[maniac.7]

Hi there,
while checking for hotels, Avira AntiVir popped up briefly.
Checking the log it said (short version, translated from german):
[FOUND] Backdoor Program BDS/ZeroAccess.AX.1
[HINT] Moved file to quarantine

2 min later, a Win7 admin screen popped up asking for permission to install "installflashplayer.exe".
I denied, but it started popping up again (I never clicked yes).

Scanning with Malwarebytes gave [short version, don't want to overdo first post]:
Files Detected: 2
C:\Users\bastian\AppData\Local\Temp\AB6D.tmp (Rootkit.0Access) -> No action taken.
C:\Users\bastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046W19DG\3[1].exe (Rootkit.0Access) -> No action taken.

I checked system32/drivers and haven't found any newly created/modified except for the Malwarebytes driver
[EDIT: Forgot: There was the process ABD6.tmp running in Taskmanager which I terminated. No slowdowns, BSODs so far]

[EDIT2
I need help, please, I'm currently finishing my thesis on this computer (Murphy's law...).
How can I proceed to get rid of the malware or do I need a full reinstall (no time for that atm).
Can I work on this computer offline to at least finish my stuff or will the data get corrupted?]


Here the OTL log:

OTL logfile created on: 07.03.2012 02:28:48 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\bastian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,60 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 44,41% Memory free
7,20 Gb Paging File | 4,91 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 323,37 Gb Free Space | 76,66% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 18,37 Gb Free Space | 63,34% Space Free | Partition Type: NTFS

Computer Name: LENOVO-S205 | User Name: bastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.03.07 02:25:44 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\bastian\Desktop\OTL.exe
PRC - [2012.02.25 11:35:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\bastian\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.11.10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.03 15:36:38 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.07.03 15:36:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.03 23:59:01 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.09 21:15:40 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.09.23 15:46:16 | 003,154,432 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
PRC - [2010.09.23 15:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 10\cbService.exe
PRC - [2010.01.19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE


========== Modules (No Company Name) ==========

MOD - [2012.02.25 11:35:34 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.29 00:43:38 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.03.09 21:15:39 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.06.17 13:27:02 | 000,355,688 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.12.20 12:39:54 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.12.20 07:51:02 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009.12.09 10:52:52 | 000,047,712 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2011.07.03 15:36:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.03 23:59:01 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.10 13:08:42 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.09.23 15:46:14 | 001,125,376 | ---- | M] (Luis Cobian, CobianSoft) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbService.exe -- (CobianBackup10)
SRV - [2010.09.23 08:49:08 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010.05.10 12:52:34 | 000,907,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.11.29 00:38:14 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.03 15:36:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.03 15:36:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.26 05:02:20 | 004,186,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2011.05.26 05:02:18 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.10 04:22:36 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.10 04:22:36 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 21:32:14 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.03.09 21:32:03 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.03.09 21:19:33 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.03.09 21:19:33 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2010.12.20 13:07:14 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.12.20 12:03:24 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.08 07:44:28 | 001,574,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.11.30 07:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.28 20:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.19 17:20:58 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.11.17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.11.11 10:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.11.11 10:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.10.26 04:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.21 11:47:40 | 001,396,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.10.11 15:21:56 | 000,135,776 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010.09.21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010.08.20 15:45:48 | 001,091,584 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.04.08 17:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.15 07:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 07:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 07:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.12.09 10:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 08:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2011.09.13 22:07:14 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\bastian\tools\BrazosTweaker\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.25 11:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\bastian\AppData\Roaming\NetAssistant\ [2011.09.26 23:25:43 | 000,000,000 | ---D | M]

[2011.04.03 21:26:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bastian\AppData\Roaming\mozilla\Extensions
[2012.02.21 00:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bastian\AppData\Roaming\mozilla\Firefox\Profiles\d85728ow.default\extensions
[2012.01.10 10:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.03 23:11:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D85728OW.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\BASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D85728OW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.25 11:35:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.10 10:35:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.10 10:35:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.10 10:35:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.10 10:35:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.10 10:35:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.10 10:35:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] C:\Program Files\CapsLK OSD\64\CAPSOSD.EXE (Wistron Corp.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\bastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC94213-BCAF-41C0-9AAD-63E06320B1F3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.07 02:25:28 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\bastian\Desktop\OTL.exe
[2012.03.07 00:41:12 | 000,000,000 | ---D | C] -- C:\Users\bastian\AppData\Roaming\Malwarebytes
[2012.03.07 00:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.07 00:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.07 00:40:38 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.03.07 00:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.07 00:04:38 | 000,000,000 | -HSD | C] -- C:\Users\bastian\AppData\Local\1703bc35
[2012.02.18 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\bastian\Documents\Finanzreport
[2012.02.18 17:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com

========== Files - Modified Within 30 Days ==========

[2012.03.07 02:25:44 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\bastian\Desktop\OTL.exe
[2012.03.07 00:20:12 | 001,472,002 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.03.07 00:20:12 | 000,643,866 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.03.07 00:20:12 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.03.07 00:20:12 | 000,126,394 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.03.07 00:20:12 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.03.06 22:26:23 | 008,556,133 | ---- | M] () -- C:\Users\bastian\Desktop\Diss.bis.EndeZG.PDF
[2012.03.06 17:54:17 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2012.03.06 00:42:47 | 000,000,599 | ---- | M] () -- C:\Users\bastian\AppData\Roaming\Network Monitor II_Settings.ini
[2012.03.06 00:42:40 | 000,001,751 | ---- | M] () -- C:\Users\bastian\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012.03.05 01:01:45 | 000,000,337 | ---- | M] () -- C:\Users\bastian\AppData\Local\Perfmon.PerfmonCfg
[2012.03.04 13:29:58 | 010,583,753 | ---- | M] () -- C:\Users\bastian\Desktop\main.FrVoll3.pdf
[2012.03.02 18:38:07 | 009,015,040 | ---- | M] () -- C:\Users\bastian\Desktop\main.FrVoll.PDF
[2012.02.26 17:25:41 | 000,001,006 | ---- | M] () -- C:\Users\bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.18 17:33:31 | 000,000,393 | ---- | M] () -- C:\Users\bastian\AppData\Roaming\Battery Monitor_Settings.ini
[2012.02.18 17:29:12 | 000,000,948 | ---- | M] () -- C:\Users\bastian\Desktop\Core Temp.lnk

========== Files Created - No Company Name ==========

[2012.03.06 22:29:04 | 008,556,133 | ---- | C] () -- C:\Users\bastian\Desktop\Diss.bis.EndeZG.PDF
[2012.03.05 01:01:45 | 000,000,337 | ---- | C] () -- C:\Users\bastian\AppData\Local\Perfmon.PerfmonCfg
[2012.03.04 11:54:53 | 010,583,753 | ---- | C] () -- C:\Users\bastian\Desktop\main.FrVoll3.pdf
[2012.02.29 12:22:30 | 009,015,040 | ---- | C] () -- C:\Users\bastian\Desktop\main.FrVoll.PDF
[2012.02.18 17:29:12 | 000,000,948 | ---- | C] () -- C:\Users\bastian\Desktop\Core Temp.lnk
[2012.02.12 14:12:00 | 000,000,599 | ---- | C] () -- C:\Users\bastian\AppData\Roaming\Network Monitor II_Settings.ini
[2012.02.12 14:10:37 | 000,001,751 | ---- | C] () -- C:\Users\bastian\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2012.02.12 14:01:53 | 000,000,393 | ---- | C] () -- C:\Users\bastian\AppData\Roaming\Battery Monitor_Settings.ini
[2011.09.27 11:54:49 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011.05.26 05:05:00 | 010,879,000 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2011.05.26 05:05:00 | 000,333,336 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2011.05.26 05:05:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011.04.10 13:22:11 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2011.04.04 19:30:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.10 06:23:10 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll
[2011.03.10 06:23:10 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll
[2011.03.10 06:23:10 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll
[2011.03.10 06:23:10 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS
[2011.03.10 06:23:09 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll
[2011.03.10 06:23:09 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll
[2011.03.10 06:23:09 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll
[2011.03.10 06:23:09 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe
[2011.03.10 06:23:09 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe
[2011.03.10 06:23:09 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE
[2011.03.10 06:23:09 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE
[2011.03.10 06:23:09 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys
[2011.03.09 21:15:49 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.03.09 21:15:49 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.03.09 21:15:49 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.03.09 21:15:49 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.03.09 21:15:34 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.03.09 20:58:50 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011.03.09 20:58:50 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011.03.09 20:53:29 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2011.03.09 20:49:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.01.04 06:46:07 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011.04.04 21:54:40 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\ArcSyncConfig
[2011.11.29 00:40:11 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\DAEMON Tools Lite
[2012.03.07 02:24:01 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\Dropbox
[2011.04.03 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\Foxit Software
[2011.07.19 23:01:07 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\go
[2011.09.13 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\Leadertech
[2011.09.26 23:25:43 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\NetAssistant
[2011.04.22 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\bastian\AppData\Roaming\XnView
[2009.07.14 06:08:49 | 000,013,482 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by maniac.7, 07 March 2012 - 01:21 PM.

[Advertisements]

Hello maniac.7 and welcome to GeeksToGo

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.

[WhiteHat]

Hello maniac.7 and welcome to GeeksToGo

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please do not try to fix anything without being asked
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
• I am currently reviewing your logs.

[WhiteHat]

Hi,

I need help, please, I'm currently finishing my thesis on this computer (Murphy's law...).
How can I proceed to get rid of the malware or do I need a full reinstall (no time for that atm).
Can I work on this computer offline to at least finish my stuff or will the data get corrupted?]

To avoid unexpected problems, Backup your important files on the Internet. I suggest you use DropBox.

# Step 1 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply



# Step 2 #

Please,

Re-open MalwareBytes' Anti-Malware and do a full scan.

At the end of the scan, make sure that everything is checked, and click Remove Selected.

[maniac.7]

First: Thank you for helping me!

Hi,

I need help, please, I'm currently finishing my thesis on this computer (Murphy's law...).
How can I proceed to get rid of the malware or do I need a full reinstall (no time for that atm).
Can I work on this computer offline to at least finish my stuff or will the data get corrupted?]

To avoid unexpected problems, Backup your important files on the Internet. I suggest you use DropBox.

Did so and luckily also had a backup on external HDD.

# Step 1 #

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 18:39:13
-----------------------------
18:39:13.909 OS Version: Windows x64 6.1.7600
18:39:13.909 Number of processors: 2 586 0x100
18:39:13.909 ComputerName: LENOVO-S205 UserName: bastian
18:39:17.310 Initialize success
18:39:47.777 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
18:39:47.777 Disk 0 Vendor: HITACHI_ PB4Z Size: 476940MB BusType: 11
18:39:47.793 Disk 0 MBR read successfully
18:39:47.809 Disk 0 MBR scan
18:39:47.809 Disk 0 Windows VISTA default MBR code
18:39:47.824 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
18:39:47.840 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
18:39:47.840 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
18:39:47.871 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
18:39:47.902 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
18:39:47.949 Disk 0 scanning C:\windows\system32\drivers
18:40:01.771 Service scanning
18:40:23.767 Modules scanning
18:40:23.798 Disk 0 trace - called modules:
18:40:23.829 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:40:23.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004295060]
18:40:23.860 3 CLASSPNP.SYS[fffff8800186543f] -> nt!IofCallDriver -> [0xfffffa800404e040]
18:40:23.876 5 amd_xata.sys[fffff880010ec900] -> nt!IofCallDriver -> \Device\00000067[0xfffffa800404c060]
18:40:23.891 Scan finished successfully
18:40:59.148 Disk 0 MBR has been saved successfully to "C:\Users\bastian\Desktop\Rootkit.0.Access.Llogs\03.aswMBR\MBR.dat"
18:40:59.163 The log file has been saved successfully to "C:\Users\bastian\Desktop\Rootkit.0.Access.Llogs\03.aswMBR\aswMBR.txt"

# Step 2 #

Re-open MalwareBytes' Anti-Malware and do a full scan.
At the end of the scan, make sure that everything is checked, and click Remove Selected.

I know you didn't ask for, but might be helpful - the log of Malwarebytes.
Sorry, if I did the wrong thing. Tell me, I won't do it again.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
bastian :: LENOVO-S205 [administrator]

08.03.2012 18:42:23
mbam-log-2012-03-08 (18-42-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464782
Time elapsed: 1 hour(s), 46 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\bastian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\046W19DG\3[1].exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\bastian\AppData\Local\Temp\AB6D.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

[WhiteHat]

Hi,

# Step 1 #

Update your Flash Player manually:

• Go to Flash Player download page.
• Uncheck the box: "Yes, install McAfee Security Scan Plus - optional".
• Click in the Download now button.
• Run the download file and follow the prompts to install the latest version of Adobe Flash Player.
• This probably will stop show this message:

2 min later, a Win7 admin screen popped up asking for permission to install "installflashplayer.exe".

# Step 2 #

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and douBleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will Be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will Be Skip, click on Continue.
  
• It may ask you to reBoot the computer to complete the process. Click on ReBoot Now.
  
• If no reBoot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reBoot is required, the report can also Be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

# Step 3 #

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

[maniac.7]

Hi,

sorry for not answering.
I moved to another computer for finishing my thesis and am very stressed atm.
After that, I hope I can count on your help again.

Thanks for your understanding

[WhiteHat]

Hi,

Please, send me a PM when you come back.

[NeonFx]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[maniac.7]

# Step 1 #

Update your Flash Player manually:

Done. No windows are opening anymore trying to install something.

# Step 2 #
TDSSKiller

Nothing found. I did two scans, enabling all options in the second scan. Find the results of the two scans attached:

14:04:47.0699 4076 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
14:04:47.0918 4076 ============================================================
14:04:47.0918 4076 Current date / time: 2012/03/17 14:04:47.0918
14:04:47.0933 4076 SystemInfo:
14:04:47.0933 4076
14:04:47.0933 4076 OS Version: 6.1.7600 ServicePack: 0.0
14:04:47.0933 4076 Product type: Workstation
14:04:47.0933 4076 ComputerName: LENOVO-S205
14:04:47.0933 4076 UserName: bastian
14:04:47.0933 4076 Windows directory: C:\windows
14:04:47.0933 4076 System windows directory: C:\windows
14:04:47.0933 4076 Running under WOW64
14:04:47.0933 4076 Processor architecture: Intel x64
14:04:47.0933 4076 Number of processors: 2
14:04:47.0933 4076 Page size: 0x1000
14:04:47.0933 4076 Boot type: Normal boot
14:04:47.0933 4076 ============================================================
14:04:48.0963 4076 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:48.0978 4076 \Device\Harddisk0\DR0:
14:04:48.0978 4076 MBR used
14:04:48.0978 4076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
14:04:48.0978 4076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
14:04:49.0010 4076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
14:04:49.0119 4076 Initialize success
14:04:49.0119 4076 ============================================================
14:05:57.0774 4972 ============================================================
14:05:57.0774 4972 Scan started
14:05:57.0774 4972 Mode: Manual;
14:05:57.0774 4972 ============================================================
14:05:58.0242 4972 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
14:05:58.0274 4972 1394ohci - ok
14:05:58.0336 4972 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
14:05:58.0352 4972 ACPI - ok
14:05:58.0445 4972 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
14:05:58.0445 4972 AcpiPmi - ok
14:05:58.0523 4972 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
14:05:58.0539 4972 ACPIVPC - ok
14:05:58.0632 4972 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:05:58.0664 4972 adp94xx - ok
14:05:58.0726 4972 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:05:58.0742 4972 adpahci - ok
14:05:58.0820 4972 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:05:58.0835 4972 adpu320 - ok
14:05:58.0960 4972 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
14:05:58.0960 4972 AFD - ok
14:05:59.0038 4972 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
14:05:59.0054 4972 agp440 - ok
14:05:59.0163 4972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
14:05:59.0178 4972 aliide - ok
14:05:59.0272 4972 ALSysIO - ok
14:05:59.0381 4972 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
14:05:59.0397 4972 amdide - ok
14:05:59.0444 4972 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys
14:05:59.0444 4972 amdiox64 - ok
14:05:59.0553 4972 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:05:59.0568 4972 AmdK8 - ok
14:05:59.0802 4972 amdkmdag (2b8c65b19d3e5664af0cd703799fdaf9) C:\windows\system32\DRIVERS\atikmdag.sys
14:06:00.0083 4972 amdkmdag - ok
14:06:00.0177 4972 amdkmdap (781ebfe2112d4969e024f19f34d49e3e) C:\windows\system32\DRIVERS\atikmpag.sys
14:06:00.0192 4972 amdkmdap - ok
14:06:00.0286 4972 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:06:00.0302 4972 AmdPPM - ok
14:06:00.0333 4972 amdsata (ab3166c09438a161fbde13099a72e0af) C:\windows\system32\DRIVERS\amdsata.sys
14:06:00.0348 4972 amdsata - ok
14:06:00.0442 4972 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:06:00.0458 4972 amdsbs - ok
14:06:00.0489 4972 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\windows\system32\DRIVERS\amdxata.sys
14:06:00.0504 4972 amdxata - ok
14:06:00.0582 4972 amd_sata (80a508d0c7a21bc13c01d4c671541203) C:\windows\system32\DRIVERS\amd_sata.sys
14:06:00.0582 4972 amd_sata - ok
14:06:00.0598 4972 amd_xata (2be940f3a632a1a301b22b096bf221f1) C:\windows\system32\DRIVERS\amd_xata.sys
14:06:00.0614 4972 amd_xata - ok
14:06:00.0754 4972 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
14:06:00.0770 4972 AppID - ok
14:06:00.0816 4972 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:06:00.0832 4972 arc - ok
14:06:00.0848 4972 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:06:00.0863 4972 arcsas - ok
14:06:00.0941 4972 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:06:00.0957 4972 AsyncMac - ok
14:06:00.0988 4972 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
14:06:01.0004 4972 atapi - ok
14:06:01.0128 4972 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
14:06:01.0144 4972 AtiHDAudioService - ok
14:06:01.0269 4972 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
14:06:01.0269 4972 avgntflt - ok
14:06:01.0331 4972 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
14:06:01.0331 4972 avipbb - ok
14:06:01.0440 4972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:06:01.0472 4972 b06bdrv - ok
14:06:01.0565 4972 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:06:01.0581 4972 b57nd60a - ok
14:06:01.0690 4972 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:06:01.0706 4972 Beep - ok
14:06:01.0830 4972 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:06:01.0862 4972 blbdrive - ok
14:06:01.0986 4972 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
14:06:02.0002 4972 bowser - ok
14:06:02.0049 4972 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
14:06:02.0064 4972 BPntDrv - ok
14:06:02.0189 4972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:06:02.0205 4972 BrFiltLo - ok
14:06:02.0220 4972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:06:02.0220 4972 BrFiltUp - ok
14:06:02.0298 4972 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:06:02.0330 4972 Brserid - ok
14:06:02.0423 4972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:06:02.0439 4972 BrSerWdm - ok
14:06:02.0454 4972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:06:02.0470 4972 BrUsbMdm - ok
14:06:02.0486 4972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:06:02.0486 4972 BrUsbSer - ok
14:06:02.0532 4972 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
14:06:02.0548 4972 BthEnum - ok
14:06:02.0657 4972 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:06:02.0673 4972 BTHMODEM - ok
14:06:02.0704 4972 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
14:06:02.0735 4972 BthPan - ok
14:06:02.0829 4972 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
14:06:02.0876 4972 BTHPORT - ok
14:06:02.0985 4972 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
14:06:03.0016 4972 BTHUSB - ok
14:06:03.0078 4972 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\windows\system32\drivers\btusbflt.sys
14:06:03.0094 4972 btusbflt - ok
14:06:03.0172 4972 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
14:06:03.0188 4972 btwaudio - ok
14:06:03.0312 4972 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\DRIVERS\btwavdt.sys
14:06:03.0344 4972 btwavdt - ok
14:06:03.0453 4972 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
14:06:03.0468 4972 btwl2cap - ok
14:06:03.0484 4972 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
14:06:03.0500 4972 btwrchid - ok
14:06:03.0624 4972 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:06:03.0640 4972 cdfs - ok
14:06:03.0702 4972 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
14:06:03.0734 4972 cdrom - ok
14:06:03.0827 4972 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:06:03.0843 4972 circlass - ok
14:06:03.0921 4972 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:06:03.0921 4972 CLFS - ok
14:06:04.0077 4972 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
14:06:04.0077 4972 clwvd - ok
14:06:04.0139 4972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:06:04.0155 4972 CmBatt - ok
14:06:04.0217 4972 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
14:06:04.0233 4972 cmdide - ok
14:06:04.0280 4972 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
14:06:04.0326 4972 CNG - ok
14:06:04.0467 4972 CnxtHdAudService (a1c6ab1d318a05f5cc1c86146ff95f8b) C:\windows\system32\drivers\CHDRT64.sys
14:06:04.0545 4972 CnxtHdAudService - ok
14:06:04.0670 4972 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:06:04.0685 4972 Compbatt - ok
14:06:04.0794 4972 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
14:06:04.0810 4972 CompositeBus - ok
14:06:04.0919 4972 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:06:04.0935 4972 crcdisk - ok
14:06:05.0091 4972 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
14:06:05.0106 4972 DfsC - ok
14:06:05.0153 4972 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:06:05.0153 4972 discache - ok
14:06:05.0278 4972 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:06:05.0309 4972 Disk - ok
14:06:05.0450 4972 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:06:05.0450 4972 drmkaud - ok
14:06:05.0512 4972 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\windows\system32\DRIVERS\dtsoftbus01.sys
14:06:05.0512 4972 dtsoftbus01 - ok
14:06:05.0652 4972 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
14:06:05.0699 4972 DXGKrnl - ok
14:06:05.0840 4972 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:06:05.0964 4972 ebdrv - ok
14:06:06.0089 4972 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:06:06.0136 4972 elxstor - ok
14:06:06.0167 4972 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
14:06:06.0183 4972 ErrDev - ok
14:06:06.0245 4972 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:06:06.0261 4972 exfat - ok
14:06:06.0354 4972 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:06:06.0386 4972 fastfat - ok
14:06:06.0495 4972 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
14:06:06.0510 4972 fbfmon - ok
14:06:06.0573 4972 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:06:06.0588 4972 fdc - ok
14:06:06.0682 4972 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:06:06.0698 4972 FileInfo - ok
14:06:06.0744 4972 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:06:06.0760 4972 Filetrace - ok
14:06:06.0854 4972 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:06:06.0869 4972 flpydisk - ok
14:06:06.0916 4972 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
14:06:06.0947 4972 FltMgr - ok
14:06:07.0041 4972 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:06:07.0056 4972 FsDepends - ok
14:06:07.0103 4972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:06:07.0119 4972 Fs_Rec - ok
14:06:07.0212 4972 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
14:06:07.0228 4972 fvevol - ok
14:06:07.0322 4972 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:06:07.0337 4972 gagp30kx - ok
14:06:07.0446 4972 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:06:07.0478 4972 hcw85cir - ok
14:06:07.0509 4972 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
14:06:07.0540 4972 HdAudAddService - ok
14:06:07.0649 4972 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:06:07.0649 4972 HDAudBus - ok
14:06:07.0680 4972 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:06:07.0696 4972 HidBatt - ok
14:06:07.0774 4972 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:06:07.0790 4972 HidBth - ok
14:06:07.0805 4972 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:06:07.0821 4972 HidIr - ok
14:06:07.0852 4972 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
14:06:07.0868 4972 HidUsb - ok
14:06:07.0992 4972 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
14:06:08.0008 4972 HpSAMD - ok
14:06:08.0070 4972 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
14:06:08.0086 4972 HTTP - ok
14:06:08.0164 4972 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
14:06:08.0164 4972 hwpolicy - ok
14:06:08.0273 4972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:06:08.0304 4972 i8042prt - ok
14:06:08.0445 4972 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\windows\system32\DRIVERS\iaStorV.sys
14:06:08.0476 4972 iaStorV - ok
14:06:08.0788 4972 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
14:06:09.0022 4972 igfx - ok
14:06:09.0147 4972 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:06:09.0162 4972 iirsp - ok
14:06:09.0240 4972 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
14:06:09.0256 4972 intelide - ok
14:06:09.0318 4972 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:06:09.0350 4972 intelppm - ok
14:06:09.0412 4972 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:06:09.0443 4972 IpFilterDriver - ok
14:06:09.0459 4972 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:06:09.0490 4972 IPMIDRV - ok
14:06:09.0506 4972 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:06:09.0521 4972 IPNAT - ok
14:06:09.0584 4972 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:06:09.0599 4972 IRENUM - ok
14:06:09.0693 4972 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
14:06:09.0708 4972 isapnp - ok
14:06:09.0740 4972 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
14:06:09.0771 4972 iScsiPrt - ok
14:06:09.0880 4972 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
14:06:09.0896 4972 k57nd60a - ok
14:06:09.0942 4972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:06:09.0958 4972 kbdclass - ok
14:06:10.0052 4972 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
14:06:10.0067 4972 kbdhid - ok
14:06:10.0098 4972 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
14:06:10.0114 4972 KSecDD - ok
14:06:10.0208 4972 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
14:06:10.0239 4972 KSecPkg - ok
14:06:10.0301 4972 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:06:10.0301 4972 ksthunk - ok
14:06:10.0426 4972 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
14:06:10.0442 4972 LHDmgr - ok
14:06:10.0504 4972 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:06:10.0520 4972 lltdio - ok
14:06:10.0613 4972 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:06:10.0629 4972 LSI_FC - ok
14:06:10.0676 4972 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:06:10.0691 4972 LSI_SAS - ok
14:06:10.0754 4972 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:06:10.0769 4972 LSI_SAS2 - ok
14:06:10.0800 4972 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:06:10.0816 4972 LSI_SCSI - ok
14:06:10.0878 4972 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:06:10.0894 4972 luafv - ok
14:06:10.0988 4972 LVRS64 (f643ef866c3a8aea35f8fcc7ad451f69) C:\windows\system32\DRIVERS\lvrs64.sys
14:06:11.0019 4972 LVRS64 - ok
14:06:11.0190 4972 LVUVC64 (dbed5efeb1a5f51a233a4fd494302c7d) C:\windows\system32\DRIVERS\lvuvc64.sys
14:06:11.0362 4972 LVUVC64 - ok
14:06:11.0534 4972 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:06:11.0549 4972 megasas - ok
14:06:11.0580 4972 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:06:11.0612 4972 MegaSR - ok
14:06:11.0627 4972 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:06:11.0643 4972 Modem - ok
14:06:11.0736 4972 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:06:11.0736 4972 monitor - ok
14:06:11.0846 4972 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:06:11.0861 4972 mouclass - ok
14:06:11.0970 4972 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:06:11.0986 4972 mouhid - ok
14:06:12.0017 4972 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
14:06:12.0017 4972 mountmgr - ok
14:06:12.0111 4972 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
14:06:12.0142 4972 mpio - ok
14:06:12.0173 4972 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:06:12.0189 4972 mpsdrv - ok
14:06:12.0282 4972 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
14:06:12.0298 4972 MRxDAV - ok
14:06:12.0360 4972 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
14:06:12.0376 4972 mrxsmb - ok
14:06:12.0470 4972 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:06:12.0501 4972 mrxsmb10 - ok
14:06:12.0548 4972 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:06:12.0579 4972 mrxsmb20 - ok
14:06:12.0672 4972 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
14:06:12.0688 4972 msahci - ok
14:06:12.0704 4972 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
14:06:12.0735 4972 msdsm - ok
14:06:12.0844 4972 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:06:12.0860 4972 Msfs - ok
14:06:12.0891 4972 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:06:12.0891 4972 mshidkmdf - ok
14:06:12.0969 4972 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
14:06:12.0984 4972 msisadrv - ok
14:06:13.0109 4972 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:06:13.0125 4972 MSKSSRV - ok
14:06:13.0156 4972 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:06:13.0172 4972 MSPCLOCK - ok
14:06:13.0265 4972 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:06:13.0265 4972 MSPQM - ok
14:06:13.0296 4972 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
14:06:13.0328 4972 MsRPC - ok
14:06:13.0437 4972 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:06:13.0437 4972 mssmbios - ok
14:06:13.0499 4972 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:06:13.0515 4972 MSTEE - ok
14:06:13.0562 4972 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:06:13.0562 4972 MTConfig - ok
14:06:13.0608 4972 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:06:13.0624 4972 Mup - ok
14:06:13.0733 4972 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:06:13.0780 4972 NativeWifiP - ok
14:06:13.0874 4972 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
14:06:13.0889 4972 NDIS - ok
14:06:13.0967 4972 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:06:13.0983 4972 NdisCap - ok
14:06:14.0045 4972 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:06:14.0061 4972 NdisTapi - ok
14:06:14.0139 4972 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
14:06:14.0154 4972 Ndisuio - ok
14:06:14.0201 4972 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
14:06:14.0217 4972 NdisWan - ok
14:06:14.0279 4972 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
14:06:14.0279 4972 NDProxy - ok
14:06:14.0342 4972 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:06:14.0357 4972 NetBIOS - ok
14:06:14.0420 4972 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
14:06:14.0435 4972 NetBT - ok
14:06:14.0576 4972 netr28x (52a5d4581583a743c948a9947655c300) C:\windows\system32\DRIVERS\netr28x.sys
14:06:14.0591 4972 netr28x - ok
14:06:14.0841 4972 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
14:06:15.0028 4972 netw5v64 - ok
14:06:15.0137 4972 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:06:15.0153 4972 nfrd960 - ok
14:06:15.0262 4972 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:06:15.0278 4972 Npfs - ok
14:06:15.0309 4972 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:06:15.0309 4972 nsiproxy - ok
14:06:15.0418 4972 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\windows\system32\drivers\Ntfs.sys
14:06:15.0480 4972 Ntfs - ok
14:06:15.0527 4972 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:06:15.0543 4972 Null - ok
14:06:15.0605 4972 nvraid (deab10231cbdb0881fc25428ebe11506) C:\windows\system32\DRIVERS\nvraid.sys
14:06:15.0621 4972 nvraid - ok
14:06:15.0668 4972 nvstor (0af7b8136794e23e87be138992880e64) C:\windows\system32\DRIVERS\nvstor.sys
14:06:15.0699 4972 nvstor - ok
14:06:15.0777 4972 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
14:06:15.0808 4972 nv_agp - ok
14:06:15.0870 4972 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
14:06:15.0886 4972 ohci1394 - ok
14:06:15.0980 4972 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:06:15.0995 4972 Parport - ok
14:06:16.0042 4972 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
14:06:16.0058 4972 partmgr - ok
14:06:16.0136 4972 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
14:06:16.0136 4972 pci - ok
14:06:16.0167 4972 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:06:16.0182 4972 pciide - ok
14:06:16.0229 4972 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:06:16.0245 4972 pcmcia - ok
14:06:16.0292 4972 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:06:16.0307 4972 pcw - ok
14:06:16.0370 4972 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:06:16.0401 4972 PEAUTH - ok
14:06:16.0588 4972 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
14:06:16.0588 4972 PptpMiniport - ok
14:06:16.0619 4972 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:06:16.0635 4972 Processor - ok
14:06:16.0760 4972 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
14:06:16.0760 4972 Psched - ok
14:06:16.0853 4972 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:06:16.0884 4972 ql2300 - ok
14:06:16.0962 4972 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:06:16.0978 4972 ql40xx - ok
14:06:17.0040 4972 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:06:17.0040 4972 QWAVEdrv - ok
14:06:17.0118 4972 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:06:17.0118 4972 RasAcd - ok
14:06:17.0196 4972 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:06:17.0196 4972 RasAgileVpn - ok
14:06:17.0274 4972 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
14:06:17.0290 4972 Rasl2tp - ok
14:06:17.0399 4972 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:06:17.0399 4972 RasPppoe - ok
14:06:17.0508 4972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:06:17.0508 4972 RasSstp - ok
14:06:17.0555 4972 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
14:06:17.0586 4972 rdbss - ok
14:06:17.0664 4972 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:06:17.0680 4972 rdpbus - ok
14:06:17.0727 4972 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:06:17.0727 4972 RDPCDD - ok
14:06:17.0820 4972 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:06:17.0820 4972 RDPENCDD - ok
14:06:17.0852 4972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:06:17.0867 4972 RDPREFMP - ok
14:06:17.0961 4972 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
14:06:17.0976 4972 RDPWD - ok
14:06:18.0086 4972 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
14:06:18.0101 4972 rdyboost - ok
14:06:18.0226 4972 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
14:06:18.0242 4972 RFCOMM - ok
14:06:18.0366 4972 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:06:18.0398 4972 rspndr - ok
14:06:18.0429 4972 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
14:06:18.0444 4972 RSUSBVSTOR - ok
14:06:18.0554 4972 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
14:06:18.0554 4972 RTL8167 - ok
14:06:18.0616 4972 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
14:06:18.0632 4972 sbp2port - ok
14:06:18.0710 4972 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
14:06:18.0725 4972 scfilter - ok
14:06:18.0788 4972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:06:18.0788 4972 secdrv - ok
14:06:18.0881 4972 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:06:18.0897 4972 Serenum - ok
14:06:18.0944 4972 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:06:18.0959 4972 Serial - ok
14:06:19.0053 4972 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:06:19.0053 4972 sermouse - ok
14:06:19.0131 4972 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
14:06:19.0131 4972 sffdisk - ok
14:06:19.0224 4972 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:06:19.0240 4972 sffp_mmc - ok
14:06:19.0240 4972 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
14:06:19.0256 4972 sffp_sd - ok
14:06:19.0287 4972 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:06:19.0287 4972 sfloppy - ok
14:06:19.0396 4972 Shockprf (c10d453b07e3e7e00e5103bba9bad524) C:\windows\system32\DRIVERS\Apsx64.sys
14:06:19.0427 4972 Shockprf - ok
14:06:19.0458 4972 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:06:19.0474 4972 SiSRaid2 - ok
14:06:19.0552 4972 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:06:19.0568 4972 SiSRaid4 - ok
14:06:19.0583 4972 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:06:19.0599 4972 Smb - ok
14:06:19.0661 4972 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:06:19.0677 4972 spldr - ok
14:06:19.0770 4972 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
14:06:19.0817 4972 srv - ok
14:06:19.0864 4972 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
14:06:19.0895 4972 srv2 - ok
14:06:19.0973 4972 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
14:06:20.0004 4972 srvnet - ok
14:06:20.0098 4972 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:06:20.0114 4972 stexstor - ok
14:06:20.0176 4972 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:06:20.0192 4972 swenum - ok
14:06:20.0301 4972 SynTP (9f97520abf687f5c7856c6f9226d8834) C:\windows\system32\DRIVERS\SynTP.sys
14:06:20.0363 4972 SynTP - ok
14:06:20.0550 4972 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
14:06:20.0644 4972 Tcpip - ok
14:06:20.0800 4972 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
14:06:20.0831 4972 TCPIP6 - ok
14:06:20.0925 4972 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
14:06:20.0940 4972 tcpipreg - ok
14:06:21.0003 4972 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:06:21.0003 4972 TDPIPE - ok
14:06:21.0096 4972 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:06:21.0112 4972 TDTCP - ok
14:06:21.0143 4972 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
14:06:21.0159 4972 tdx - ok
14:06:21.0268 4972 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
14:06:21.0284 4972 TermDD - ok
14:06:21.0346 4972 TPDIGIMN (74868c001c7214fbd88b1a57ebb04811) C:\windows\system32\DRIVERS\ApsHM64.sys
14:06:21.0362 4972 TPDIGIMN - ok
14:06:21.0486 4972 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
14:06:21.0502 4972 tssecsrv - ok
14:06:21.0549 4972 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
14:06:21.0549 4972 tunnel - ok
14:06:21.0642 4972 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:06:21.0658 4972 uagp35 - ok
14:06:21.0689 4972 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
14:06:21.0720 4972 udfs - ok
14:06:21.0861 4972 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
14:06:21.0876 4972 uliagpkx - ok
14:06:21.0923 4972 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
14:06:21.0954 4972 umbus - ok
14:06:22.0032 4972 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:06:22.0048 4972 UmPass - ok
14:06:22.0188 4972 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
14:06:22.0204 4972 usbaudio - ok
14:06:22.0235 4972 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
14:06:22.0251 4972 usbccgp - ok
14:06:22.0329 4972 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
14:06:22.0360 4972 usbcir - ok
14:06:22.0391 4972 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
14:06:22.0391 4972 usbehci - ok
14:06:22.0485 4972 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\windows\system32\DRIVERS\usbfilter.sys
14:06:22.0500 4972 usbfilter - ok
14:06:22.0594 4972 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
14:06:22.0610 4972 usbhub - ok
14:06:22.0672 4972 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
14:06:22.0672 4972 usbohci - ok
14:06:22.0750 4972 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:06:22.0766 4972 usbprint - ok
14:06:22.0844 4972 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
14:06:22.0859 4972 usbscan - ok
14:06:22.0922 4972 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:06:22.0937 4972 USBSTOR - ok
14:06:23.0015 4972 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
14:06:23.0031 4972 usbuhci - ok
14:06:23.0109 4972 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
14:06:23.0140 4972 usbvideo - ok
14:06:23.0249 4972 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
14:06:23.0265 4972 vdrvroot - ok
14:06:23.0312 4972 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:06:23.0312 4972 vga - ok
14:06:23.0343 4972 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:06:23.0358 4972 VgaSave - ok
14:06:23.0421 4972 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
14:06:23.0452 4972 vhdmp - ok
14:06:23.0514 4972 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
14:06:23.0514 4972 viaide - ok
14:06:23.0608 4972 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys
14:06:23.0608 4972 vm2uvcflt - ok
14:06:23.0670 4972 vm332avs (ae855ed728655ef0a14a1ec272ded5cd) C:\windows\system32\Drivers\vm332avs.sys
14:06:23.0686 4972 vm332avs - ok
14:06:23.0764 4972 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
14:06:23.0780 4972 volmgr - ok
14:06:23.0826 4972 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
14:06:23.0826 4972 volmgrx - ok
14:06:23.0889 4972 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
14:06:23.0920 4972 volsnap - ok
14:06:23.0982 4972 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:06:23.0998 4972 vsmraid - ok
14:06:24.0076 4972 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:06:24.0092 4972 vwifibus - ok
14:06:24.0154 4972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:06:24.0170 4972 vwififlt - ok
14:06:24.0248 4972 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:06:24.0263 4972 WacomPen - ok
14:06:24.0357 4972 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:06:24.0372 4972 WANARP - ok
14:06:24.0388 4972 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:06:24.0388 4972 Wanarpv6 - ok
14:06:24.0450 4972 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:06:24.0450 4972 Wd - ok
14:06:24.0575 4972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:06:24.0606 4972 Wdf01000 - ok
14:06:24.0762 4972 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:06:24.0762 4972 WfpLwf - ok
14:06:24.0809 4972 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:06:24.0825 4972 WIMMount - ok
14:06:24.0981 4972 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\bastian\tools\BrazosTweaker\WinRing0x64.sys
14:06:24.0996 4972 WinRing0_1_2_0 - ok
14:06:25.0137 4972 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:06:25.0152 4972 WmiAcpi - ok
14:06:25.0230 4972 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:06:25.0230 4972 ws2ifsl - ok
14:06:25.0340 4972 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
14:06:25.0355 4972 wsvd - ok
14:06:25.0402 4972 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
14:06:25.0418 4972 WudfPf - ok
14:06:25.0511 4972 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
14:06:25.0527 4972 WUDFRd - ok
14:06:25.0605 4972 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:06:25.0620 4972 \Device\Harddisk0\DR0 - ok
14:06:25.0636 4972 Boot (0x1200) (56c081963d9bf64a460e4ea96105e128) \Device\Harddisk0\DR0\Partition0
14:06:25.0636 4972 \Device\Harddisk0\DR0\Partition0 - ok
14:06:25.0652 4972 Boot (0x1200) (21e54170c60550a2ac9ac2dc91bb08db) \Device\Harddisk0\DR0\Partition1
14:06:25.0667 4972 \Device\Harddisk0\DR0\Partition1 - ok
14:06:25.0683 4972 Boot (0x1200) (e14f48dc9e4f6a351a895f7bba032e62) \Device\Harddisk0\DR0\Partition2
14:06:25.0698 4972 \Device\Harddisk0\DR0\Partition2 - ok
14:06:25.0698 4972 ============================================================
14:06:25.0698 4972 Scan finished
14:06:25.0698 4972 ============================================================
14:06:25.0714 0544 Detected object count: 0
14:06:25.0714 0544 Actual detected object count: 0
14:09:24.0147 4324 ============================================================
14:09:24.0147 4324 Scan started
14:09:24.0147 4324 Mode: Manual; SigCheck; TDLFS;
14:09:24.0147 4324 ============================================================
14:09:24.0444 4324 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
14:09:24.0646 4324 1394ohci - ok
14:09:24.0740 4324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
14:09:24.0771 4324 ACPI - ok
14:09:24.0787 4324 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
14:09:24.0912 4324 AcpiPmi - ok
14:09:25.0005 4324 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
14:09:25.0099 4324 ACPIVPC - ok
14:09:25.0208 4324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:09:25.0255 4324 adp94xx - ok
14:09:25.0286 4324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:09:25.0317 4324 adpahci - ok
14:09:25.0395 4324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:09:25.0426 4324 adpu320 - ok
14:09:25.0504 4324 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
14:09:25.0629 4324 AFD - ok
14:09:25.0723 4324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
14:09:25.0738 4324 agp440 - ok
14:09:25.0770 4324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
14:09:25.0785 4324 aliide - ok
14:09:25.0832 4324 ALSysIO - ok
14:09:25.0926 4324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
14:09:25.0972 4324 amdide - ok
14:09:26.0004 4324 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys
14:09:26.0035 4324 amdiox64 - ok
14:09:26.0113 4324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:09:26.0191 4324 AmdK8 - ok
14:09:26.0518 4324 amdkmdag (2b8c65b19d3e5664af0cd703799fdaf9) C:\windows\system32\DRIVERS\atikmdag.sys
14:09:26.0924 4324 amdkmdag - ok
14:09:27.0033 4324 amdkmdap (781ebfe2112d4969e024f19f34d49e3e) C:\windows\system32\DRIVERS\atikmpag.sys
14:09:27.0111 4324 amdkmdap - ok
14:09:27.0142 4324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:09:27.0220 4324 AmdPPM - ok
14:09:27.0314 4324 amdsata (ab3166c09438a161fbde13099a72e0af) C:\windows\system32\DRIVERS\amdsata.sys
14:09:27.0361 4324 amdsata - ok
14:09:27.0392 4324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:09:27.0439 4324 amdsbs - ok
14:09:27.0501 4324 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\windows\system32\DRIVERS\amdxata.sys
14:09:27.0532 4324 amdxata - ok
14:09:27.0564 4324 amd_sata (80a508d0c7a21bc13c01d4c671541203) C:\windows\system32\DRIVERS\amd_sata.sys
14:09:27.0610 4324 amd_sata - ok
14:09:27.0626 4324 amd_xata (2be940f3a632a1a301b22b096bf221f1) C:\windows\system32\DRIVERS\amd_xata.sys
14:09:27.0657 4324 amd_xata - ok
14:09:27.0751 4324 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
14:09:27.0922 4324 AppID - ok
14:09:28.0032 4324 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:09:28.0063 4324 arc - ok
14:09:28.0078 4324 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:09:28.0125 4324 arcsas - ok
14:09:28.0141 4324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:09:28.0375 4324 AsyncMac - ok
14:09:28.0468 4324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
14:09:28.0500 4324 atapi - ok
14:09:28.0546 4324 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
14:09:28.0578 4324 AtiHDAudioService - ok
14:09:28.0687 4324 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\windows\system32\DRIVERS\avgntflt.sys
14:09:28.0718 4324 avgntflt - ok
14:09:28.0749 4324 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\windows\system32\DRIVERS\avipbb.sys
14:09:28.0780 4324 avipbb - ok
14:09:28.0890 4324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:09:28.0999 4324 b06bdrv - ok
14:09:29.0092 4324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:09:29.0155 4324 b57nd60a - ok
14:09:29.0248 4324 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:09:29.0373 4324 Beep - ok
14:09:29.0420 4324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:09:29.0482 4324 blbdrive - ok
14:09:29.0592 4324 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
14:09:29.0685 4324 bowser - ok
14:09:29.0779 4324 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
14:09:29.0794 4324 BPntDrv - ok
14:09:29.0857 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:09:29.0935 4324 BrFiltLo - ok
14:09:30.0028 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:09:30.0075 4324 BrFiltUp - ok
14:09:30.0122 4324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:09:30.0216 4324 Brserid - ok
14:09:30.0340 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:09:30.0403 4324 BrSerWdm - ok
14:09:30.0481 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:09:30.0543 4324 BrUsbMdm - ok
14:09:30.0559 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:09:30.0621 4324 BrUsbSer - ok
14:09:30.0699 4324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
14:09:30.0777 4324 BthEnum - ok
14:09:30.0871 4324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:09:30.0933 4324 BTHMODEM - ok
14:09:30.0964 4324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
14:09:31.0042 4324 BthPan - ok
14:09:31.0152 4324 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\windows\system32\Drivers\BTHport.sys
14:09:31.0230 4324 BTHPORT - ok
14:09:31.0339 4324 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\windows\system32\Drivers\BTHUSB.sys
14:09:31.0401 4324 BTHUSB - ok
14:09:31.0432 4324 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\windows\system32\drivers\btusbflt.sys
14:09:31.0464 4324 btusbflt - ok
14:09:31.0542 4324 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys
14:09:31.0573 4324 btwaudio - ok
14:09:31.0620 4324 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\DRIVERS\btwavdt.sys
14:09:31.0651 4324 btwavdt - ok
14:09:31.0744 4324 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
14:09:31.0776 4324 btwl2cap - ok
14:09:31.0791 4324 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys
14:09:31.0822 4324 btwrchid - ok
14:09:31.0885 4324 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:09:31.0978 4324 cdfs - ok
14:09:32.0056 4324 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
14:09:32.0103 4324 cdrom - ok
14:09:32.0166 4324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:09:32.0212 4324 circlass - ok
14:09:32.0306 4324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:09:32.0353 4324 CLFS - ok
14:09:32.0415 4324 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
14:09:32.0446 4324 clwvd - ok
14:09:32.0524 4324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:09:32.0556 4324 CmBatt - ok
14:09:32.0602 4324 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
14:09:32.0618 4324 cmdide - ok
14:09:32.0696 4324 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
14:09:32.0758 4324 CNG - ok
14:09:32.0852 4324 CnxtHdAudService (a1c6ab1d318a05f5cc1c86146ff95f8b) C:\windows\system32\drivers\CHDRT64.sys
14:09:32.0930 4324 CnxtHdAudService - ok
14:09:33.0024 4324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:09:33.0055 4324 Compbatt - ok
14:09:33.0070 4324 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
14:09:33.0117 4324 CompositeBus - ok
14:09:33.0226 4324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:09:33.0242 4324 crcdisk - ok
14:09:33.0336 4324 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
14:09:33.0429 4324 DfsC - ok
14:09:33.0507 4324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:09:33.0616 4324 discache - ok
14:09:33.0632 4324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:09:33.0663 4324 Disk - ok
14:09:33.0757 4324 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:09:33.0819 4324 drmkaud - ok
14:09:33.0866 4324 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\windows\system32\DRIVERS\dtsoftbus01.sys
14:09:33.0913 4324 dtsoftbus01 - ok
14:09:34.0038 4324 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
14:09:34.0116 4324 DXGKrnl - ok
14:09:34.0256 4324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:09:34.0443 4324 ebdrv - ok
14:09:34.0568 4324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:09:34.0630 4324 elxstor - ok
14:09:34.0693 4324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
14:09:34.0755 4324 ErrDev - ok
14:09:34.0849 4324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:09:34.0989 4324 exfat - ok
14:09:35.0083 4324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:09:35.0223 4324 fastfat - ok
14:09:35.0348 4324 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
14:09:35.0379 4324 fbfmon - ok
14:09:35.0410 4324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:09:35.0473 4324 fdc - ok
14:09:35.0582 4324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:09:35.0613 4324 FileInfo - ok
14:09:35.0644 4324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:09:35.0785 4324 Filetrace - ok
14:09:35.0878 4324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:09:35.0925 4324 flpydisk - ok
14:09:35.0941 4324 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
14:09:35.0988 4324 FltMgr - ok
14:09:36.0081 4324 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:09:36.0097 4324 FsDepends - ok
14:09:36.0128 4324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:09:36.0144 4324 Fs_Rec - ok
14:09:36.0190 4324 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
14:09:36.0222 4324 fvevol - ok
14:09:36.0315 4324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:09:36.0346 4324 gagp30kx - ok
14:09:36.0393 4324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:09:36.0471 4324 hcw85cir - ok
14:09:36.0565 4324 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
14:09:36.0627 4324 HdAudAddService - ok
14:09:36.0721 4324 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:09:36.0768 4324 HDAudBus - ok
14:09:36.0861 4324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:09:36.0924 4324 HidBatt - ok
14:09:36.0939 4324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:09:37.0423 4324 HidBth - ok
14:09:37.0516 4324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:09:37.0563 4324 HidIr - ok
14:09:37.0594 4324 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
14:09:37.0626 4324 HidUsb - ok
14:09:37.0735 4324 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
14:09:37.0750 4324 HpSAMD - ok
14:09:37.0797 4324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
14:09:37.0906 4324 HTTP - ok
14:09:38.0000 4324 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
14:09:38.0031 4324 hwpolicy - ok
14:09:38.0062 4324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:09:38.0109 4324 i8042prt - ok
14:09:38.0218 4324 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\windows\system32\DRIVERS\iaStorV.sys
14:09:38.0265 4324 iaStorV - ok
14:09:38.0515 4324 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
14:09:38.0796 4324 igfx - ok
14:09:38.0905 4324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:09:38.0936 4324 iirsp - ok
14:09:38.0967 4324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
14:09:39.0014 4324 intelide - ok
14:09:39.0030 4324 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:09:39.0092 4324 intelppm - ok
14:09:39.0186 4324 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:09:39.0310 4324 IpFilterDriver - ok
14:09:39.0342 4324 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:09:39.0435 4324 IPMIDRV - ok
14:09:39.0466 4324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:09:39.0622 4324 IPNAT - ok
14:09:39.0794 4324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:09:39.0903 4324 IRENUM - ok
14:09:39.0997 4324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
14:09:40.0012 4324 isapnp - ok
14:09:40.0044 4324 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
14:09:40.0075 4324 iScsiPrt - ok
14:09:40.0184 4324 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
14:09:40.0231 4324 k57nd60a - ok
14:09:40.0324 4324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:09:40.0356 4324 kbdclass - ok
14:09:40.0371 4324 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
14:09:40.0418 4324 kbdhid - ok
14:09:40.0512 4324 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
14:09:40.0543 4324 KSecDD - ok
14:09:40.0574 4324 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
14:09:40.0605 4324 KSecPkg - ok
14:09:40.0699 4324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:09:40.0808 4324 ksthunk - ok
14:09:40.0855 4324 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
14:09:40.0870 4324 LHDmgr - ok
14:09:40.0964 4324 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:09:41.0058 4324 lltdio - ok
14:09:41.0167 4324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:09:41.0198 4324 LSI_FC - ok
14:09:41.0214 4324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:09:41.0245 4324 LSI_SAS - ok
14:09:41.0260 4324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:09:41.0276 4324 LSI_SAS2 - ok
14:09:41.0292 4324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:09:41.0323 4324 LSI_SCSI - ok
14:09:41.0354 4324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:09:41.0448 4324 luafv - ok
14:09:41.0557 4324 LVRS64 (f643ef866c3a8aea35f8fcc7ad451f69) C:\windows\system32\DRIVERS\lvrs64.sys
14:09:41.0588 4324 LVRS64 - ok
14:09:41.0728 4324 LVUVC64 (dbed5efeb1a5f51a233a4fd494302c7d) C:\windows\system32\DRIVERS\lvuvc64.sys
14:09:41.0884 4324 LVUVC64 - ok
14:09:42.0040 4324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:09:42.0072 4324 megasas - ok
14:09:42.0103 4324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:09:42.0134 4324 MegaSR - ok
14:09:42.0212 4324 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:09:42.0306 4324 Modem - ok
14:09:42.0337 4324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:09:42.0399 4324 monitor - ok
14:09:42.0477 4324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:09:42.0508 4324 mouclass - ok
14:09:42.0540 4324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:09:42.0571 4324 mouhid - ok
14:09:42.0586 4324 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
14:09:42.0618 4324 mountmgr - ok
14:09:42.0711 4324 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
14:09:42.0758 4324 mpio - ok
14:09:42.0789 4324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:09:42.0883 4324 mpsdrv - ok
14:09:42.0976 4324 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
14:09:43.0039 4324 MRxDAV - ok
14:09:43.0132 4324 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
14:09:43.0195 4324 mrxsmb - ok
14:09:43.0288 4324 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:09:43.0351 4324 mrxsmb10 - ok
14:09:43.0366 4324 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:09:43.0413 4324 mrxsmb20 - ok
14:09:43.0507 4324 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
14:09:43.0538 4324 msahci - ok
14:09:43.0569 4324 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
14:09:43.0600 4324 msdsm - ok
14:09:43.0694 4324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:09:43.0803 4324 Msfs - ok
14:09:43.0834 4324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:09:43.0944 4324 mshidkmdf - ok
14:09:44.0022 4324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
14:09:44.0053 4324 msisadrv - ok
14:09:44.0100 4324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:09:44.0240 4324 MSKSSRV - ok
14:09:44.0349 4324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:09:44.0474 4324 MSPCLOCK - ok
14:09:44.0490 4324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:09:44.0630 4324 MSPQM - ok
14:09:44.0739 4324 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
14:09:44.0786 4324 MsRPC - ok
14:09:44.0817 4324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:09:44.0864 4324 mssmbios - ok
14:09:44.0973 4324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:09:45.0114 4324 MSTEE - ok
14:09:45.0129 4324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:09:45.0238 4324 MTConfig - ok
14:09:45.0332 4324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:09:45.0363 4324 Mup - ok
14:09:45.0410 4324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:09:45.0488 4324 NativeWifiP - ok
14:09:45.0597 4324 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
14:09:45.0691 4324 NDIS - ok
14:09:45.0769 4324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:09:45.0909 4324 NdisCap - ok
14:09:45.0925 4324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:09:46.0034 4324 NdisTapi - ok
14:09:46.0112 4324 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
14:09:46.0237 4324 Ndisuio - ok
14:09:46.0315 4324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
14:09:46.0440 4324 NdisWan - ok
14:09:46.0533 4324 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
14:09:46.0642 4324 NDProxy - ok
14:09:46.0658 4324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:09:46.0752 4324 NetBIOS - ok
14:09:46.0845 4324 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
14:09:46.0954 4324 NetBT - ok
14:09:47.0095 4324 netr28x (52a5d4581583a743c948a9947655c300) C:\windows\system32\DRIVERS\netr28x.sys
14:09:47.0173 4324 netr28x - ok
14:09:47.0407 4324 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
14:09:47.0641 4324 netw5v64 - ok
14:09:47.0750 4324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:09:47.0781 4324 nfrd960 - ok
14:09:47.0812 4324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:09:47.0906 4324 Npfs - ok
14:09:48.0000 4324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:09:48.0093 4324 nsiproxy - ok
14:09:48.0249 4324 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\windows\system32\drivers\Ntfs.sys
14:09:48.0327 4324 Ntfs - ok
14:09:48.0421 4324 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:09:48.0514 4324 Null - ok
14:09:48.0546 4324 nvraid (deab10231cbdb0881fc25428ebe11506) C:\windows\system32\DRIVERS\nvraid.sys
14:09:48.0577 4324 nvraid - ok
14:09:48.0670 4324 nvstor (0af7b8136794e23e87be138992880e64) C:\windows\system32\DRIVERS\nvstor.sys
14:09:48.0702 4324 nvstor - ok
14:09:48.0748 4324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
14:09:48.0764 4324 nv_agp - ok
14:09:48.0858 4324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
14:09:48.0904 4324 ohci1394 - ok
14:09:48.0967 4324 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:09:48.0998 4324 Parport - ok
14:09:49.0076 4324 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
14:09:49.0107 4324 partmgr - ok
14:09:49.0170 4324 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
14:09:49.0201 4324 pci - ok
14:09:49.0263 4324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:09:49.0294 4324 pciide - ok
14:09:49.0341 4324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:09:49.0372 4324 pcmcia - ok
14:09:49.0435 4324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:09:49.0466 4324 pcw - ok
14:09:49.0513 4324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:09:49.0622 4324 PEAUTH - ok
14:09:49.0794 4324 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
14:09:49.0903 4324 PptpMiniport - ok
14:09:49.0996 4324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:09:50.0028 4324 Processor - ok
14:09:50.0137 4324 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
14:09:50.0230 4324 Psched - ok
14:09:50.0371 4324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:09:50.0433 4324 ql2300 - ok
14:09:50.0542 4324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:09:50.0558 4324 ql40xx - ok
14:09:50.0589 4324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:09:50.0652 4324 QWAVEdrv - ok
14:09:50.0730 4324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:09:50.0823 4324 RasAcd - ok
14:09:50.0854 4324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:09:50.0964 4324 RasAgileVpn - ok
14:09:51.0057 4324 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
14:09:51.0151 4324 Rasl2tp - ok
14:09:51.0244 4324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:09:51.0338 4324 RasPppoe - ok
14:09:51.0432 4324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:09:51.0525 4324 RasSstp - ok
14:09:51.0634 4324 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
14:09:51.0728 4324 rdbss - ok
14:09:51.0822 4324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:09:51.0853 4324 rdpbus - ok
14:09:51.0884 4324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:09:51.0978 4324 RDPCDD - ok
14:09:52.0056 4324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:09:52.0196 4324 RDPENCDD - ok
14:09:52.0227 4324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:09:52.0352 4324 RDPREFMP - ok
14:09:52.0399 4324 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
14:09:52.0539 4324 RDPWD - ok
14:09:52.0633 4324 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
14:09:52.0680 4324 rdyboost - ok
14:09:52.0742 4324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
14:09:52.0804 4324 RFCOMM - ok
14:09:52.0929 4324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:09:53.0085 4324 rspndr - ok
14:09:53.0116 4324 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
14:09:53.0163 4324 RSUSBVSTOR - ok
14:09:53.0257 4324 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
14:09:53.0304 4324 RTL8167 - ok
14:09:53.0382 4324 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
14:09:53.0413 4324 sbp2port - ok
14:09:53.0522 4324 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
14:09:53.0662 4324 scfilter - ok
14:09:53.0725 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:09:53.0865 4324 secdrv - ok
14:09:53.0974 4324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:09:54.0021 4324 Serenum - ok
14:09:54.0037 4324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:09:54.0099 4324 Serial - ok
14:09:54.0146 4324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:09:54.0193 4324 sermouse - ok
14:09:54.0271 4324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
14:09:54.0380 4324 sffdisk - ok
14:09:54.0458 4324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:09:54.0505 4324 sffp_mmc - ok
14:09:54.0520 4324 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
14:09:54.0567 4324 sffp_sd - ok
14:09:54.0661 4324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:09:54.0692 4324 sfloppy - ok
14:09:54.0739 4324 Shockprf (c10d453b07e3e7e00e5103bba9bad524) C:\windows\system32\DRIVERS\Apsx64.sys
14:09:54.0770 4324 Shockprf - ok
14:09:54.0864 4324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:09:54.0895 4324 SiSRaid2 - ok
14:09:54.0910 4324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:09:54.0926 4324 SiSRaid4 - ok
14:09:54.0942 4324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:09:55.0051 4324 Smb - ok
14:09:55.0144 4324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:09:55.0176 4324 spldr - ok
14:09:55.0254 4324 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
14:09:55.0300 4324 srv - ok
14:09:55.0410 4324 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
14:09:55.0472 4324 srv2 - ok
14:09:55.0519 4324 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
14:09:55.0566 4324 srvnet - ok
14:09:55.0659 4324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:09:55.0675 4324 stexstor - ok
14:09:55.0706 4324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:09:55.0737 4324 swenum - ok
14:09:55.0862 4324 SynTP (9f97520abf687f5c7856c6f9226d8834) C:\windows\system32\DRIVERS\SynTP.sys
14:09:55.0924 4324 SynTP - ok
14:09:56.0096 4324 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
14:09:56.0174 4324 Tcpip - ok
14:09:56.0330 4324 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
14:09:56.0424 4324 TCPIP6 - ok
14:09:56.0517 4324 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
14:09:56.0611 4324 tcpipreg - ok
14:09:56.0642 4324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:09:56.0736 4324 TDPIPE - ok
14:09:56.0829 4324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:09:56.0938 4324 TDTCP - ok
14:09:56.0954 4324 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
14:09:57.0063 4324 tdx - ok
14:09:57.0141 4324 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
14:09:57.0172 4324 TermDD - ok
14:09:57.0219 4324 TPDIGIMN (74868c001c7214fbd88b1a57ebb04811) C:\windows\system32\DRIVERS\ApsHM64.sys
14:09:57.0250 4324 TPDIGIMN - ok
14:09:57.0360 4324 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
14:09:57.0453 4324 tssecsrv - ok
14:09:57.0484 4324 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
14:09:57.0578 4324 tunnel - ok
14:09:57.0687 4324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:09:57.0703 4324 uagp35 - ok
14:09:57.0734 4324 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
14:09:57.0843 4324 udfs - ok
14:09:57.0952 4324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
14:09:57.0984 4324 uliagpkx - ok
14:09:57.0999 4324 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
14:09:58.0062 4324 umbus - ok
14:09:58.0155 4324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:09:58.0202 4324 UmPass - ok
14:09:58.0311 4324 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
14:09:58.0374 4324 usbaudio - ok
14:09:58.0405 4324 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
14:09:58.0452 4324 usbccgp - ok
14:09:58.0530 4324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
14:09:58.0608 4324 usbcir - ok
14:09:58.0639 4324 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
14:09:58.0701 4324 usbehci - ok
14:09:58.0795 4324 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\windows\system32\DRIVERS\usbfilter.sys
14:09:58.0826 4324 usbfilter - ok
14:09:58.0873 4324 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
14:09:58.0951 4324 usbhub - ok
14:09:59.0029 4324 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
14:09:59.0076 4324 usbohci - ok
14:09:59.0107 4324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:09:59.0185 4324 usbprint - ok
14:09:59.0263 4324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
14:09:59.0341 4324 usbscan - ok
14:09:59.0372 4324 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:09:59.0466 4324 USBSTOR - ok
14:09:59.0559 4324 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
14:09:59.0590 4324 usbuhci - ok
14:09:59.0637 4324 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
14:09:59.0715 4324 usbvideo - ok
14:09:59.0856 4324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
14:09:59.0887 4324 vdrvroot - ok
14:09:59.0918 4324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:09:59.0965 4324 vga - ok
14:09:59.0996 4324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:10:00.0105 4324 VgaSave - ok
14:10:00.0214 4324 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
14:10:00.0246 4324 vhdmp - ok
14:10:00.0277 4324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
14:10:00.0292 4324 viaide - ok
14:10:00.0386 4324 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys
14:10:00.0402 4324 vm2uvcflt - ok
14:10:00.0448 4324 vm332avs (ae855ed728655ef0a14a1ec272ded5cd) C:\windows\system32\Drivers\vm332avs.sys
14:10:00.0464 4324 vm332avs - ok
14:10:00.0558 4324 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
14:10:00.0573 4324 volmgr - ok
14:10:00.0604 4324 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
14:10:00.0651 4324 volmgrx - ok
14:10:00.0682 4324 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
14:10:00.0729 4324 volsnap - ok
14:10:00.0745 4324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:10:00.0776 4324 vsmraid - ok
14:10:00.0838 4324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:10:00.0885 4324 vwifibus - ok
14:10:00.0932 4324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:10:01.0010 4324 vwififlt - ok
14:10:01.0104 4324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:10:01.0135 4324 WacomPen - ok
14:10:01.0197 4324 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:10:01.0291 4324 WANARP - ok
14:10:01.0306 4324 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:10:01.0384 4324 Wanarpv6 - ok
14:10:01.0556 4324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:10:01.0587 4324 Wd - ok
14:10:01.0650 4324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:10:01.0696 4324 Wdf01000 - ok
14:10:01.0790 4324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:10:01.0868 4324 WfpLwf - ok
14:10:01.0946 4324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:10:01.0962 4324 WIMMount - ok
14:10:02.0102 4324 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Users\bastian\tools\BrazosTweaker\WinRing0x64.sys
14:10:02.0133 4324 WinRing0_1_2_0 - ok
14:10:02.0258 4324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:10:02.0305 4324 WmiAcpi - ok
14:10:02.0367 4324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:10:02.0476 4324 ws2ifsl - ok
14:10:02.0570 4324 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
14:10:02.0601 4324 wsvd - ok
14:10:02.0664 4324 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
14:10:02.0757 4324 WudfPf - ok
14:10:02.0820 4324 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
14:10:02.0913 4324 WUDFRd - ok
14:10:02.0991 4324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:10:03.0132 4324 \Device\Harddisk0\DR0 - ok
14:10:03.0147 4324 Boot (0x1200) (56c081963d9bf64a460e4ea96105e128) \Device\Harddisk0\DR0\Partition0
14:10:03.0147 4324 \Device\Harddisk0\DR0\Partition0 - ok
14:10:03.0194 4324 Boot (0x1200) (21e54170c60550a2ac9ac2dc91bb08db) \Device\Harddisk0\DR0\Partition1
14:10:03.0194 4324 \Device\Harddisk0\DR0\Partition1 - ok
14:10:03.0225 4324 Boot (0x1200) (e14f48dc9e4f6a351a895f7bba032e62) \Device\Harddisk0\DR0\Partition2
14:10:03.0225 4324 \Device\Harddisk0\DR0\Partition2 - ok
14:10:03.0225 4324 ============================================================
14:10:03.0225 4324 Scan finished
14:10:03.0225 4324 ============================================================
14:10:03.0241 0520 Detected object count: 0
14:10:03.0241 0520 Actual detected object count: 0

# Step 3 #
Combofix

Here the log. Scan ran smoothely. Didn't rouch anything during scanning.

ComboFix 12-03-16.05 - bastian 17.03.2012 14:26:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3689.2541 [GMT 1:00]
ausgeführt von:: c:\users\bastian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-17 bis 2012-03-17 ))))))))))))))))))))))))))))))
.
.
2012-03-17 13:40 . 2012-03-17 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 19:35 . 2012-03-08 19:35 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{21A074E9-B1B8-41EC-9EF6-494738143C30}\offreg.dll
2012-03-06 23:41 . 2012-03-06 23:41 -------- d-----w- c:\users\bastian\AppData\Roaming\Malwarebytes
2012-03-06 23:40 . 2012-03-06 23:40 -------- d-----w- c:\programdata\Malwarebytes
2012-03-06 23:40 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:40 . 2012-03-06 23:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-06 23:04 . 2012-03-06 23:06 -------- d-sh--w- c:\users\bastian\AppData\Local\1703bc35
2012-02-18 16:29 . 2012-02-18 16:29 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 13:00 . 2011-05-22 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-20 336384]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-09 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-4-10 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-5-10 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BrazosTweaker;BrazosTweaker service;c:\program files\BrazosTweaker\BrazosTweakerService.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\bastian\tools\BrazosTweaker\WinRing0x64.sys [2011-09-13 14544]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-20 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\bastian\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 08019250
*NewlyCreated* - ALSYSIO
*Deregistered* - 08019250
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-09 20:15 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}"="c:\program files\CapsLK OSD\64\CAPSOSD.EXE" [2010-10-25 3699752]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-03-09 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-03-09 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-03-09 5374880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\bastian\AppData\Roaming\Mozilla\Firefox\Profiles\d85728ow.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-17 14:47:08
ComboFix-quarantined-files.txt 2012-03-17 13:47
.
Vor Suchlauf: 12 Verzeichnis(se), 345.896.103.936 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 346.046.689.280 Bytes frei
.
- - End Of File - - 0ED445A3E1BAA750413419C96D7F8F0F

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

The computer is running smoothly - no unexpected windows, slow internet whatsoever. I cannot see any sign of malware/virus. Do you think I'm safe by now?

[WhiteHat]

Hi,

# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:

• Foxit PDF Creator Toolbar

# Step 2 #

Close any open browsers.

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Go to Start > Run and write (Copy/Paste): Notepad.exe. Then click in Ok.
• copy/paste the text in the quotebox below to notepad
  
  

  Folder::
  c:\users\bastian\AppData\Local\1703bc35
  c:\program files (x86)\Ask.com
  
  
  Registry::
  [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Refering to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

[maniac.7]

# Step 1 -Remove Foxit PDF Creator Toolbar #

Done.

# Step 2 - Combofix #

Ran without problems.
Here's the log:

ComboFix 12-03-16.05 - bastian 21.03.2012 1:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3689.2633 [GMT 1:00]
ausgeführt von:: c:\users\bastian\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bastian\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bastian\AppData\Local\1703bc35
c:\users\bastian\AppData\Local\1703bc35\@
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-21 bis 2012-03-21 ))))))))))))))))))))))))))))))
.
.
2012-03-21 00:12 . 2012-03-21 00:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 00:31 . 2012-03-01 13:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7A8EC50-FE22-41F4-B663-F2BA0A9602EA}\mpengine.dll
2012-03-06 23:41 . 2012-03-06 23:41 -------- d-----w- c:\users\bastian\AppData\Roaming\Malwarebytes
2012-03-06 23:40 . 2012-03-06 23:40 -------- d-----w- c:\programdata\Malwarebytes
2012-03-06 23:40 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:40 . 2012-03-06 23:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 13:00 . 2011-05-22 01:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-04-15 19:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-17_13.41.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-20 23:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-17 12:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-17 12:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 23:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 23:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 12:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-10 10:48 . 2012-03-20 23:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-10 10:48 . 2012-03-17 13:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-10 10:48 . 2012-03-20 23:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-10 10:48 . 2012-03-17 13:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-04 08:49 . 2012-03-18 09:33 284122 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-04-03 21:12 . 2012-03-20 23:49 348800 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-04-03 21:12 . 2012-03-17 12:24 348800 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-17 12:26 607190 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-20 23:52 607190 c:\windows\system32\perfh009.dat
- 2011-03-10 02:50 . 2012-03-17 12:26 643866 c:\windows\system32\perfh007.dat
+ 2011-03-10 02:50 . 2012-03-20 23:52 643866 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-03-17 12:26 103568 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-20 23:52 103568 c:\windows\system32\perfc009.dat
- 2011-03-10 02:50 . 2012-03-17 12:26 126394 c:\windows\system32\perfc007.dat
+ 2011-03-10 02:50 . 2012-03-20 23:52 126394 c:\windows\system32\perfc007.dat
+ 2009-07-14 02:34 . 2012-03-18 09:53 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-17 12:44 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-20 336384]
"332BigDog"="c:\program files (x86)\USB Camera2\VM332_STI.EXE" [2010-01-19 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-03-09 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2011-4-10 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-5-10 1083680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BrazosTweaker;BrazosTweaker service;c:\program files\BrazosTweaker\BrazosTweakerService.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\bastian\tools\BrazosTweaker\WinRing0x64.sys [2011-09-13 14544]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-20 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CobianBackup10;Cobian Backup 10;c:\program files (x86)\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 ALSysIO;ALSysIO;c:\users\bastian\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vm2uvcflt;Vimicro USB Camera Filter 2;c:\windows\system32\Drivers\vm2uvcflt.sys [x]
S3 vm332avs;Lenovo Camera2;c:\windows\system32\Drivers\vm332avs.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 08019250
*NewlyCreated* - ALSYSIO
*Deregistered* - 08019250
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\bastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-09 20:15 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}"="c:\program files\CapsLK OSD\64\CAPSOSD.EXE" [2010-10-25 3699752]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2010-03-15 231328]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-03-09 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-03-09 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-03-09 5374880]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\bastian\AppData\Roaming\Mozilla\Firefox\Profiles\d85728ow.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-21 01:17:53
ComboFix-quarantined-files.txt 2012-03-21 00:17
ComboFix2.txt 2012-03-17 13:47
.
Vor Suchlauf: 16 Verzeichnis(se), 345.188.749.312 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 346.207.158.272 Bytes frei
.
- - End Of File - - ADFF1BCBAD0FB1E1E024BEFC8A8B64D3

[WhiteHat]

Hi,

How is your computer?

Disable your antivirus software

• Acess the Eset Online Scanner website using Internet Explorer navigator.
  http://www.eset.com/...escan/index.php
• Do the scan according the image:
  
  
  
• At the end, check the box "Delete Quarantined files" and click in [FINISH]
• It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
  PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
• Post that log.

[NeonFx]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.