03-23 11:21	271144	----a-w-	c:\program files\vpnclient.exe
2010-03-23 11:21 . 2010-03-23 11:21	230184	----a-w-	c:\program files\ppptool.exe
2010-03-23 11:20 . 2010-03-23 11:20	217896	----a-w-	c:\program files\SetMTU.exe
2010-03-23 11:19 . 2010-03-23 11:19	1528616	----a-w-	c:\program files\cvpnd.exe
2010-03-23 11:18 . 2010-03-23 11:18	181048	----a-w-	c:\program files\ipsecdialer.exe
2010-03-23 11:10 . 2010-03-23 11:10	1028219	----a-w-	c:\program files\cisco_cert_mgr.exe
2005-09-21 01:57 . 2005-09-21 01:57	4325376	----a-w-	c:\program files\qt-mt335.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files (x86)\Cisco Systems\VPN Client\vpngui.exe [2011-5-26 1537064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 E504C;Eumex 504PC USB; [x]
R2 SZASSIST;SecretZone Assist Service;c:\program files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [2010-08-30 90112]
R3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung SecretZone\mdf16.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 mvd22;mvd22;c:\program files (x86)\Clarus\Samsung SecretZone\mvd22.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MSR Service;Virtual Disk Service Manager;c:\program files (x86)\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Skulls\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: tu-darmstadt.de\clix
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Skulls\AppData\Roaming\Mozilla\Firefox\Profiles\eq5eo9ld.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Card Manager - c:\windows\system32\javaws.exe
AddRemove-TWS Demo - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files\cvpnd.exe
c:\windows\SysWOW64\srvany.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-01  14:32:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-01 13:32
.
Vor Suchlauf: 870.690.816 Bytes frei
Nach Suchlauf: 2.856.144.896 Bytes frei
.
- - End Of File - - 4E3EF84719C55F1CBA6AA9DE6C599BEC

cosinus · 01.11.2011, 15:45

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Warsta · 01.11.2011, 16:08

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 15:57:02
-----------------------------
15:57:02.735    OS Version: Windows x64 6.1.7601 Service Pack 1
15:57:02.735    Number of processors: 2 586 0x170A
15:57:02.735    ComputerName: *  UserName: Skulls
15:57:03.437    Initialize success
15:59:27.447    AVAST engine defs: 11110102
16:01:25.098    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:01:25.105    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
16:01:27.125    Disk 0 MBR read successfully
16:01:27.129    Disk 0 MBR scan
16:01:27.184    Disk 0 Windows 7 default MBR code
16:01:27.190    Service scanning
16:01:29.404    Modules scanning
16:01:29.411    Disk 0 trace - called modules:
16:01:29.471    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
16:01:29.478    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027fb060]
16:01:29.484    3 CLASSPNP.SYS[fffff8800196643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800227e550]
16:01:30.920    AVAST engine scan C:\Windows
16:01:32.949    AVAST engine scan C:\Windows\system32
16:03:17.026    AVAST engine scan C:\Windows\system32\drivers
16:03:26.645    AVAST engine scan C:\Users\Skulls
16:04:35.146    AVAST engine scan C:\ProgramData
16:05:20.745    Scan finished successfully
16:06:19.183    Disk 0 MBR has been saved successfully to "C:\Users\Skulls\Desktop\MBR.dat"
16:06:19.183    The log file has been saved successfully to "C:\Users\Skulls\Desktop\aswMBR.txt"

Hab das Programm vorsichtshalber offengelassen, falls ich doch noch was fixen soll.

cosinus · 01.11.2011, 20:09

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Warsta · 02.11.2011, 22:26

Malwarebytes hat nichts ergeben. Externe Festplatte ein Fund und ansonsten nur IE-Müll, oder?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88dc6e29ca8e384f84f41ef245f98433
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-02 05:21:24
# local_time=2011-11-02 06:21:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1110579 1110579 0 0
# compatibility_mode=5893 16776573 100 94 90088 71871897 0 0
# compatibility_mode=8192 67108863 100 0 3983 3983 0 0
# scanned=262176
# found=1
# cleaned=0
# scan_time=12436	I
F:\Viren & Widerherstellung\Setup_ClearProg_1.5.1_Beta6.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/02/2011 at 11:41 AM

Application Version : 5.0.1134

Core Rules Database Version : 7885
Trace Rules Database Version: 5697

Scan type       : Complete Scan
Total Scan Time : 01:39:27

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 620
Memory threats detected   : 0
Registry items scanned    : 76286
Registry threats detected : 0
File items scanned        : 186159
File threats detected     : 281

Adware.Tracking Cookie
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@adtech[1].txt [ /adtech ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@bs.serving-sys[1].txt [ /bs.serving-sys ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@invitemedia[1].txt [ /invitemedia ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@serving-sys[1].txt [ /serving-sys ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\skulls@www.windowsmedia[2].txt [ /www.windowsmedia ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\7UINO3VJ.txt [ /eyewonder.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\VS73D42Y.txt [ /ads.basecom.eu ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\1TSVSCFO.txt [ /tradedoubler.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\502CYA6F.txt [ /im.banner.t-online.de ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\B5A77NLE.txt [ /apmebf.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\8B9D43CX.txt [ /atdmt.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\DTTLBSB1.txt [ /doubleclick.net ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\UX0608AK.txt [ /c.atdmt.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\I9LW5KR8.txt [ /questionmarket.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\ZW1B9CE3.txt [ /webmasterplan.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\J2H7UT1N.txt [ /msnportal.112.2o7.net ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\S2GLD38T.txt [ /traffictrack.de ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\25TFMRKY.txt [ /www.active-tracking.de ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\XA9J9MLY.txt [ /mediaplex.com ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\YQ7GTEMO.txt [ /googleads.g.doubleclick.net ]
	C:\Users\Skulls\AppData\Roaming\Microsoft\Windows\Cookies\JUJZQL2M.txt [ /imrworldwide.com ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@zanox-affiliate[1].txt [ Cookie:skulls@zanox-affiliate.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@invitemedia[2].txt [ Cookie:skulls@invitemedia.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZEKAK1X.txt [ Cookie:skulls@vipnetadserver.neuralab.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adx.chip[1].txt [ Cookie:skulls@adx.chip.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\G2APSEIY.txt [ Cookie:skulls@ad.yieldmanager.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@tradedoubler[2].txt [ Cookie:skulls@tradedoubler.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@zanox[1].txt [ Cookie:skulls@zanox.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@apmebf[1].txt [ Cookie:skulls@apmebf.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\1CJPWQL3.txt [ Cookie:skulls@doubleclick.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@unitymedia[2].txt [ Cookie:skulls@unitymedia.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@questionmarket[1].txt [ Cookie:skulls@questionmarket.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@www.googleadservices[1].txt [ Cookie:skulls@www.googleadservices.com/pagead/conversion/1032227881/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@msnportal.112.2o7[2].txt [ Cookie:skulls@msnportal.112.2o7.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N7THW31.txt [ Cookie:skulls@www.google.hr/accounts ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@2o7[2].txt [ Cookie:skulls@2o7.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adfarm1.adition[2].txt [ Cookie:skulls@adfarm1.adition.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTBSXKG7.txt [ Cookie:skulls@google.com/accounts/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\XBRTV34J.txt [ Cookie:skulls@www.google.de/accounts ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@ad2.adfarm1.adition[1].txt [ Cookie:skulls@ad2.adfarm1.adition.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@adtech[1].txt [ Cookie:skulls@adtech.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@clkads[2].txt [ Cookie:skulls@clkads.com/adServe/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@traffictrack[2].txt [ Cookie:skulls@traffictrack.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@www.active-tracking[1].txt [ Cookie:skulls@www.active-tracking.de/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@mediaplex[2].txt [ Cookie:skulls@mediaplex.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\KBMD5DZH.txt [ Cookie:skulls@clkads.com/adServe/banners ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@microsoftwllivemkt.112.2o7[1].txt [ Cookie:skulls@microsoftwllivemkt.112.2o7.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@freepornsubmits[1].txt [ Cookie:skulls@freepornsubmits.com/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q4LGLNEK.txt [ Cookie:skulls@googleads.g.doubleclick.net/ ]
	C:\USERS\SKULLS\AppData\Roaming\Microsoft\Windows\Cookies\Low\skulls@imrworldwide[2].txt [ Cookie:skulls@imrworldwide.com/cgi-bin ]
	C:\USERS\SKULLS\Cookies\skulls@invitemedia[1].txt [ Cookie:skulls@invitemedia.com/ ]
	C:\USERS\SKULLS\Cookies\1TSVSCFO.txt [ Cookie:skulls@tradedoubler.com/ ]
	C:\USERS\SKULLS\Cookies\502CYA6F.txt [ Cookie:skulls@im.banner.t-online.de/ ]
	C:\USERS\SKULLS\Cookies\B5A77NLE.txt [ Cookie:skulls@apmebf.com/ ]
	C:\USERS\SKULLS\Cookies\DTTLBSB1.txt [ Cookie:skulls@doubleclick.net/ ]
	C:\USERS\SKULLS\Cookies\UX0608AK.txt [ Cookie:skulls@c.atdmt.com/ ]
	C:\USERS\SKULLS\Cookies\I9LW5KR8.txt [ Cookie:skulls@questionmarket.com/ ]
	C:\USERS\SKULLS\Cookies\J2H7UT1N.txt [ Cookie:skulls@msnportal.112.2o7.net/ ]
	C:\USERS\SKULLS\Cookies\skulls@www.windowsmedia[2].txt [ Cookie:skulls@www.windowsmedia.com/ ]
	C:\USERS\SKULLS\Cookies\skulls@adtech[1].txt [ Cookie:skulls@adtech.de/ ]
	C:\USERS\SKULLS\Cookies\S2GLD38T.txt [ Cookie:skulls@traffictrack.de/ ]
	C:\USERS\SKULLS\Cookies\25TFMRKY.txt [ Cookie:skulls@www.active-tracking.de/ ]
	C:\USERS\SKULLS\Cookies\XA9J9MLY.txt [ Cookie:skulls@mediaplex.com/ ]
	C:\USERS\SKULLS\Cookies\YQ7GTEMO.txt [ Cookie:skulls@googleads.g.doubleclick.net/ ]
	C:\USERS\SKULLS\Cookies\JUJZQL2M.txt [ Cookie:skulls@imrworldwide.com/cgi-bin ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@SERVING-SYS[2].TXT [ /SERVING-SYS ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@ATDMT[2].TXT [ /ATDMT ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@XITI[1].TXT [ /XITI ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]
	C:\USERS\SKULLS\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SKULLS@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
	.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.h.atdmt.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	www.finderlocator.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	www.finderlocator.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	www.goaltraffic.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultadworld.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	s0.2mdn.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	studivz.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tvtv.122.2o7.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adultfriendfinder.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.deutsch-porno.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.deutsch-porno.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	www.trafficrank.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.pornodvdtube.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	tracking.mlsat02.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.de.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.unitymedia.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad1.emediate.dk [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.hightraffic.hugoboss.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SKULLS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EQ5EO9LD.DEFAULT\COOKIES.SQLITE ]