w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen

rockenderbik · 16.11.2011, 17:14

Hallo, grüß euch alle,

wäre froh wenn ihr euch das mal ansehen könntet...

w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen....gmer endeckt nichts mehr. muss ich mir jetzt noch sorgen machen?

OTL logfile created on: 15.11.2011 20:06:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andy\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 50,77% Memory free
8,00 Gb Paging File | 5,56 Gb Available in Paging File | 69,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 13,40 Gb Free Space | 11,44% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation)
DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation)
DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation)
DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation)
DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (atillk64) -- C:\Users\Andy\Downloads\winflash\atillk64.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5B F1 92 F1 75 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de

fficial"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.13 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.02 18:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.02 16:18:18 | 000,000,000 | ---D | M]

[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.14 06:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions
[2009.12.30 13:58:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions\moveplayer@movenetworks.com
[2011.09.30 09:24:38 | 000,002,481 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\exalead.xml
[2011.09.30 09:20:39 | 000,004,821 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\fireball.xml
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.22 19:34:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.30 16:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 17:50:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.15 17:55:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1985C8-D691-4C26-BEF9-42C590B355AC}: NameServer = 212.18.3.5 212.18.0.5
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.15 19:09:41 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Andy\Desktop\Tcpview.exe
[2011.11.15 17:55:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.15 17:48:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.15 17:48:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.15 17:48:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.15 17:48:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.15 17:48:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.14 21:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.13 12:21:13 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.11.13 12:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.11.13 12:21:12 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.11.13 12:21:10 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.11.13 12:21:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.11.13 12:21:09 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.11.13 12:21:09 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.11.13 12:21:08 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.11.13 12:21:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.11.13 12:21:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.11.09 18:14:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.09 18:14:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.09 18:14:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.02 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\atitray
[2011.11.02 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2011.11.02 17:18:11 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.11.02 17:18:11 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.11.02 17:18:11 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.11.02 17:18:11 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.11.02 17:18:10 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.11.02 17:18:10 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.11.02 17:18:10 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.11.02 17:18:10 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.11.02 17:18:10 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.11.02 17:18:10 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.11.02 17:18:10 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.11.02 17:18:09 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.11.02 17:18:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.11.02 17:18:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.11.02 17:18:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.11.02 17:18:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.11.02 17:18:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.11.02 17:18:04 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011.11.02 17:18:03 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011.11.02 17:18:03 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011.11.02 17:18:03 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011.11.02 17:18:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011.11.02 17:18:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011.11.02 17:18:03 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011.11.02 17:17:59 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.11.02 17:17:58 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.11.02 17:17:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.11.02 17:17:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.11.02 17:17:41 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.11.02 17:17:41 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.11.02 17:16:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011.11.02 17:16:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011.11.01 17:59:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.11.01 17:59:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.11.01 17:59:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.11.01 17:59:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.11.01 17:59:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.11.01 17:59:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.11.01 17:59:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.11.01 17:59:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.11.01 17:59:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.11.01 17:59:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.11.01 17:59:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.11.01 17:59:00 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.11.01 17:59:00 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.11.01 17:59:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.11.01 17:59:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.11.01 17:52:43 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.11.01 17:52:43 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.11.01 17:52:43 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.11.01 17:51:18 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.11.01 17:51:18 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.11.01 17:51:18 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.11.01 17:51:18 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.11.01 17:51:18 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.11.01 17:51:18 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.11.01 17:51:18 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.11.01 17:51:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.11.01 17:51:15 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.11.01 17:51:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.11.01 17:51:14 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.11.01 17:51:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.11.01 17:51:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.11.01 17:51:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.11.01 17:51:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.11.01 17:51:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.11.01 17:51:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.11.01 17:51:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.11.01 17:51:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.11.01 17:51:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.11.01 17:51:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.11.01 17:51:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.11.01 17:51:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.11.01 17:51:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.11.01 17:51:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.11.01 17:51:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.11.01 17:51:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.11.01 17:50:34 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.11.01 17:50:33 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.11.01 17:50:33 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.11.01 17:50:33 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.11.01 17:50:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.11.01 17:50:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.11.01 17:50:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.11.01 17:50:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.11.01 17:50:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.11.01 17:50:31 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.11.01 17:50:31 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.11.01 17:50:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.11.01 17:50:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.11.01 17:50:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.11.01 17:50:29 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.11.01 17:50:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.11.01 17:50:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.11.01 17:50:12 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.11.01 17:50:12 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.11.01 17:50:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.11.01 17:50:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.11.01 17:50:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.11.01 17:50:10 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.11.01 17:50:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.11.01 17:50:09 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.11.01 17:49:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.11.01 17:49:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.11.01 17:49:55 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.11.01 17:49:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.11.01 17:49:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.11.01 17:49:53 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.11.01 17:49:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.11.01 17:49:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.11.01 17:49:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.11.01 17:49:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.11.01 17:49:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.11.01 17:49:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.11.01 17:49:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.11.01 17:47:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.11.01 17:47:59 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.11.01 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.11.01 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.30 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ESN Sonar
[2011.10.30 10:27:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.28 04:48:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Battlefield 3
[2011.10.28 04:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.27 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011.10.22 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.15 18:55:30 | 003,523,118 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 18:55:30 | 001,514,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 18:55:30 | 001,042,606 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 18:55:30 | 000,916,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 18:55:30 | 000,005,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 18:53:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 18:53:56 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.15 18:48:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 18:48:46 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 17:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.14 21:14:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.11.12 15:12:10 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.06 19:40:51 | 000,000,232 | ---- | M] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.04 14:13:22 | 000,001,852 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2011.11.03 17:22:41 | 000,001,565 | ---- | M] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | M] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:32:07 | 000,432,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.30 10:27:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.27 18:26:14 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.27 18:25:52 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.27 17:18:03 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.10.26 17:10:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.22 19:34:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.22 12:02:32 | 000,070,158 | ---- | M] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.15 17:48:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.15 17:48:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.15 17:48:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.15 17:48:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.15 17:48:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.14 21:14:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.11.06 19:40:51 | 000,000,232 | ---- | C] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.03 17:22:41 | 000,001,565 | ---- | C] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | C] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:50:52 | 000,001,007 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2011.10.27 18:03:31 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.22 12:02:29 | 000,070,158 | ---- | C] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.17 10:01:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.17 10:01:55 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:01:55 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.17 10:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.19 17:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.10 17:29:38 | 000,001,852 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2010.12.29 21:18:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.12 16:27:25 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat
[2010.10.14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.29 05:48:57 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010.08.21 12:39:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.04.22 19:34:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.03.12 15:27:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.12 14:42:19 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.08 17:55:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.08 17:55:56 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.03.02 22:01:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.16 17:49:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.02.16 17:32:19 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010.02.09 17:31:31 | 000,000,637 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.01.14 18:24:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.03 01:00:00 | 000,022,528 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 15:48:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.27 14:57:33 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.24 01:05:28 | 000,007,603 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2009.12.23 21:59:51 | 000,006,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.23 19:18:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll

========== LOP Check ==========

[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
[2011.09.30 08:40:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

ComboFix 11-11-15.01 - Andy 15.11.2011 17:49:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.4095.2190 [GMT 1:00]
ausgeführt von:: c:\users\Andy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml2693.tmp
c:\programdata\xml3A81.tmp
c:\programdata\xml4368.tmp
c:\programdata\xml4829.tmp
c:\programdata\xml4DD4.tmp
c:\programdata\xml5BE8.tmp
c:\programdata\xml6F5A.tmp
c:\programdata\xml87B9.tmp
c:\programdata\xmlAEA6.tmp
c:\programdata\xmlAFA2.tmp
c:\programdata\xmlC3CB.tmp
c:\programdata\xmlD78A.tmp
c:\programdata\xmlEAFC.tmp
c:\programdata\xmlF787.tmp
c:\programdata\xmlF9AA.tmp
c:\users\Andy\AppData\Local\Temp\sfamcc00001.dll
c:\users\Andy\AppData\Local\Temp\sfareca00001.dll
c:\users\Andy\AppData\Roaming\Local
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\FILE4D1D0B4875FB9.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\FILE5A6F448EC24E2.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\intro_megamind.avi.ddr
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe-megamind.avi.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi(2).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi(3).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\aoe_megamind.avi.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D1D0B4875FB9
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5A6F448EC24E2.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(2).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(3).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1(4).ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE5F1D057DB44C1.ddp
c:\users\Andy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\intro_megamind.avi.ddp
c:\windows\SysWow64\out.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-15 bis 2011-11-15 ))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 14:12 . 2010-12-29 20:18 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-12 14:12 . 2010-03-08 17:06 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-12 09:35 . 2010-03-08 16:55 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-30 09:27 . 2011-06-29 17:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-27 17:25 . 2010-03-08 16:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-12 20:56 . 2011-10-12 20:56 10207232 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-12 20:20 . 2011-10-12 20:20 24629760 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-12 20:14 . 2011-10-12 20:14 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-12 20:14 . 2011-10-12 20:14 736768 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-12 20:13 . 2011-03-09 04:55 867328 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-12 20:10 . 2011-07-12 02:54 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-12 20:10 . 2011-10-12 20:10 487936 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-12 20:09 . 2011-10-12 20:09 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-12 20:08 . 2011-10-12 20:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-12 20:08 . 2011-10-12 20:08 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-12 20:08 . 2011-10-12 20:08 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-12 20:07 . 2011-10-12 20:07 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-12 20:07 . 2011-10-12 20:07 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-12 20:07 . 2011-10-12 20:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-12 20:07 . 2011-10-12 20:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-12 20:04 . 2011-10-12 20:04 4231680 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-12 20:04 . 2011-10-12 20:04 18630656 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-12 19:54 . 2011-03-09 04:40 4960768 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-12 19:46 . 2011-10-12 19:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-12 19:46 . 2011-10-12 19:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-12 19:46 . 2011-10-12 19:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-12 19:46 . 2011-10-12 19:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-12 19:45 . 2011-10-12 19:45 9877504 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-12 19:44 . 2011-10-12 19:44 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-12 19:44 . 2011-10-12 19:44 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-12 19:44 . 2011-10-12 19:44 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-12 19:44 . 2011-07-12 02:27 4023296 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-12 19:42 . 2011-10-12 19:42 8391680 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-12 19:39 . 2011-07-12 03:03 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-12 19:38 . 2011-07-12 02:24 5431808 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-12 19:33 . 2011-10-12 19:33 4174848 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-12 19:31 . 2011-07-12 02:16 479744 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 335872 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-12 19:31 . 2011-10-12 19:31 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-12 19:31 . 2011-10-12 19:31 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-12 19:30 . 2011-10-12 19:30 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-12 19:30 . 2011-10-12 19:30 317952 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-12 19:29 . 2011-07-12 02:15 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-12 19:29 . 2011-10-12 19:29 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-12 19:29 . 2011-07-12 02:14 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-12 19:29 . 2011-10-12 19:29 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-12 19:28 . 2011-10-12 19:28 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-12 19:16 . 2011-10-12 19:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-12 19:16 . 2011-10-12 19:16 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-12 15:16 . 2011-10-12 15:16 66048 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-12 15:16 . 2011-10-12 15:16 16787456 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-12 15:14 . 2011-10-12 15:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 04:06 . 2011-01-02 13:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-21 16:59 . 2010-04-01 15:05 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-09-03 14:53 . 2011-09-03 14:53 140664 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
2011-09-03 14:53 . 2011-09-03 14:53 140664 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ARPPRODUCTICON.exe
2011-08-31 16:00 . 2010-10-03 13:11 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorTray.exe" [2010-03-18 2787224]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2009-8-9 3986552]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [2010-1-9 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vcdrom;Virtual CD-ROM Device Driver;c:\users\Andy\AppData\Local\Temp\VCdRom.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 atillk64;atillk64;c:\users\Andy\Downloads\winflash\atillk64.sys [2006-07-19 14608]
R3 cpuz130;cpuz130;c:\users\Andy\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 iteio;iteio;c:\windows\system32\drivers\iteio.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-12-23 19952]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 Tcpz-x64;Tcpz-x64;c:\users\Andy\AppData\Local\Temp\Tcpz-x64.sys [x]
R3 TDslMgrService;DSL-Manager;c:\program files (x86)\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de

fficial
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-81887603.sys
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:80,bd,9f,72,f2,d0,46,b5,33,09,06,c3,1a,42,90,db,e9,70,e2,db,13,f4,a3,
0e,54,77,9a,98,38,9f,1b,a0,8d,7c,2f,b8,70,9b,db,af,77,97,96,2d,fc,34,ec,dd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2814086671-428616876-2365772135-1000\Software\SecuROM\License information*]
"datasecu"=hex:77,91,20,96,87,0a,09,33,11,0a,b2,fd,40,3b,ec,05,29,fe,a5,bd,16,
b1,50,37,b0,70,65,b5,cc,ac,60,08,f7,8c,97,bc,d5,19,c5,e3,66,33,08,38,41,15,\
"rkeysecu"=hex:e9,92,6b,90,85,2a,a1,3a,e2,43,02,51,2e,e4,cc,29
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Zone]
"Name"="EnableAll"
"Result"=dword:00000000
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-15 18:01:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-15 17:01
.
Vor Suchlauf: 10 Verzeichnis(se), 14.792.450.048 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 14.643.798.016 Bytes frei
.
- - End Of File - - 01BEA6941B0838C9A9F6A93AC0081195

cosinus · 17.11.2011, 13:43

Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html

Zitat:

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

rockenderbik · 17.11.2011, 18:38

danke für deine antwort und hilfe arne,

bei compofix hatte ich nur das problem, daß ich den ati grafiktreiber neu installieren musste.

mein post von malwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.11.2011 18:28:34
mbam-log-2011-11-16 (18-28-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308129
Laufzeit: 26 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

post eset onlinescan, bin aber wärend des scans offline gegangen. kann ja nicht sein daß ich die ganze zeit ungeschützt bin...seh ich das richtig?

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:22:05
# local_time=2011-11-17 05:22:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 171160 73176775 0 0
# compatibility_mode=8192 67108863 100 0 3865 3865 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 04:29:29
# local_time=2011-11-17 05:29:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 167795 73177010 0 0
# compatibility_mode=8192 67108863 100 0 500 500 0 0
# scanned=1436
# found=0
# cleaned=0
# scan_time=209
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=77b24cc2e8d76c4ba42d57f187c57f24
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 05:17:48
# local_time=2011-11-17 06:17:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 168136 73177351 0 0
# compatibility_mode=8192 67108863 100 0 841 841 0 0
# scanned=142303
# found=0
# cleaned=0
# scan_time=2767

cosinus · 17.11.2011, 20:19

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

rockenderbik · 17.11.2011, 20:25

nur der hier:Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.11.2011 18:28:34
mbam-log-2011-11-16 (18-28-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 308129
Laufzeit: 26 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und den neueren datums weil die älteren waren alle nach der infektion:

17:22:08 Andy MESSAGE IP Protection stopped
18:40:19 Andy MESSAGE IP Protection started successfully

cosinus · 17.11.2011, 20:29

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

rockenderbik · 17.11.2011, 20:30

den gibt es noch:

aber eben alt und auch nichts gefunden aber nach der infektion. avira hat gemeldet: rootkit im bootsektor d aber meine festplatte d war verschlüsselt mit dem bitlocker:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8162

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14.11.2011 21:39:23
mbam-log-2011-11-14 (21-39-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 305314
Laufzeit: 23 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

rockenderbik · 17.11.2011, 20:33

auch die im hintergrund bei dem otl log?

cosinus · 17.11.2011, 20:41

Was meinst du damit? Du hast vorher ein normales OTL-Log gepostet ich möchte aber ein Log von einem CustomScan sehen.

rockenderbik · 17.11.2011, 21:09

ich hab gemeint ob ich auch die hintergrundprogramme schließen soll. hab jetzt alles geschlossen was ohne taskmanager geht und otl mit deinem custumscan ausgeführt, hier der log: (dank dir, daß du dich damit beschäftigst arne)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.11.2011 20:49:29 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andy\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,83% Memory free
8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 12,77 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Drive D: | 814,31 Gb Total Space | 35,32 Gb Free Space | 4,34% Space Free | Partition Type: NTFS
 
Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Windows7FirewallService) -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe (Sphinx Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (TDslMgrService) -- C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV:64bit: - (DslMNLwf) -- C:\Windows\SysNative\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation)
DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation)
DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation)
DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation)
DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (pbfilter) -- C:\Programme\PeerBlock\pbfilter.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ENTECH64) -- C:\Windows\SysWOW64\drivers\Entech64.sys (EnTech Taiwan)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (atillk64) -- C:\Users\Andy\Downloads\winflash\atillk64.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5B F1 92 F1 75 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.13 12:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 17:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.02 18:37:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 19:52:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.02 16:18:18 | 000,000,000 | ---D | M]
 
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2010.07.31 18:23:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.14 06:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions
[2009.12.30 13:58:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\o0huzi6x.default\extensions\moveplayer@movenetworks.com
[2011.09.30 09:24:38 | 000,002,481 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\exalead.xml
[2011.09.30 09:20:39 | 000,004,821 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\o0huzi6x.default\searchplugins\fireball.xml
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.22 19:34:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.09.30 16:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.11.09 18:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0HUZI6X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 17:50:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.15 17:55:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (Almico's Home Page))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL-Manager.lnk - C:\PROGRA~2\DSL-MA~1\DslMgr.exe - (T-Systems Enterprise Services GmbH)
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Andy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk - C:\PROGRA~2\Trillian\trillian.exe - (Cerulean Studios)
MsConfig:64bit - StartUpReg: AAWTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HDDHealth - hkey= - key= - C:\Program Files (x86)\HDD Health\HDDHealth.exe (PANTERASoft)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: RivaTuner - hkey= - key= - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
MsConfig:64bit - StartUpReg: RivaTunerStartupDaemon - hkey= - key= - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - lameACM.acm (www)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: VIDC.FPS1 - frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - xvidvfw.dll ()
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.15 19:09:41 | 000,300,832 | ---- | C] (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) -- C:\Users\Andy\Desktop\Tcpview.exe
[2011.11.15 17:55:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.11.15 17:48:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.15 17:48:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.15 17:48:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.15 17:48:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.15 17:48:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.11.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.14 21:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.13 12:21:13 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.11.13 12:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.11.13 12:21:12 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.11.13 12:21:10 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.11.13 12:21:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.11.13 12:21:09 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.11.13 12:21:09 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.11.13 12:21:08 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.11.13 12:21:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.11.13 12:21:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.11.13 12:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011.11.02 17:42:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\atitray
[2011.11.02 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ray Adams
[2011.11.01 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.11.01 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.11.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.30 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ESN Sonar
[2011.10.30 10:27:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.28 04:48:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Battlefield 3
[2011.10.28 04:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.27 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011.10.22 19:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.17 16:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 20:07:19 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011.11.16 16:57:29 | 003,539,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.16 16:57:29 | 001,519,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.16 16:57:29 | 001,047,778 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.16 16:57:29 | 000,921,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.16 16:57:29 | 000,005,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.16 16:57:01 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 16:57:01 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 22:35:36 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.15 18:50:16 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.15 17:55:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.11.14 21:14:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.11.12 15:12:10 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.06 19:40:51 | 000,000,232 | ---- | M] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.04 14:13:22 | 000,001,852 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2011.11.03 17:22:41 | 000,001,565 | ---- | M] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | M] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:32:07 | 000,432,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.27 18:26:14 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.27 18:25:52 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.26 17:10:00 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.10.22 19:34:38 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.10.22 12:02:32 | 000,070,158 | ---- | M] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.15 17:48:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.15 17:48:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.15 17:48:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.15 17:48:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.15 17:48:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.14 21:14:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.13 12:21:13 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.11.13 12:21:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.11.06 19:40:51 | 000,000,232 | ---- | C] () -- C:\Users\Andy\Desktop\Battlefield Bad Company™ 2.lnk
[2011.11.03 17:22:41 | 000,001,565 | ---- | C] () -- C:\Users\Andy\Desktop\Programm ändern oder entfernen - Verknüpfung.lnk
[2011.11.02 17:53:37 | 000,002,110 | ---- | C] () -- C:\Users\Andy\Desktop\Autostart.lnk
[2011.11.02 17:50:52 | 000,001,007 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
[2011.10.27 18:03:31 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.10.22 12:02:29 | 000,070,158 | ---- | C] () -- C:\Users\Andy\Documents\cc_20111022_130222.reg
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.07.17 10:01:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.17 10:01:55 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:01:55 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.17 10:01:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.04.19 17:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.10 17:29:38 | 000,001,852 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\ImperatorProfile0.dat
[2010.12.29 21:18:19 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.12 16:27:25 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat
[2010.10.14 00:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.29 05:48:57 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010.08.21 12:39:15 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.04.22 19:34:10 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.03.12 15:27:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.12 14:42:19 | 000,000,454 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.08 17:55:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.03.08 17:55:56 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.03.02 22:01:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.16 17:49:41 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.02.16 17:32:19 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010.02.09 17:31:31 | 000,000,637 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.01.14 18:24:29 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.03 01:00:00 | 000,022,528 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 15:48:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.27 14:57:33 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.24 01:05:28 | 000,007,603 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2009.12.23 21:59:51 | 000,006,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.23 19:18:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
 
========== LOP Check ==========
 
[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
[2011.09.30 08:40:49 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.10 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Adobe
[2011.04.19 17:27:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ATI
[2011.11.02 17:42:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\atitray
[2009.12.31 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011.04.22 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock2
[2010.12.26 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DivX
[2010.12.24 09:40:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\dvdcss
[2010.03.06 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GARMIN
[2011.01.02 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetRightToGo
[2011.04.21 15:57:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\HP
[2009.12.23 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Identities
[2010.10.10 05:43:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\InstallShield
[2010.04.01 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Leadertech
[2010.04.01 16:03:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Logishrd
[2010.04.01 16:06:06 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Logitech
[2009.12.23 18:09:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Macromedia
[2010.10.03 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2010.02.16 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAXON
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Center Programs
[2010.04.21 21:17:04 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Media Player Classic
[2011.05.16 19:11:32 | 000,000,000 | --SD | M] -- C:\Users\Andy\AppData\Roaming\Microsoft
[2010.01.09 14:55:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla
[2009.12.27 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Nero
[2009.12.30 11:30:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OpenOffice.org
[2011.10.27 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Origin
[2010.10.02 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PerfWatch
[2009.12.23 21:38:09 | 000,000,000 | RH-D | M] -- C:\Users\Andy\AppData\Roaming\SecuROM
[2011.11.16 20:05:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Skype
[2011.10.22 19:30:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\skypePM
[2010.02.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\T-Online
[2010.07.31 18:23:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Thunderbird
[2010.08.06 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Trillian
[2011.07.19 16:22:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client
[2011.07.18 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ts3overlay
[2011.05.18 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\vlc
[2010.08.06 11:38:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Winamp
[2010.01.02 18:14:06 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\WinRAR
[2010.11.21 11:57:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2010.04.01 16:06:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.09.03 15:53:24 | 000,140,664 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ARPPRODUCTICON.exe
[2011.09.03 15:53:24 | 000,140,664 | R--- | M] (Acresso Software Inc.) -- C:\Users\Andy\AppData\Roaming\Microsoft\Installer\{D9292112-253F-438D-B1AB-432E5A1FE1B5}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.12.23 20:30:37 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\Andy\Downloads\Intel_HECI_MB\8.9.0.1023\f6flpy64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.12.23 20:30:36 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Users\Andy\Downloads\Intel_HECI_MB\8.9.0.1023\f6flpy32\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

--- --- ---

rockenderbik · 17.11.2011, 21:25

das macht mir sorgen, kenn ich gar nicht. was hat das zu bedeuten?

MOD - C:\Users\Andy\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\Andy\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Windows\SysWOW64\OSD.dll ()

cosinus · 17.11.2011, 22:17

Eine simple Goolesuche nach den Dateinamen hilft ja schon weiter. Das sind Dateien von Speedfan!

Hast du die alten Logs von Kaspersky noch? Bitte alles posten.
Das OTL-Log ist soweit ok.

rockenderbik · 18.11.2011, 06:14

hatte ich vor deiner nachricht schon gemacht, trozdem danke...*g*
tdsskiller hab ich mehrmals durchlaufen lassen...

13:57:27.0034 4696 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
13:57:27.0180 4696 ============================================================
13:57:27.0180 4696 Current date / time: 2011/11/13 13:57:27.0180
13:57:27.0180 4696 SystemInfo:
13:57:27.0181 4696
13:57:27.0181 4696 OS Version: 6.1.7600 ServicePack: 0.0
13:57:27.0181 4696 Product type: Workstation
13:57:27.0181 4696 ComputerName: ANDY-PC
13:57:27.0181 4696 UserName: Andy
13:57:27.0181 4696 Windows directory: C:\Windows
13:57:27.0181 4696 System windows directory: C:\Windows
13:57:27.0181 4696 Running under WOW64
13:57:27.0181 4696 Processor architecture: Intel x64
13:57:27.0181 4696 Number of processors: 4
13:57:27.0181 4696 Page size: 0x1000
13:57:27.0181 4696 Boot type: Normal boot
13:57:27.0181 4696 ============================================================
13:57:28.0007 4696 Initialize success
13:57:40.0350 4316 ============================================================
13:57:40.0350 4316 Scan started
13:57:40.0350 4316 Mode: Manual;
13:57:40.0350 4316 ============================================================
13:57:41.0215 4316 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
13:57:41.0219 4316 1394ohci - ok
13:57:41.0266 4316 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
13:57:41.0271 4316 ACPI - ok
13:57:41.0302 4316 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
13:57:41.0303 4316 AcpiPmi - ok
13:57:41.0331 4316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:41.0337 4316 adp94xx - ok
13:57:41.0351 4316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:57:41.0355 4316 adpahci - ok
13:57:41.0366 4316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:57:41.0369 4316 adpu320 - ok
13:57:41.0411 4316 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:57:41.0416 4316 AFD - ok
13:57:41.0432 4316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:57:41.0434 4316 agp440 - ok
13:57:41.0449 4316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:57:41.0450 4316 aliide - ok
13:57:41.0485 4316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:57:41.0485 4316 amdide - ok
13:57:41.0495 4316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:57:41.0496 4316 AmdK8 - ok
13:57:41.0658 4316 amdkmdag (85193e1bcefe65d0a1befd4fda9180f9) C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:41.0741 4316 amdkmdag - ok
13:57:41.0765 4316 amdkmdap (60ab0b979198da597b7251b3c7444f7e) C:\Windows\system32\DRIVERS\atikmpag.sys
13:57:41.0767 4316 amdkmdap - ok
13:57:41.0779 4316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:57:41.0780 4316 AmdPPM - ok
13:57:41.0808 4316 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:57:41.0810 4316 amdsata - ok
13:57:41.0823 4316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:41.0825 4316 amdsbs - ok
13:57:41.0842 4316 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:57:41.0843 4316 amdxata - ok
13:57:41.0864 4316 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:57:41.0865 4316 AppID - ok
13:57:41.0896 4316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:57:41.0897 4316 arc - ok
13:57:41.0910 4316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:57:41.0912 4316 arcsas - ok
13:57:41.0953 4316 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
13:57:41.0953 4316 aswFsBlk - ok
13:57:41.0992 4316 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
13:57:41.0994 4316 aswMonFlt - ok
13:57:42.0008 4316 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
13:57:42.0009 4316 aswRdr - ok
13:57:42.0028 4316 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
13:57:42.0034 4316 aswSnx - ok
13:57:42.0056 4316 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
13:57:42.0059 4316 aswSP - ok
13:57:42.0078 4316 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
13:57:42.0079 4316 aswTdi - ok
13:57:42.0102 4316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:42.0103 4316 AsyncMac - ok
13:57:42.0134 4316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:57:42.0135 4316 atapi - ok
13:57:42.0197 4316 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
13:57:42.0199 4316 AtiHDAudioService - ok
13:57:42.0252 4316 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
13:57:42.0254 4316 AtiHdmiService - ok
13:57:42.0332 4316 atillk64 (26d973d6d9a0d133dfda7d8c1adc04b7) C:\Users\Andy\Downloads\winflash\atillk64.sys
13:57:42.0333 4316 atillk64 - ok
13:57:42.0345 4316 ATITool (a6fad7a5ada4675ba9c9feaf4e0542ba) C:\Windows\system32\DRIVERS\ATITool64.sys
13:57:42.0347 4316 ATITool - ok
13:57:42.0388 4316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:57:42.0394 4316 b06bdrv - ok
13:57:42.0420 4316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:42.0424 4316 b57nd60a - ok
13:57:42.0458 4316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:42.0459 4316 Beep - ok
13:57:42.0491 4316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:42.0493 4316 blbdrive - ok
13:57:42.0540 4316 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:57:42.0542 4316 bowser - ok
13:57:42.0561 4316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:42.0562 4316 BrFiltLo - ok
13:57:42.0569 4316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:42.0570 4316 BrFiltUp - ok
13:57:42.0583 4316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:42.0587 4316 Brserid - ok
13:57:42.0599 4316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:42.0600 4316 BrSerWdm - ok
13:57:42.0616 4316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:42.0617 4316 BrUsbMdm - ok
13:57:42.0624 4316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:42.0625 4316 BrUsbSer - ok
13:57:42.0640 4316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:42.0641 4316 BTHMODEM - ok
13:57:42.0663 4316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:42.0664 4316 cdfs - ok
13:57:42.0711 4316 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys
13:57:42.0714 4316 cdrom - ok
13:57:42.0723 4316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:57:42.0725 4316 circlass - ok
13:57:42.0758 4316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:42.0763 4316 CLFS - ok
13:57:42.0792 4316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:42.0793 4316 CmBatt - ok
13:57:42.0809 4316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:57:42.0810 4316 cmdide - ok
13:57:42.0834 4316 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:57:42.0839 4316 CNG - ok
13:57:42.0846 4316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:42.0847 4316 Compbatt - ok
13:57:42.0886 4316 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
13:57:42.0887 4316 CompositeBus - ok
13:57:42.0910 4316 cpuz130 - ok
13:57:42.0930 4316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:42.0931 4316 crcdisk - ok
13:57:42.0958 4316 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:57:42.0964 4316 CSC - ok
13:57:42.0996 4316 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:57:42.0998 4316 DfsC - ok
13:57:43.0015 4316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:43.0016 4316 discache - ok
13:57:43.0041 4316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:57:43.0042 4316 Disk - ok
13:57:43.0104 4316 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:57:43.0106 4316 Dot4 - ok
13:57:43.0129 4316 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:57:43.0130 4316 Dot4Print - ok
13:57:43.0146 4316 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:57:43.0147 4316 dot4usb - ok
13:57:43.0182 4316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:43.0183 4316 drmkaud - ok
13:57:43.0229 4316 DslMNLwf (d52eeb224df107aad9059597f0eb95cc) C:\Windows\system32\DRIVERS\dslmnlwf.sys
13:57:43.0230 4316 DslMNLwf - ok
13:57:43.0264 4316 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:43.0274 4316 DXGKrnl - ok
13:57:43.0341 4316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:57:43.0371 4316 ebdrv - ok
13:57:43.0416 4316 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:57:43.0418 4316 ElbyCDIO - ok
13:57:43.0440 4316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:57:43.0446 4316 elxstor - ok
13:57:43.0482 4316 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
13:57:43.0484 4316 ENTECH64 - ok
13:57:43.0508 4316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:57:43.0509 4316 ErrDev - ok
13:57:43.0539 4316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:43.0541 4316 exfat - ok
13:57:43.0556 4316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:43.0559 4316 fastfat - ok
13:57:43.0584 4316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:57:43.0585 4316 fdc - ok
13:57:43.0603 4316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:43.0604 4316 FileInfo - ok
13:57:43.0615 4316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:43.0616 4316 Filetrace - ok
13:57:43.0642 4316 FLASHSYS - ok
13:57:43.0657 4316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:43.0658 4316 flpydisk - ok
13:57:43.0679 4316 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:57:43.0682 4316 FltMgr - ok
13:57:43.0694 4316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:43.0695 4316 FsDepends - ok
13:57:43.0708 4316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:43.0709 4316 Fs_Rec - ok
13:57:43.0738 4316 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:43.0741 4316 fvevol - ok
13:57:43.0757 4316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:43.0759 4316 gagp30kx - ok
13:57:43.0773 4316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:43.0775 4316 hcw85cir - ok
13:57:43.0813 4316 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:57:43.0817 4316 HdAudAddService - ok
13:57:43.0837 4316 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:43.0839 4316 HDAudBus - ok
13:57:43.0852 4316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:43.0854 4316 HidBatt - ok
13:57:43.0870 4316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:57:43.0872 4316 HidBth - ok
13:57:43.0885 4316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:57:43.0887 4316 HidIr - ok
13:57:43.0934 4316 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:57:43.0935 4316 HidUsb - ok
13:57:43.0946 4316 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
13:57:43.0948 4316 HpSAMD - ok
13:57:43.0982 4316 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:57:43.0989 4316 HTTP - ok
13:57:43.0999 4316 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:57:44.0000 4316 hwpolicy - ok
13:57:44.0022 4316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:57:44.0024 4316 i8042prt - ok
13:57:44.0076 4316 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:57:44.0081 4316 iaStor - ok
13:57:44.0109 4316 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:57:44.0114 4316 iaStorV - ok
13:57:44.0145 4316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:57:44.0146 4316 iirsp - ok
13:57:44.0231 4316 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:44.0254 4316 IntcAzAudAddService - ok
13:57:44.0280 4316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:57:44.0281 4316 intelide - ok
13:57:44.0302 4316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:44.0304 4316 intelppm - ok
13:57:44.0319 4316 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:44.0321 4316 IpFilterDriver - ok
13:57:44.0338 4316 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
13:57:44.0339 4316 IPMIDRV - ok
13:57:44.0353 4316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:44.0355 4316 IPNAT - ok
13:57:44.0385 4316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:44.0386 4316 IRENUM - ok
13:57:44.0404 4316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:57:44.0405 4316 isapnp - ok
13:57:44.0414 4316 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
13:57:44.0417 4316 iScsiPrt - ok
13:57:44.0438 4316 iteio - ok
13:57:44.0454 4316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:44.0455 4316 kbdclass - ok
13:57:44.0483 4316 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:44.0484 4316 kbdhid - ok
13:57:44.0498 4316 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:57:44.0500 4316 KSecDD - ok
13:57:44.0511 4316 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:44.0514 4316 KSecPkg - ok
13:57:44.0522 4316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:44.0523 4316 ksthunk - ok
13:57:44.0599 4316 LHidFilt (ceb6e18dcfad5c72b81c7da1ac3c1cc1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:57:44.0601 4316 LHidFilt - ok
13:57:44.0636 4316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:44.0638 4316 lltdio - ok
13:57:44.0652 4316 LMouFilt (f9e48f18be4d2b365f138987b8e7885b) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:57:44.0654 4316 LMouFilt - ok
13:57:44.0671 4316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:44.0673 4316 LSI_FC - ok
13:57:44.0683 4316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:44.0685 4316 LSI_SAS - ok
13:57:44.0699 4316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:44.0700 4316 LSI_SAS2 - ok
13:57:44.0726 4316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:44.0727 4316 LSI_SCSI - ok
13:57:44.0751 4316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:44.0753 4316 luafv - ok
13:57:44.0772 4316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:57:44.0773 4316 megasas - ok
13:57:44.0790 4316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:44.0793 4316 MegaSR - ok
13:57:44.0816 4316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:44.0817 4316 Modem - ok
13:57:44.0837 4316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:44.0838 4316 monitor - ok
13:57:44.0849 4316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:57:44.0851 4316 mouclass - ok
13:57:44.0861 4316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:44.0863 4316 mouhid - ok
13:57:44.0874 4316 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:57:44.0876 4316 mountmgr - ok
13:57:44.0907 4316 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
13:57:44.0909 4316 mpio - ok
13:57:44.0924 4316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:44.0925 4316 mpsdrv - ok
13:57:44.0943 4316 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:57:44.0946 4316 MRxDAV - ok
13:57:44.0975 4316 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:44.0977 4316 mrxsmb - ok
13:57:45.0014 4316 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:45.0017 4316 mrxsmb10 - ok
13:57:45.0034 4316 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:45.0036 4316 mrxsmb20 - ok
13:57:45.0044 4316 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
13:57:45.0045 4316 msahci - ok
13:57:45.0064 4316 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
13:57:45.0067 4316 msdsm - ok
13:57:45.0094 4316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:45.0095 4316 Msfs - ok
13:57:45.0111 4316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:45.0113 4316 mshidkmdf - ok
13:57:45.0127 4316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:57:45.0128 4316 msisadrv - ok
13:57:45.0157 4316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:45.0158 4316 MSKSSRV - ok
13:57:45.0175 4316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:45.0177 4316 MSPCLOCK - ok
13:57:45.0190 4316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:45.0191 4316 MSPQM - ok
13:57:45.0213 4316 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:57:45.0217 4316 MsRPC - ok
13:57:45.0236 4316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:57:45.0238 4316 mssmbios - ok
13:57:45.0245 4316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:45.0246 4316 MSTEE - ok
13:57:45.0260 4316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:45.0262 4316 MTConfig - ok
13:57:45.0279 4316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:45.0281 4316 Mup - ok
13:57:45.0322 4316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:45.0327 4316 NativeWifiP - ok
13:57:45.0356 4316 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:57:45.0366 4316 NDIS - ok
13:57:45.0380 4316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:45.0381 4316 NdisCap - ok
13:57:45.0399 4316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:45.0401 4316 NdisTapi - ok
13:57:45.0420 4316 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:45.0422 4316 Ndisuio - ok
13:57:45.0442 4316 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:45.0444 4316 NdisWan - ok
13:57:45.0453 4316 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:57:45.0454 4316 NDProxy - ok
13:57:45.0500 4316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:45.0501 4316 NetBIOS - ok
13:57:45.0521 4316 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:57:45.0523 4316 NetBT - ok
13:57:45.0565 4316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:45.0566 4316 nfrd960 - ok
13:57:45.0578 4316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:45.0579 4316 Npfs - ok
13:57:45.0601 4316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:45.0602 4316 nsiproxy - ok
13:57:45.0645 4316 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:57:45.0660 4316 Ntfs - ok
13:57:45.0673 4316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:45.0674 4316 Null - ok
13:57:45.0704 4316 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:57:45.0706 4316 nvraid - ok
13:57:45.0722 4316 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:57:45.0724 4316 nvstor - ok
13:57:45.0755 4316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:57:45.0757 4316 nv_agp - ok
13:57:45.0785 4316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:57:45.0787 4316 ohci1394 - ok
13:57:45.0825 4316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:57:45.0826 4316 Parport - ok
13:57:45.0843 4316 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:57:45.0844 4316 partmgr - ok
13:57:45.0905 4316 pbfilter (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
13:57:45.0905 4316 pbfilter - ok
13:57:45.0922 4316 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
13:57:45.0924 4316 pci - ok
13:57:45.0953 4316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:57:45.0955 4316 pciide - ok
13:57:45.0963 4316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:45.0965 4316 pcmcia - ok
13:57:45.0972 4316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:45.0973 4316 pcw - ok
13:57:45.0995 4316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:46.0002 4316 PEAUTH - ok
13:57:46.0067 4316 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:46.0068 4316 PptpMiniport - ok
13:57:46.0080 4316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:57:46.0081 4316 Processor - ok
13:57:46.0117 4316 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:57:46.0120 4316 Psched - ok
13:57:46.0159 4316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:57:46.0172 4316 ql2300 - ok
13:57:46.0181 4316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:46.0183 4316 ql40xx - ok
13:57:46.0199 4316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:46.0200 4316 QWAVEdrv - ok
13:57:46.0217 4316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:46.0218 4316 RasAcd - ok
13:57:46.0245 4316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:46.0247 4316 RasAgileVpn - ok
13:57:46.0263 4316 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:46.0265 4316 Rasl2tp - ok
13:57:46.0288 4316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:46.0290 4316 RasPppoe - ok
13:57:46.0306 4316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:46.0308 4316 RasSstp - ok
13:57:46.0324 4316 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:46.0327 4316 rdbss - ok
13:57:46.0355 4316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:46.0356 4316 rdpbus - ok
13:57:46.0365 4316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:46.0366 4316 RDPCDD - ok
13:57:46.0385 4316 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:57:46.0387 4316 RDPDR - ok
13:57:46.0404 4316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:46.0405 4316 RDPENCDD - ok
13:57:46.0414 4316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:46.0415 4316 RDPREFMP - ok
13:57:46.0428 4316 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:57:46.0431 4316 RDPWD - ok
13:57:46.0448 4316 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:57:46.0450 4316 rdyboost - ok
13:57:46.0509 4316 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
13:57:46.0511 4316 RivaTuner64 - ok
13:57:46.0542 4316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:46.0544 4316 rspndr - ok
13:57:46.0578 4316 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:57:46.0582 4316 RTL8167 - ok
13:57:46.0628 4316 s115bus (e0f0977caafdf719929c8ca02a1c5147) C:\Windows\system32\DRIVERS\s115bus.sys
13:57:46.0630 4316 s115bus - ok
13:57:46.0647 4316 s115mdfl (136328e6c3086a19eb3154058bc7b3a3) C:\Windows\system32\DRIVERS\s115mdfl.sys
13:57:46.0648 4316 s115mdfl - ok
13:57:46.0658 4316 s115mdm (54552277de7eae1a2e108a4cff7abb07) C:\Windows\system32\DRIVERS\s115mdm.sys
13:57:46.0661 4316 s115mdm - ok
13:57:46.0686 4316 s115mgmt (e9b3966836cb9c2107264e44249267df) C:\Windows\system32\DRIVERS\s115mgmt.sys
13:57:46.0688 4316 s115mgmt - ok
13:57:46.0714 4316 s115obex (f6ab3b6e35981c4f3fed4198d3f29674) C:\Windows\system32\DRIVERS\s115obex.sys
13:57:46.0716 4316 s115obex - ok
13:57:46.0750 4316 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
13:57:46.0752 4316 s3cap - ok
13:57:46.0771 4316 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
13:57:46.0773 4316 sbp2port - ok
13:57:46.0783 4316 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:46.0785 4316 scfilter - ok
13:57:46.0811 4316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:46.0813 4316 secdrv - ok
13:57:46.0836 4316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:57:46.0837 4316 Serenum - ok
13:57:46.0865 4316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:57:46.0867 4316 Serial - ok
13:57:46.0895 4316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:57:46.0896 4316 sermouse - ok
13:57:46.0926 4316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:57:46.0928 4316 sffdisk - ok
13:57:46.0941 4316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:57:46.0943 4316 sffp_mmc - ok
13:57:46.0951 4316 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
13:57:46.0953 4316 sffp_sd - ok
13:57:46.0968 4316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:46.0970 4316 sfloppy - ok
13:57:46.0990 4316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:46.0991 4316 SiSRaid2 - ok
13:57:47.0008 4316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:47.0009 4316 SiSRaid4 - ok
13:57:47.0028 4316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:47.0030 4316 Smb - ok
13:57:47.0068 4316 speedfan - ok
13:57:47.0087 4316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:47.0088 4316 spldr - ok
13:57:47.0142 4316 sptd (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\system32\Drivers\sptd.sys
13:57:47.0142 4316 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4c33f139236fd9bd14a920f60c1cb072
13:57:47.0144 4316 sptd ( LockedFile.Multi.Generic ) - warning
13:57:47.0144 4316 sptd - detected LockedFile.Multi.Generic (1)
13:57:47.0179 4316 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:57:47.0185 4316 srv - ok
13:57:47.0201 4316 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:57:47.0206 4316 srv2 - ok
13:57:47.0244 4316 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:47.0247 4316 srvnet - ok
13:57:47.0265 4316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:57:47.0267 4316 stexstor - ok
13:57:47.0289 4316 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
13:57:47.0291 4316 storflt - ok
13:57:47.0307 4316 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
13:57:47.0308 4316 storvsc - ok
13:57:47.0316 4316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:57:47.0318 4316 swenum - ok
13:57:47.0382 4316 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
13:57:47.0399 4316 Tcpip - ok
13:57:47.0427 4316 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:47.0436 4316 TCPIP6 - ok
13:57:47.0453 4316 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:57:47.0454 4316 tcpipreg - ok
13:57:47.0512 4316 Tcpz-x64 - ok
13:57:47.0528 4316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:47.0529 4316 TDPIPE - ok
13:57:47.0553 4316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:57:47.0554 4316 TDTCP - ok
13:57:47.0578 4316 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:57:47.0580 4316 tdx - ok
13:57:47.0596 4316 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
13:57:47.0598 4316 TermDD - ok
13:57:47.0624 4316 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:47.0625 4316 tssecsrv - ok
13:57:47.0650 4316 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:47.0652 4316 tunnel - ok
13:57:47.0678 4316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:57:47.0680 4316 uagp35 - ok
13:57:47.0702 4316 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:57:47.0706 4316 udfs - ok
13:57:47.0737 4316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:57:47.0738 4316 uliagpkx - ok
13:57:47.0768 4316 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys
13:57:47.0769 4316 umbus - ok
13:57:47.0786 4316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:57:47.0787 4316 UmPass - ok
13:57:47.0859 4316 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:47.0873 4316 usbccgp - ok
13:57:47.0930 4316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:57:47.0940 4316 usbcir - ok
13:57:47.0970 4316 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:47.0971 4316 usbehci - ok
13:57:47.0984 4316 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:47.0987 4316 usbhub - ok
13:57:48.0000 4316 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:57:48.0001 4316 usbohci - ok
13:57:48.0014 4316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:48.0015 4316 usbprint - ok
13:57:48.0046 4316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:57:48.0048 4316 usbscan - ok
13:57:48.0068 4316 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
13:57:48.0070 4316 USBSTOR - ok
13:57:48.0085 4316 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:57:48.0087 4316 usbuhci - ok
13:57:48.0110 4316 vcdrom - ok
13:57:48.0150 4316 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
13:57:48.0151 4316 VClone - ok
13:57:48.0167 4316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:57:48.0169 4316 vdrvroot - ok
13:57:48.0191 4316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:48.0193 4316 vga - ok
13:57:48.0207 4316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:48.0208 4316 VgaSave - ok
13:57:48.0243 4316 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
13:57:48.0246 4316 vhdmp - ok
13:57:48.0274 4316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:57:48.0276 4316 viaide - ok
13:57:48.0305 4316 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
13:57:48.0308 4316 vmbus - ok
13:57:48.0325 4316 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
13:57:48.0326 4316 VMBusHID - ok
13:57:48.0343 4316 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
13:57:48.0345 4316 volmgr - ok
13:57:48.0366 4316 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:57:48.0371 4316 volmgrx - ok
13:57:48.0392 4316 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
13:57:48.0396 4316 volsnap - ok
13:57:48.0421 4316 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
13:57:48.0424 4316 vpcbus - ok
13:57:48.0443 4316 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:57:48.0445 4316 vpcnfltr - ok
13:57:48.0474 4316 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
13:57:48.0476 4316 vpcusb - ok
13:57:48.0517 4316 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
13:57:48.0521 4316 vpcvmm - ok
13:57:48.0549 4316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:48.0551 4316 vsmraid - ok
13:57:48.0576 4316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:48.0577 4316 vwifibus - ok
13:57:48.0594 4316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:57:48.0596 4316 WacomPen - ok
13:57:48.0621 4316 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:48.0623 4316 WANARP - ok
13:57:48.0627 4316 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:48.0628 4316 Wanarpv6 - ok
13:57:48.0652 4316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:57:48.0654 4316 Wd - ok
13:57:48.0674 4316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:48.0681 4316 Wdf01000 - ok
13:57:48.0720 4316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:48.0721 4316 WfpLwf - ok
13:57:48.0739 4316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:48.0740 4316 WIMMount - ok
13:57:48.0774 4316 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:48.0775 4316 WinUsb - ok
13:57:48.0805 4316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:57:48.0806 4316 WmiAcpi - ok
13:57:48.0828 4316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:48.0829 4316 ws2ifsl - ok
13:57:48.0856 4316 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:57:48.0858 4316 WudfPf - ok
13:57:48.0889 4316 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:48.0891 4316 WUDFRd - ok
13:57:48.0922 4316 zntport - ok
13:57:48.0933 4316 MBR (0x1B8) (e24810ee950b6f5f27cb02111df934e3) \Device\Harddisk0\DR0
13:57:48.0933 4316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - infected
13:57:48.0933 4316 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Wistler.a (0)
13:57:48.0939 4316 Boot (0x1200) (b53ff22f5333bc165a38abbb47576bf6) \Device\Harddisk0\DR0\Partition0
13:57:48.0939 4316 \Device\Harddisk0\DR0\Partition0 - ok
13:57:48.0958 4316 Boot (0x1200) (d3efc9492dcb9cff9420909ecd0c28f1) \Device\Harddisk0\DR0\Partition1
13:57:48.0958 4316 \Device\Harddisk0\DR0\Partition1 - ok
13:57:48.0959 4316 ============================================================
13:57:48.0959 4316 Scan finished
13:57:48.0959 4316 ============================================================
13:57:48.0965 3524 Detected object count: 2
13:57:48.0965 3524 Actual detected object count: 2
14:00:36.0110 3524 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
14:00:36.0128 3524 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
14:00:36.0140 3524 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
14:00:36.0140 3524 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
14:00:36.0176 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - will be cured on reboot
14:00:36.0176 3524 \Device\Harddisk0\DR0 - ok
14:00:36.0176 3524 \Device\Harddisk0\DR0 ( Rootkit.Boot.Wistler.a ) - User select action: Cure
14:00:44.0546 4780 Deinitialize success

Vielen Dank erst mal Arne,

Gruß, Andy

rockenderbik · 18.11.2011, 06:19

das hab ich noch gefunden,

06:17:16 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8085, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 9000, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8090, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 1080, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8088, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 73, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 3128, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 8008, Process: svchost.exe)
06:17:17 Andy IP-BLOCK 125.45.109.166 (Type: incoming, Port: 7212, Process: svchost.exe)

cosinus · 18.11.2011, 11:34

Und das Rootkit wird nun nicht mehr angezeigt vom TDSS-Killer?

17.11.2011, 20:19	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

17.11.2011, 20:41	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen Was meinst du damit? Du hast vorher ein normales OTL-Log gepostet ich möchte aber ein Log von einem CustomScan sehen. __________________ Logfiles bitte immer in CODE-Tags posten

17.11.2011, 22:17	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen Eine simple Goolesuche nach den Dateinamen hilft ja schon weiter. Das sind Dateien von Speedfan! Hast du die alten Logs von Kaspersky noch? Bitte alles posten. Das OTL-Log ist soweit ok. __________________ Logfiles bitte immer in CODE-Tags posten

18.11.2011, 11:34	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen Und das Rootkit wird nun nicht mehr angezeigt vom TDSS-Killer? __________________ Logfiles bitte immer in CODE-Tags posten

w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen

Log-Analyse und Auswertung: w7 64 bit/rootkit whistler, durch ein kaspersky tool entfernt. combofix durchlaufen lassen