Trojaner-Board - "http://www.searchqu.com/406" Befall

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - "http://www.searchqu.com/406" Befall (https://www.trojaner-board.de/108765-http-www-searchqu-com-406-befall.html)

"http://www.searchqu.com/406" Befall

Hallo, ich hab mir dieses "hxxp://www.searchqu.com/406" eingefangen.
Nach Lesen vieler Threads hier, habe ich bereits Malware, Eset und OTL laufen lassen und die Auswertungen vorliegen.
Es kommt wohl von einer toolbar "ilivid", die ungewollt installiert wurde...
Ganz vielen lieben Dank, wenn mir jemand helfen könnte, nach dem Lesen der Formsregeln hab ich mich nicht getraut, eine Kösung aus den anderen Posts umzusetzen (OTL Fix).

Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

:stirn: danke für deine Antwort, war mir nicht sicher, ob ich das alles gleich posten soll

Malware:

Code:

  
 

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.30.01
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Anna :: ANNA-PC [Administrator]
 

Schutz: Aktiviert
 

30.01.2012 09:47:25

mbam-log-2012-01-30 (09-47-25).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 176853

Laufzeit: 8 Minute(n), 16 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Eset:

Code:

  

C:\Program Files\FoxTabAVIConverter\AviConverter.exe        a variant of Win32/InstallCore.A application

C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll        Win32/Toolbar.SearchSuite application

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application

C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT4QYYFM\SetupDataMngr_Searchqu[1].exe        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe        a variant of Win32/SoftonicDownloader.A application

D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe        Win32/SoftonicDownloader application

Operating memory        a variant of Win32/Toolbar.SearchSuite application

und hier die OTL Logs:

OTL Logfile:

Code:

OTL logfile created on: 1/30/2012 12:21:58 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.00% Memory free

5.98 Gb Paging File | 4.25 Gb Available in Paging File | 71.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 124.51 Gb Total Space | 73.98 Gb Free Space | 59.41% Space Free | Partition Type: NTFS

Drive D: | 158.48 Gb Total Space | 108.60 Gb Free Space | 68.53% Space Free | Partition Type: NTFS

 

Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/30 10:35:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Programmdateien\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/04 21:48:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/07/07 08:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe

PRC - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/10 14:47:06 | 000,488,840 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe

PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/05 07:28:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/12/14 08:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/12/04 21:48:45 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/06/27 09:00:11 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2010/12/10 14:47:08 | 000,150,920 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll

MOD - [2010/12/10 14:47:08 | 000,046,472 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll

MOD - [2010/12/10 14:46:18 | 007,508,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll

MOD - [2010/12/10 14:46:18 | 002,101,760 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll

MOD - [2010/12/10 14:46:18 | 000,911,872 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll

MOD - [2010/12/10 14:46:18 | 000,334,848 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll

MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/12/10 22:45:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/12/09 14:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2011/06/29 09:24:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/29 09:24:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/10 11:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2010/01/08 07:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/11/25 22:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/06/27 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 21:48:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 09:12:14 | 000,000,000 | ---D | M]

 

[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions

[2012/01/10 18:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\d7fasik6.default\extensions

[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\d7fasik6.default\searchplugins\Search_Results.xml

[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/11/08 09:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/12/04 21:48:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/04 21:48:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/12/04 21:48:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/04 21:48:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011/12/04 21:48:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/09/18 20:53:48 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2011/12/04 21:48:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/12/04 21:48:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{667C7950-A3FE-411C-8786-43D82AF892B9}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/30 10:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/01/30 09:46:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes

[2012/01/30 09:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/30 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/30 09:45:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/30 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Apple Computer

[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple Computer

[2012/01/30 09:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/30 09:22:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple

[2012/01/30 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/01/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/01/12 20:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/01/10 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Ilivid Player

[2012/01/10 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar

[2012/01/10 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Systweak

[2012/01/10 15:14:52 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/30 10:51:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/30 09:45:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 09:03:01 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012/01/27 09:03:01 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/01/27 09:03:01 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012/01/27 09:03:01 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/01/27 08:57:35 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys

 
 ========== Files Created - No Company Name ==========

 

[2012/01/30 09:45:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/30 09:22:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011/02/05 22:05:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/19 21:36:56 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat

[2011/01/19 21:36:56 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat

[2011/01/19 21:36:56 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat

[2011/01/19 21:36:56 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat

[2011/01/08 10:01:08 | 000,038,440 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2010/09/24 20:04:12 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg

[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/03/05 23:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2010/03/05 23:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2010/03/05 23:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2010/03/05 23:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2010/03/05 06:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2010/03/05 05:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/03/05 05:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe

[2010/01/07 16:18:52 | 000,040,588 | ---- | C] () -- C:\windows\System32\nvcoproc.bin

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,429,856 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat

[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat

[2007/04/06 23:26:10 | 000,011,264 | ---- | C] () -- C:\windows\System32\sssegfilter.dll

[2007/04/06 23:26:08 | 000,217,088 | ---- | C] () -- C:\windows\System32\ssminidriver.dll

[2007/04/06 23:26:08 | 000,027,136 | ---- | C] () -- C:\windows\System32\ssimgfilter.dll

[2007/04/06 23:26:06 | 000,010,752 | ---- | C] () -- C:\windows\System32\sserrhandler.dll

[2007/03/15 15:25:42 | 000,022,723 | ---- | C] () -- C:\windows\System32\wcpe12v3.dll

[2006/10/08 18:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

 
 ========== LOP Check ==========

 

[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor

[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn

[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft

[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak

[2011/05/22 20:50:05 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011/09/18 06:26:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010/03/05 05:25:32 | 000,000,000 | ---D | M] -- C:\Intel

[2010/09/18 20:24:58 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011/03/01 18:52:18 | 000,000,000 | ---D | M] -- C:\Neuer Ordner

[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/01/30 10:25:32 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/01/30 09:45:45 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010/09/09 20:46:41 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012/01/30 12:25:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010/09/09 20:47:53 | 000,000,000 | R--D | M] -- C:\Users

[2011/07/02 10:03:18 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: AFD.SYS  >

[2011/04/25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys

[2010/11/20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys

[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys

[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys

[2011/04/25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys

[2011/04/25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

[2009/07/14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

 
 < MD5 for: EXPLORER.EXE  >

[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe

[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-27 08:02:55

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\******.jpeg:3or4kl4x13tuuug3Byamue2s4b
 

< End of report >

--- --- ---

Extras:

OTL Logfile:

Code:

OTL Extras logfile created on: 1/30/2012 12:21:58 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.00% Memory free

5.98 Gb Paging File | 4.25 Gb Available in Paging File | 71.12% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 124.51 Gb Total Space | 73.98 Gb Free Space | 59.41% Space Free | Partition Type: NTFS

Drive D: | 158.48 Gb Total Space | 108.60 Gb Free Space | 68.53% Space Free | Partition Type: NTFS

 

Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime

"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager

"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager

"{3B0F1CBB-A317-4E2F-BF4E-F5947064DD25}" = BMWi-Updater

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3CD4C30E-BD82-4592-B64A-8AD9784ECA9F}" = BMWi-Softwarepaket 10

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{525BA381-389C-4975-BDD3-C36DCF66D5BD}" = BMWi Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79846AA4-622E-5B48-18B2-02F53F423DFE}" = BMWi-Businessplaner Fuehren

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2

"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E24242E3-A4FF-FC3C-05F2-C83A9C821971}" = BMWi-Businessplaner Gruenden

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BMWi Updater" = BMWi Updater

"BMWiBusinessplanerFuehren" = BMWi-Businessplaner Fuehren

"BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gruenden

"BMWi-Softwarepaket 10" = BMWi-Softwarepaket 10

"DVD Flick_is1" = DVD Flick 1.3.0.7

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"ifolor-OrderClient" = ifolor Bestellsoftware 3.7

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)

"MyTomTom" = MyTomTom 3.0.1.203

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa 3" = Picasa 3

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Warenwirtschaft" = BMWi - Warenwirtschaft

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/8/2011 6:38:36 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/8/2011 6:38:44 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\BMWi

 Updater\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\BMWi

 Updater\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element

 ist ungültig.

 

Error - 12/12/2011 10:08:18 AM | Computer Name = Anna-PC | Source = Application Hang | ID = 1002

Description = Programm Power2Go.exe, Version 6.0.0.3108 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 678    Startzeit: 

01ccb8d5f8a01b53    Endzeit: 51    Anwendungspfad: C:\Program Files\CyberLink\Power2Go\Power2Go.exe
 

Berichts-ID:

 b7b2f843-24ca-11e1-a514-00245485ac0b  

 

Error - 12/13/2011 9:00:25 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials

 9\tbhsd\tools64\cleanup.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/13/2011 9:00:28 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\Updater\DelZip179.dll".

 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\Updater\DelZip179.dll"

 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist

 ungültig.

 

Error - 12/13/2011 9:00:32 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung

 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 

"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/13/2011 9:00:40 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials

 9\tbhsd\tools64\uninstall.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/13/2011 9:00:43 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials

 9\tbhsd\tools64\install.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/13/2011 9:00:50 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".

Die

 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 12/13/2011 9:00:57 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\BMWi

 Updater\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\BMWi

 Updater\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element

 ist ungültig.

 

[ OSession Events ]

Error - 1/17/2011 4:52:36 PM | Computer Name = Anna-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1851

 seconds with 480 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 9/22/2011 6:42:32 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/22/2011 3:50:58 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/22/2011 3:58:11 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/22/2011 5:26:49 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/22/2011 5:31:53 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/23/2011 2:30:53 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/23/2011 9:38:07 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/25/2011 4:35:13 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/26/2011 2:35:35 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

Error - 9/26/2011 2:35:38 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004

Description = 

 

 

< End of report >

--- --- ---

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

nein, das heute war zum ersten mal.

muss jetzt erstmal los, ich antworte spät heut abend wieder
danke!

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo, hat etwas gedauert, aber hier jetzt die neuen logs:

malware:

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.30.03
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Anna :: ANNA-PC [Administrator]
 

Schutz: Aktiviert
 

30.01.2012 20:34:53

mbam-log-2012-01-30 (22-16-15).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 378660

Laufzeit: 1 Stunde(n), 40 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
 

(Ende)

Eset:

Code:

C:\Program Files\FoxTabAVIConverter\AviConverter.exe        a variant of Win32/InstallCore.A application

C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll        Win32/Toolbar.SearchSuite application

C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application

C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT4QYYFM\SetupDataMngr_Searchqu[1].exe        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        a variant of Win32/Toolbar.SearchSuite application

C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe        a variant of Win32/SoftonicDownloader.A application

D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe        Win32/SoftonicDownloader application

Operating memory        a variant of Win32/Toolbar.SearchSuite application

Danke :)

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

guten abend,
hier das letzte log von OTL

OTL Logfile:

Code:

OTL logfile created on: 1/31/2012 3:50:40 PM - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.99 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.30% Memory free

5.98 Gb Paging File | 4.60 Gb Available in Paging File | 77.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 124.51 Gb Total Space | 72.84 Gb Free Space | 58.50% Space Free | Partition Type: NTFS

Drive D: | 158.48 Gb Total Space | 108.38 Gb Free Space | 68.39% Space Free | Partition Type: NTFS

 

Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/01/30 10:35:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Programmdateien\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/07/07 08:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe

PRC - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/10 14:47:06 | 000,488,840 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe

PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/05 07:28:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/12/14 08:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/12/10 14:47:08 | 000,150,920 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll

MOD - [2010/12/10 14:47:08 | 000,046,472 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll

MOD - [2010/12/10 14:46:18 | 007,508,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll

MOD - [2010/12/10 14:46:18 | 002,101,760 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll

MOD - [2010/12/10 14:46:18 | 000,911,872 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll

MOD - [2010/12/10 14:46:18 | 000,334,848 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll

MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE

MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/12/10 22:45:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/12/09 14:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)

DRV - [2011/06/29 09:24:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/06/29 09:24:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/06/10 11:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2010/01/08 07:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/11/25 22:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/06/27 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 21:48:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 09:12:14 | 000,000,000 | ---D | M]

 

[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions

[2012/01/30 13:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\d7fasik6.default\extensions

[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\d7fasik6.default\searchplugins\Search_Results.xml

[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/11/08 09:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/12/04 21:48:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/04 21:48:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/12/04 21:48:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/12/04 21:48:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011/12/04 21:48:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/09/18 20:53:48 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2011/12/04 21:48:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/12/04 21:48:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{667C7950-A3FE-411C-8786-43D82AF892B9}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: MyTomTomSA.exe - hkey= - key= - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)

MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - 

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: McMPFSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/30 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\ElevatedDiagnostics

[2012/01/30 15:09:31 | 000,000,000 | ---D | C] -- C:\windows\pss

[2012/01/30 10:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/01/30 09:46:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes

[2012/01/30 09:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/30 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/30 09:45:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/30 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Apple Computer

[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple Computer

[2012/01/30 09:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/01/30 09:22:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple

[2012/01/30 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012/01/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/01/12 20:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/01/10 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Ilivid Player

[2012/01/10 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar

[2012/01/10 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Systweak

[2012/01/10 15:14:52 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/01/31 13:29:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/30 14:45:51 | 000,186,182 | ---- | M] () -- C:\Users\Anna\Documents\Pole emploi jan2012 Unidialog_0639922T_1327931056769.pdf

[2012/01/30 09:45:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/27 09:03:01 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012/01/27 09:03:01 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/01/27 09:03:01 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012/01/27 09:03:01 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/01/27 08:57:35 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys

 
 ========== Files Created - No Company Name ==========

 

[2012/01/30 14:45:51 | 000,186,182 | ---- | C] () -- C:\Users\Anna\Documents\Pole emploi jan2012 Unidialog_0639922T_1327931056769.pdf

[2012/01/30 09:45:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/30 09:22:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011/02/05 22:05:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/19 21:36:56 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat

[2011/01/19 21:36:56 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat

[2011/01/19 21:36:56 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat

[2011/01/19 21:36:56 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat

[2011/01/08 10:01:08 | 000,038,440 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Kommagetrennte Werte (Windows).ADR

[2010/09/24 20:04:12 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg

[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010/03/05 23:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2010/03/05 23:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2010/03/05 23:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2010/03/05 23:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2010/03/05 06:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2010/03/05 05:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/03/05 05:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe

[2010/01/07 16:18:52 | 000,040,588 | ---- | C] () -- C:\windows\System32\nvcoproc.bin

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,429,856 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat

[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat

[2007/04/06 23:26:10 | 000,011,264 | ---- | C] () -- C:\windows\System32\sssegfilter.dll

[2007/04/06 23:26:08 | 000,217,088 | ---- | C] () -- C:\windows\System32\ssminidriver.dll

[2007/04/06 23:26:08 | 000,027,136 | ---- | C] () -- C:\windows\System32\ssimgfilter.dll

[2007/04/06 23:26:06 | 000,010,752 | ---- | C] () -- C:\windows\System32\sserrhandler.dll

[2007/03/15 15:25:42 | 000,022,723 | ---- | C] () -- C:\windows\System32\wcpe12v3.dll

[2006/10/08 18:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

 
 ========== LOP Check ==========

 

[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor

[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn

[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft

[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak

[2011/05/22 20:50:05 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/05/16 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Adobe

[2012/01/31 13:32:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Apple Computer

[2010/09/26 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Avira

[2011/11/30 20:36:08 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\CyberLink

[2011/03/14 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVD Flick

[2010/09/10 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Google

[2010/09/09 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Identities

[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor

[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn

[2010/10/07 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Macromedia

[2012/01/30 09:46:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Malwarebytes

[2010/03/05 23:03:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Media Center Programs

[2011/09/12 08:56:09 | 000,000,000 | --SD | M] -- C:\Users\Anna\AppData\Roaming\Microsoft

[2010/09/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla

[2012/01/30 10:06:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Skype

[2011/07/18 08:10:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\skypePM

[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft

[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak

[2011/03/21 20:19:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011/05/16 11:51:24 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007/05/17 13:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2009/11/20 06:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\drivers\iaStor.sys

[2009/11/20 06:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_a3da184953a37ce8\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b
 

< End of report >

--- --- ---

normalerweise downloade ich bei chip.de oder pcwelt.de, wer weiß was ich da gesucht hab :headbang:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe

SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b

:Files

C:\Program Files\Windows iLivid Toolbar

C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo, hier das neue Log:

Code:



All processes killed

========== OTL ==========

Process Rezip.exe killed successfully!

Service Rezip stopped successfully!

Service Rezip deleted successfully!

C:\Windows\System32\Rezip.exe moved successfully.

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Search Results" removed from browser.search.selectedEngine

Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage

Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\ProgramData\FullRemove.exe moved successfully.

Unable to delete ADS C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b .

========== FILES ==========

File\Folder C:\Program Files\Windows iLivid Toolbar not found.

C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Anna

->Temp folder emptied: 153987547 bytes

->Temporary Internet Files folder emptied: 140673510 bytes

->Java cache emptied: 1103090 bytes

->FireFox cache emptied: 1053883856 bytes

->Flash cache emptied: 90090 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 290491884 bytes

RecycleBin emptied: 4595871352 bytes

 

Total Files Cleaned = 5,947.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02012012_111337
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Anna\AppData\Local\Temp\WER50A3.tmp.resp.erc.xml not found!

File\Folder C:\Users\Anna\AppData\Local\Temp\WER50A4.tmp.resp not found!
 

Registry entries deleted on Reboot...

Hallo, hab gesehen, das das eine Bild nicht gelöscht wurde, kann ich das von Hand machen?

Code:

Unable to delete ADS C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b .

Nicht das Bild, sondern der ADS sollte gelöscht werden.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Kapersky hat nix gefunden:

Code:

12:18:11.0976 2724        TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49

12:18:12.0272 2724        ============================================================

12:18:12.0272 2724        Current date / time: 2012/02/01 12:18:12.0272

12:18:12.0272 2724        SystemInfo:

12:18:12.0272 2724        

12:18:12.0272 2724        OS Version: 6.1.7601 ServicePack: 1.0

12:18:12.0272 2724        Product type: Workstation

12:18:12.0272 2724        ComputerName: ANNA-PC

12:18:12.0272 2724        UserName: Anna

12:18:12.0272 2724        Windows directory: C:\windows

12:18:12.0272 2724        System windows directory: C:\windows

12:18:12.0272 2724        Processor architecture: Intel x86

12:18:12.0272 2724        Number of processors: 4

12:18:12.0272 2724        Page size: 0x1000

12:18:12.0272 2724        Boot type: Normal boot

12:18:12.0272 2724        ============================================================

12:18:12.0990 2724        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:18:13.0005 2724        \Device\Harddisk0\DR0:

12:18:13.0005 2724        MBR used

12:18:13.0005 2724        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

12:18:13.0005 2724        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xF907000

12:18:13.0005 2724        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1173A000, BlocksNum 0x13CF4000

12:18:13.0068 2724        Initialize success

12:18:13.0068 2724        ============================================================

12:18:58.0513 3712        ============================================================

12:18:58.0513 3712        Scan started

12:18:58.0513 3712        Mode: Manual; 

12:18:58.0513 3712        ============================================================

12:18:59.0355 3712        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

12:18:59.0355 3712        1394ohci - ok

12:18:59.0417 3712        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

12:18:59.0417 3712        ACPI - ok

12:18:59.0542 3712        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

12:18:59.0542 3712        AcpiPmi - ok

12:18:59.0620 3712        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

12:18:59.0636 3712        adp94xx - ok

12:18:59.0729 3712        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

12:18:59.0729 3712        adpahci - ok

12:18:59.0792 3712        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

12:18:59.0792 3712        adpu320 - ok

12:18:59.0917 3712        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

12:18:59.0932 3712        AFD - ok

12:18:59.0995 3712        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

12:18:59.0995 3712        agp440 - ok

12:19:00.0073 3712        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

12:19:00.0088 3712        aic78xx - ok

12:19:00.0197 3712        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

12:19:00.0197 3712        aliide - ok

12:19:00.0260 3712        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

12:19:00.0260 3712        amdagp - ok

12:19:00.0353 3712        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

12:19:00.0353 3712        amdide - ok

12:19:00.0416 3712        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

12:19:00.0416 3712        AmdK8 - ok

12:19:00.0509 3712        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

12:19:00.0525 3712        AmdPPM - ok

12:19:00.0556 3712        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

12:19:00.0556 3712        amdsata - ok

12:19:00.0650 3712        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

12:19:00.0665 3712        amdsbs - ok

12:19:00.0697 3712        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

12:19:00.0697 3712        amdxata - ok

12:19:00.0884 3712        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

12:19:00.0884 3712        AppID - ok

12:19:01.0009 3712        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

12:19:01.0009 3712        arc - ok

12:19:01.0040 3712        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

12:19:01.0040 3712        arcsas - ok

12:19:01.0149 3712        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

12:19:01.0149 3712        AsyncMac - ok

12:19:01.0196 3712        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

12:19:01.0211 3712        atapi - ok

12:19:01.0336 3712        athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys

12:19:01.0352 3712        athr - ok

12:19:01.0477 3712        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

12:19:01.0492 3712        avgntflt - ok

12:19:01.0617 3712        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

12:19:01.0617 3712        avipbb - ok

12:19:01.0742 3712        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

12:19:01.0757 3712        b06bdrv - ok

12:19:01.0867 3712        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

12:19:01.0882 3712        b57nd60x - ok

12:19:01.0929 3712        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

12:19:01.0929 3712        Beep - ok

12:19:02.0054 3712        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

12:19:02.0054 3712        blbdrive - ok

12:19:02.0179 3712        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

12:19:02.0179 3712        bowser - ok

12:19:02.0241 3712        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

12:19:02.0241 3712        BrFiltLo - ok

12:19:02.0350 3712        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

12:19:02.0350 3712        BrFiltUp - ok

12:19:02.0397 3712        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

12:19:02.0413 3712        Brserid - ok

12:19:02.0491 3712        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

12:19:02.0506 3712        BrSerWdm - ok

12:19:02.0522 3712        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

12:19:02.0522 3712        BrUsbMdm - ok

12:19:02.0553 3712        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

12:19:02.0553 3712        BrUsbSer - ok

12:19:02.0662 3712        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

12:19:02.0662 3712        BthEnum - ok

12:19:02.0709 3712        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

12:19:02.0709 3712        BTHMODEM - ok

12:19:02.0803 3712        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

12:19:02.0803 3712        BthPan - ok

12:19:02.0943 3712        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

12:19:02.0943 3712        BTHPORT - ok

12:19:03.0068 3712        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

12:19:03.0068 3712        BTHUSB - ok

12:19:03.0115 3712        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

12:19:03.0115 3712        cdfs - ok

12:19:03.0239 3712        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

12:19:03.0239 3712        cdrom - ok

12:19:03.0349 3712        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

12:19:03.0349 3712        circlass - ok

12:19:03.0395 3712        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

12:19:03.0395 3712        CLFS - ok

12:19:03.0489 3712        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

12:19:03.0489 3712        CmBatt - ok

12:19:03.0505 3712        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

12:19:03.0505 3712        cmdide - ok

12:19:03.0598 3712        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

12:19:03.0614 3712        CNG - ok

12:19:03.0676 3712        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

12:19:03.0676 3712        Compbatt - ok

12:19:03.0754 3712        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

12:19:03.0754 3712        CompositeBus - ok

12:19:03.0817 3712        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

12:19:03.0817 3712        crcdisk - ok

12:19:03.0910 3712        CryptOSD        (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys

12:19:03.0926 3712        CryptOSD - ok

12:19:04.0051 3712        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

12:19:04.0051 3712        DfsC - ok

12:19:04.0097 3712        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

12:19:04.0097 3712        discache - ok

12:19:04.0175 3712        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

12:19:04.0175 3712        Disk - ok

12:19:04.0222 3712        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

12:19:04.0222 3712        drmkaud - ok

12:19:04.0269 3712        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

12:19:04.0285 3712        DXGKrnl - ok

12:19:04.0456 3712        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

12:19:04.0487 3712        ebdrv - ok

12:19:04.0612 3712        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

12:19:04.0628 3712        elxstor - ok

12:19:04.0721 3712        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

12:19:04.0721 3712        ErrDev - ok

12:19:04.0815 3712        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

12:19:04.0815 3712        exfat - ok

12:19:04.0862 3712        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

12:19:04.0862 3712        fastfat - ok

12:19:04.0987 3712        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

12:19:04.0987 3712        fdc - ok

12:19:05.0033 3712        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

12:19:05.0033 3712        FileInfo - ok

12:19:05.0049 3712        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

12:19:05.0049 3712        Filetrace - ok

12:19:05.0158 3712        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

12:19:05.0158 3712        flpydisk - ok

12:19:05.0189 3712        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

12:19:05.0205 3712        FltMgr - ok

12:19:05.0299 3712        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

12:19:05.0299 3712        FsDepends - ok

12:19:05.0345 3712        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

12:19:05.0345 3712        fssfltr - ok

12:19:05.0455 3712        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

12:19:05.0455 3712        Fs_Rec - ok

12:19:05.0517 3712        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

12:19:05.0517 3712        fvevol - ok

12:19:05.0611 3712        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

12:19:05.0611 3712        gagp30kx - ok

12:19:05.0689 3712        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:19:05.0689 3712        GEARAspiWDM - ok

12:19:05.0798 3712        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

12:19:05.0798 3712        hcw85cir - ok

12:19:05.0860 3712        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

12:19:05.0876 3712        HdAudAddService - ok

12:19:05.0969 3712        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

12:19:05.0969 3712        HDAudBus - ok

12:19:06.0001 3712        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

12:19:06.0001 3712        HidBatt - ok

12:19:06.0047 3712        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

12:19:06.0047 3712        HidBth - ok

12:19:06.0125 3712        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

12:19:06.0125 3712        HidIr - ok

12:19:06.0203 3712        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

12:19:06.0203 3712        HidUsb - ok

12:19:06.0281 3712        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

12:19:06.0281 3712        HpSAMD - ok

12:19:06.0359 3712        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

12:19:06.0375 3712        HTTP - ok

12:19:06.0469 3712        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

12:19:06.0469 3712        hwpolicy - ok

12:19:06.0578 3712        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

12:19:06.0578 3712        i8042prt - ok

12:19:06.0609 3712        iaStor          (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys

12:19:06.0625 3712        iaStor - ok

12:19:06.0718 3712        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

12:19:06.0734 3712        iaStorV - ok

12:19:06.0905 3712        igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys

12:19:07.0030 3712        igfx - ok

12:19:07.0139 3712        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

12:19:07.0139 3712        iirsp - ok

12:19:07.0264 3712        Impcd           (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys

12:19:07.0264 3712        Impcd - ok

12:19:07.0451 3712        IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys

12:19:07.0529 3712        IntcAzAudAddService - ok

12:19:07.0639 3712        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

12:19:07.0639 3712        intelide - ok

12:19:07.0670 3712        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

12:19:07.0670 3712        intelppm - ok

12:19:07.0763 3712        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:19:07.0779 3712        IpFilterDriver - ok

12:19:07.0810 3712        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

12:19:07.0810 3712        IPMIDRV - ok

12:19:07.0904 3712        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

12:19:07.0904 3712        IPNAT - ok

12:19:07.0935 3712        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

12:19:07.0935 3712        IRENUM - ok

12:19:08.0044 3712        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

12:19:08.0044 3712        isapnp - ok

12:19:08.0075 3712        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

12:19:08.0075 3712        iScsiPrt - ok

12:19:08.0185 3712        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

12:19:08.0185 3712        kbdclass - ok

12:19:08.0216 3712        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

12:19:08.0216 3712        kbdhid - ok

12:19:08.0325 3712        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

12:19:08.0325 3712        KSecDD - ok

12:19:08.0341 3712        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

12:19:08.0356 3712        KSecPkg - ok

12:19:08.0465 3712        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

12:19:08.0465 3712        lltdio - ok

12:19:08.0512 3712        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

12:19:08.0512 3712        LSI_FC - ok

12:19:08.0606 3712        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

12:19:08.0621 3712        LSI_SAS - ok

12:19:08.0668 3712        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

12:19:08.0668 3712        LSI_SAS2 - ok

12:19:08.0731 3712        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

12:19:08.0746 3712        LSI_SCSI - ok

12:19:08.0762 3712        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

12:19:08.0762 3712        luafv - ok

12:19:08.0824 3712        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys

12:19:08.0824 3712        MBAMProtector - ok

12:19:08.0949 3712        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

12:19:08.0949 3712        megasas - ok

12:19:09.0011 3712        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

12:19:09.0011 3712        MegaSR - ok

12:19:09.0089 3712        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

12:19:09.0089 3712        Modem - ok

12:19:09.0152 3712        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

12:19:09.0152 3712        monitor - ok

12:19:09.0214 3712        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

12:19:09.0214 3712        mouclass - ok

12:19:09.0292 3712        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

12:19:09.0292 3712        mouhid - ok

12:19:09.0386 3712        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

12:19:09.0386 3712        mountmgr - ok

12:19:09.0433 3712        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

12:19:09.0433 3712        mpio - ok

12:19:09.0464 3712        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

12:19:09.0464 3712        mpsdrv - ok

12:19:09.0573 3712        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

12:19:09.0573 3712        MRxDAV - ok

12:19:09.0620 3712        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

12:19:09.0620 3712        mrxsmb - ok

12:19:09.0698 3712        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

12:19:09.0713 3712        mrxsmb10 - ok

12:19:09.0776 3712        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

12:19:09.0776 3712        mrxsmb20 - ok

12:19:09.0838 3712        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

12:19:09.0838 3712        msahci - ok

12:19:09.0885 3712        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

12:19:09.0885 3712        msdsm - ok

12:19:09.0963 3712        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

12:19:09.0963 3712        Msfs - ok

12:19:09.0994 3712        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

12:19:09.0994 3712        mshidkmdf - ok

12:19:10.0010 3712        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

12:19:10.0025 3712        msisadrv - ok

12:19:10.0103 3712        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

12:19:10.0103 3712        MSKSSRV - ok

12:19:10.0150 3712        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

12:19:10.0150 3712        MSPCLOCK - ok

12:19:10.0228 3712        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

12:19:10.0228 3712        MSPQM - ok

12:19:10.0259 3712        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

12:19:10.0275 3712        MsRPC - ok

12:19:10.0306 3712        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

12:19:10.0306 3712        mssmbios - ok

12:19:10.0384 3712        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

12:19:10.0384 3712        MSTEE - ok

12:19:10.0415 3712        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

12:19:10.0415 3712        MTConfig - ok

12:19:10.0431 3712        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

12:19:10.0431 3712        Mup - ok

12:19:10.0525 3712        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

12:19:10.0525 3712        NativeWifiP - ok

12:19:10.0634 3712        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

12:19:10.0634 3712        NDIS - ok

12:19:10.0743 3712        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

12:19:10.0743 3712        NdisCap - ok

12:19:10.0852 3712        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

12:19:10.0852 3712        NdisTapi - ok

12:19:10.0977 3712        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

12:19:10.0977 3712        Ndisuio - ok

12:19:11.0039 3712        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

12:19:11.0039 3712        NdisWan - ok

12:19:11.0149 3712        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

12:19:11.0149 3712        NDProxy - ok

12:19:11.0195 3712        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

12:19:11.0195 3712        NetBIOS - ok

12:19:11.0320 3712        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

12:19:11.0320 3712        NetBT - ok

12:19:11.0429 3712        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

12:19:11.0429 3712        nfrd960 - ok

12:19:11.0461 3712        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

12:19:11.0461 3712        Npfs - ok

12:19:11.0570 3712        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

12:19:11.0570 3712        nsiproxy - ok

12:19:11.0632 3712        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

12:19:11.0663 3712        Ntfs - ok

12:19:11.0741 3712        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

12:19:11.0741 3712        Null - ok

12:19:11.0835 3712        NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys

12:19:11.0835 3712        NVHDA - ok

12:19:12.0147 3712        nvlddmkm        (006aa27afb7079787d5fd2b4b691c4f6) C:\windows\system32\DRIVERS\nvlddmkm.sys

12:19:12.0412 3712        nvlddmkm - ok

12:19:12.0537 3712        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

12:19:12.0537 3712        nvraid - ok

12:19:12.0553 3712        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

12:19:12.0553 3712        nvstor - ok

12:19:12.0677 3712        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

12:19:12.0677 3712        nv_agp - ok

12:19:12.0709 3712        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

12:19:12.0709 3712        ohci1394 - ok

12:19:12.0849 3712        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

12:19:12.0849 3712        Parport - ok

12:19:12.0911 3712        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

12:19:12.0911 3712        partmgr - ok

12:19:13.0005 3712        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

12:19:13.0005 3712        Parvdm - ok

12:19:13.0036 3712        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

12:19:13.0036 3712        pci - ok

12:19:13.0114 3712        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

12:19:13.0130 3712        pciide - ok

12:19:13.0145 3712        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

12:19:13.0145 3712        pcmcia - ok

12:19:13.0239 3712        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

12:19:13.0239 3712        pcw - ok

12:19:13.0270 3712        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

12:19:13.0286 3712        PEAUTH - ok

12:19:13.0426 3712        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

12:19:13.0426 3712        PptpMiniport - ok

12:19:13.0442 3712        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

12:19:13.0442 3712        Processor - ok

12:19:13.0551 3712        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

12:19:13.0551 3712        Psched - ok

12:19:13.0613 3712        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

12:19:13.0629 3712        ql2300 - ok

12:19:13.0723 3712        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

12:19:13.0738 3712        ql40xx - ok

12:19:13.0754 3712        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

12:19:13.0754 3712        QWAVEdrv - ok

12:19:13.0785 3712        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

12:19:13.0785 3712        RasAcd - ok

12:19:13.0863 3712        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

12:19:13.0863 3712        RasAgileVpn - ok

12:19:13.0910 3712        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

12:19:13.0910 3712        Rasl2tp - ok

12:19:14.0003 3712        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

12:19:14.0003 3712        RasPppoe - ok

12:19:14.0035 3712        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

12:19:14.0035 3712        RasSstp - ok

12:19:14.0081 3712        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

12:19:14.0081 3712        rdbss - ok

12:19:14.0159 3712        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

12:19:14.0159 3712        rdpbus - ok

12:19:14.0206 3712        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

12:19:14.0206 3712        RDPCDD - ok

12:19:14.0300 3712        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

12:19:14.0300 3712        RDPENCDD - ok

12:19:14.0331 3712        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

12:19:14.0331 3712        RDPREFMP - ok

12:19:14.0393 3712        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

12:19:14.0393 3712        RDPWD - ok

12:19:14.0518 3712        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

12:19:14.0518 3712        rdyboost - ok

12:19:14.0581 3712        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

12:19:14.0581 3712        RFCOMM - ok

12:19:14.0705 3712        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

12:19:14.0705 3712        rspndr - ok

12:19:14.0737 3712        RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

12:19:14.0737 3712        RTL8167 - ok

12:19:14.0861 3712        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

12:19:14.0861 3712        SABI - ok

12:19:14.0893 3712        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

12:19:14.0893 3712        sbp2port - ok

12:19:15.0002 3712        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

12:19:15.0002 3712        scfilter - ok

12:19:15.0127 3712        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

12:19:15.0127 3712        secdrv - ok

12:19:15.0251 3712        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

12:19:15.0251 3712        Serenum - ok

12:19:15.0267 3712        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

12:19:15.0283 3712        Serial - ok

12:19:15.0376 3712        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

12:19:15.0376 3712        sermouse - ok

12:19:15.0407 3712        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

12:19:15.0407 3712        sffdisk - ok

12:19:15.0423 3712        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

12:19:15.0423 3712        sffp_mmc - ok

12:19:15.0454 3712        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

12:19:15.0454 3712        sffp_sd - ok

12:19:15.0563 3712        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

12:19:15.0563 3712        sfloppy - ok

12:19:15.0595 3712        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

12:19:15.0610 3712        sisagp - ok

12:19:15.0704 3712        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

12:19:15.0704 3712        SiSRaid2 - ok

12:19:15.0719 3712        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

12:19:15.0719 3712        SiSRaid4 - ok

12:19:15.0766 3712        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

12:19:15.0766 3712        Smb - ok

12:19:15.0860 3712        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

12:19:15.0860 3712        spldr - ok

12:19:15.0938 3712        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

12:19:15.0938 3712        srv - ok

12:19:16.0000 3712        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

12:19:16.0016 3712        srv2 - ok

12:19:16.0078 3712        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

12:19:16.0078 3712        srvnet - ok

12:19:16.0172 3712        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

12:19:16.0172 3712        ssmdrv - ok

12:19:16.0234 3712        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

12:19:16.0234 3712        stexstor - ok

12:19:16.0343 3712        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

12:19:16.0343 3712        swenum - ok

12:19:16.0468 3712        SynTP           (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys

12:19:16.0484 3712        SynTP - ok

12:19:16.0624 3712        tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\windows\system32\drivers\tbhsd.sys

12:19:16.0624 3712        tbhsd - ok

12:19:16.0687 3712        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

12:19:16.0718 3712        Tcpip - ok

12:19:16.0827 3712        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

12:19:16.0843 3712        TCPIP6 - ok

12:19:16.0983 3712        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

12:19:16.0983 3712        tcpipreg - ok

12:19:17.0045 3712        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

12:19:17.0045 3712        TDPIPE - ok

12:19:17.0155 3712        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

12:19:17.0155 3712        TDTCP - ok

12:19:17.0217 3712        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

12:19:17.0217 3712        tdx - ok

12:19:17.0311 3712        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

12:19:17.0311 3712        TermDD - ok

12:19:17.0467 3712        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

12:19:17.0467 3712        tssecsrv - ok

12:19:17.0591 3712        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

12:19:17.0591 3712        TsUsbFlt - ok

12:19:17.0669 3712        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

12:19:17.0669 3712        tunnel - ok

12:19:17.0747 3712        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

12:19:17.0747 3712        uagp35 - ok

12:19:17.0810 3712        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

12:19:17.0810 3712        udfs - ok

12:19:17.0919 3712        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

12:19:17.0919 3712        uliagpkx - ok

12:19:17.0966 3712        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

12:19:17.0981 3712        umbus - ok

12:19:18.0044 3712        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

12:19:18.0044 3712        UmPass - ok

12:19:18.0106 3712        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

12:19:18.0106 3712        usbccgp - ok

12:19:18.0184 3712        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

12:19:18.0184 3712        usbcir - ok

12:19:18.0231 3712        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

12:19:18.0231 3712        usbehci - ok

12:19:18.0325 3712        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

12:19:18.0340 3712        usbhub - ok

12:19:18.0403 3712        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

12:19:18.0403 3712        usbohci - ok

12:19:18.0481 3712        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

12:19:18.0481 3712        usbprint - ok

12:19:18.0527 3712        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

12:19:18.0543 3712        usbscan - ok

12:19:18.0605 3712        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:19:18.0621 3712        USBSTOR - ok

12:19:18.0652 3712        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

12:19:18.0652 3712        usbuhci - ok

12:19:18.0730 3712        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

12:19:18.0730 3712        usbvideo - ok

12:19:18.0793 3712        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys

12:19:18.0793 3712        usb_rndisx - ok

12:19:18.0871 3712        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

12:19:18.0871 3712        vdrvroot - ok

12:19:18.0933 3712        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

12:19:18.0933 3712        vga - ok

12:19:18.0995 3712        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

12:19:18.0995 3712        VgaSave - ok

12:19:19.0042 3712        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

12:19:19.0042 3712        vhdmp - ok

12:19:19.0120 3712        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

12:19:19.0136 3712        viaagp - ok

12:19:19.0183 3712        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

12:19:19.0183 3712        ViaC7 - ok

12:19:19.0245 3712        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

12:19:19.0245 3712        viaide - ok

12:19:19.0292 3712        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

12:19:19.0307 3712        volmgr - ok

12:19:19.0370 3712        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

12:19:19.0370 3712        volmgrx - ok

12:19:19.0432 3712        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

12:19:19.0432 3712        volsnap - ok

12:19:19.0510 3712        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

12:19:19.0510 3712        vsmraid - ok

12:19:19.0557 3712        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

12:19:19.0557 3712        vwifibus - ok

12:19:19.0619 3712        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

12:19:19.0635 3712        vwififlt - ok

12:19:19.0744 3712        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

12:19:19.0744 3712        WacomPen - ok

12:19:19.0838 3712        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

12:19:19.0853 3712        WANARP - ok

12:19:19.0853 3712        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

12:19:19.0853 3712        Wanarpv6 - ok

12:19:19.0978 3712        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

12:19:19.0978 3712        Wd - ok

12:19:20.0009 3712        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

12:19:20.0009 3712        Wdf01000 - ok

12:19:20.0134 3712        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

12:19:20.0150 3712        WfpLwf - ok

12:19:20.0165 3712        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

12:19:20.0165 3712        WIMMount - ok

12:19:20.0321 3712        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

12:19:20.0321 3712        WinUsb - ok

12:19:20.0353 3712        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

12:19:20.0353 3712        WmiAcpi - ok

12:19:20.0431 3712        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

12:19:20.0431 3712        ws2ifsl - ok

12:19:20.0509 3712        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

12:19:20.0509 3712        WudfPf - ok

12:19:20.0555 3712        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

12:19:20.0571 3712        WUDFRd - ok

12:19:20.0665 3712        yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys

12:19:20.0665 3712        yukonw7 - ok

12:19:20.0774 3712        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

12:19:21.0429 3712        \Device\Harddisk0\DR0 - ok

12:19:21.0429 3712        Boot (0x1200)   (21ca5d1e9d7b400a90e47c6eb81dade8) \Device\Harddisk0\DR0\Partition0

12:19:21.0445 3712        \Device\Harddisk0\DR0\Partition0 - ok

12:19:21.0445 3712        Boot (0x1200)   (bc19836cb0898fba2148318ec0e91a5f) \Device\Harddisk0\DR0\Partition1

12:19:21.0445 3712        \Device\Harddisk0\DR0\Partition1 - ok

12:19:21.0476 3712        Boot (0x1200)   (3c8a9eeb3e2c6325903218d7528bb664) \Device\Harddisk0\DR0\Partition2

12:19:21.0476 3712        \Device\Harddisk0\DR0\Partition2 - ok

12:19:21.0476 3712        ============================================================

12:19:21.0476 3712        Scan finished

12:19:21.0476 3712        ============================================================

12:19:21.0491 3644        Detected object count: 0

12:19:21.0491 3644        Actual detected object count: 0

12:21:07.0213 3936        ============================================================

12:21:07.0213 3936        Scan started

12:21:07.0213 3936        Mode: Manual; SigCheck; TDLFS; 

12:21:07.0213 3936        ============================================================

12:21:07.0478 3936        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

12:21:07.0618 3936        1394ohci - ok

12:21:07.0728 3936        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

12:21:07.0759 3936        ACPI - ok

12:21:07.0774 3936        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

12:21:07.0852 3936        AcpiPmi - ok

12:21:07.0977 3936        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

12:21:08.0008 3936        adp94xx - ok

12:21:08.0102 3936        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

12:21:08.0133 3936        adpahci - ok

12:21:08.0164 3936        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

12:21:08.0196 3936        adpu320 - ok

12:21:08.0289 3936        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

12:21:08.0352 3936        AFD - ok

12:21:08.0445 3936        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

12:21:08.0461 3936        agp440 - ok

12:21:08.0508 3936        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

12:21:08.0523 3936        aic78xx - ok

12:21:08.0617 3936        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

12:21:08.0632 3936        aliide - ok

12:21:08.0664 3936        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

12:21:08.0679 3936        amdagp - ok

12:21:08.0773 3936        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

12:21:08.0788 3936        amdide - ok

12:21:08.0820 3936        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

12:21:08.0898 3936        AmdK8 - ok

12:21:08.0991 3936        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

12:21:09.0038 3936        AmdPPM - ok

12:21:09.0147 3936        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

12:21:09.0163 3936        amdsata - ok

12:21:09.0194 3936        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

12:21:09.0210 3936        amdsbs - ok

12:21:09.0303 3936        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

12:21:09.0334 3936        amdxata - ok

12:21:09.0397 3936        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

12:21:09.0522 3936        AppID - ok

12:21:09.0631 3936        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

12:21:09.0662 3936        arc - ok

12:21:09.0678 3936        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

12:21:09.0709 3936        arcsas - ok

12:21:09.0724 3936        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

12:21:09.0849 3936        AsyncMac - ok

12:21:09.0943 3936        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

12:21:09.0974 3936        atapi - ok

12:21:10.0036 3936        athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys

12:21:10.0114 3936        athr - ok

12:21:10.0224 3936        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

12:21:10.0270 3936        avgntflt - ok

12:21:10.0302 3936        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

12:21:10.0317 3936        avipbb - ok

12:21:10.0364 3936        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

12:21:10.0426 3936        b06bdrv - ok

12:21:10.0520 3936        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

12:21:10.0567 3936        b57nd60x - ok

12:21:10.0598 3936        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

12:21:10.0676 3936        Beep - ok

12:21:10.0770 3936        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

12:21:10.0801 3936        blbdrive - ok

12:21:10.0848 3936        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

12:21:10.0894 3936        bowser - ok

12:21:10.0988 3936        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

12:21:11.0050 3936        BrFiltLo - ok

12:21:11.0160 3936        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

12:21:11.0222 3936        BrFiltUp - ok

12:21:11.0331 3936        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

12:21:11.0394 3936        Brserid - ok

12:21:11.0472 3936        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

12:21:11.0518 3936        BrSerWdm - ok

12:21:11.0534 3936        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

12:21:11.0581 3936        BrUsbMdm - ok

12:21:11.0674 3936        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

12:21:11.0721 3936        BrUsbSer - ok

12:21:11.0752 3936        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

12:21:11.0815 3936        BthEnum - ok

12:21:11.0908 3936        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

12:21:11.0955 3936        BTHMODEM - ok

12:21:11.0986 3936        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

12:21:12.0033 3936        BthPan - ok

12:21:12.0127 3936        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

12:21:12.0189 3936        BTHPORT - ok

12:21:12.0283 3936        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

12:21:12.0314 3936        BTHUSB - ok

12:21:12.0408 3936        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

12:21:12.0470 3936        cdfs - ok

12:21:12.0501 3936        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

12:21:12.0548 3936        cdrom - ok

12:21:12.0626 3936        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

12:21:12.0673 3936        circlass - ok

12:21:12.0720 3936        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

12:21:12.0751 3936        CLFS - ok

12:21:12.0829 3936        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

12:21:12.0860 3936        CmBatt - ok

12:21:12.0891 3936        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

12:21:12.0907 3936        cmdide - ok

12:21:13.0000 3936        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

12:21:13.0047 3936        CNG - ok

12:21:13.0125 3936        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

12:21:13.0156 3936        Compbatt - ok

12:21:13.0188 3936        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

12:21:13.0234 3936        CompositeBus - ok

12:21:13.0312 3936        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

12:21:13.0328 3936        crcdisk - ok

12:21:13.0406 3936        CryptOSD        (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys

12:21:13.0453 3936        CryptOSD - ok

12:21:13.0531 3936        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

12:21:13.0609 3936        DfsC - ok

12:21:13.0671 3936        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

12:21:13.0749 3936        discache - ok

12:21:13.0780 3936        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

12:21:13.0812 3936        Disk - ok

12:21:13.0874 3936        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

12:21:13.0921 3936        drmkaud - ok

12:21:13.0999 3936        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

12:21:14.0046 3936        DXGKrnl - ok

12:21:14.0186 3936        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

12:21:14.0373 3936        ebdrv - ok

12:21:14.0482 3936        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

12:21:14.0514 3936        elxstor - ok

12:21:14.0607 3936        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

12:21:14.0638 3936        ErrDev - ok

12:21:14.0685 3936        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

12:21:14.0763 3936        exfat - ok

12:21:14.0841 3936        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

12:21:14.0904 3936        fastfat - ok

12:21:14.0950 3936        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

12:21:14.0982 3936        fdc - ok

12:21:15.0061 3936        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

12:21:15.0076 3936        FileInfo - ok

12:21:15.0123 3936        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

12:21:15.0201 3936        Filetrace - ok

12:21:15.0217 3936        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

12:21:15.0248 3936        flpydisk - ok

12:21:15.0326 3936        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

12:21:15.0341 3936        FltMgr - ok

12:21:15.0373 3936        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

12:21:15.0404 3936        FsDepends - ok

12:21:15.0435 3936        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

12:21:15.0451 3936        fssfltr - ok

12:21:15.0513 3936        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

12:21:15.0544 3936        Fs_Rec - ok

12:21:15.0591 3936        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

12:21:15.0622 3936        fvevol - ok

12:21:15.0638 3936        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

12:21:15.0669 3936        gagp30kx - ok

12:21:15.0747 3936        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:21:15.0763 3936        GEARAspiWDM - ok

12:21:15.0809 3936        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

12:21:15.0841 3936        hcw85cir - ok

12:21:15.0919 3936        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

12:21:15.0965 3936        HdAudAddService - ok

12:21:16.0012 3936        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

12:21:16.0044 3936        HDAudBus - ok

12:21:16.0122 3936        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

12:21:16.0154 3936        HidBatt - ok

12:21:16.0185 3936        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

12:21:16.0232 3936        HidBth - ok

12:21:16.0294 3936        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

12:21:16.0341 3936        HidIr - ok

12:21:16.0372 3936        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

12:21:16.0419 3936        HidUsb - ok

12:21:16.0512 3936        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

12:21:16.0528 3936        HpSAMD - ok

12:21:16.0590 3936        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

12:21:16.0684 3936        HTTP - ok

12:21:16.0793 3936        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

12:21:16.0809 3936        hwpolicy - ok

12:21:16.0840 3936        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

12:21:16.0887 3936        i8042prt - ok

12:21:16.0980 3936        iaStor          (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys

12:21:17.0012 3936        iaStor - ok

12:21:17.0106 3936        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

12:21:17.0153 3936        iaStorV - ok

12:21:17.0309 3936        igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys

12:21:17.0449 3936        igfx - ok

12:21:17.0559 3936        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

12:21:17.0574 3936        iirsp - ok

12:21:17.0621 3936        Impcd           (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys

12:21:17.0668 3936        Impcd - ok

12:21:17.0839 3936        IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys

12:21:17.0980 3936        IntcAzAudAddService - ok

12:21:18.0120 3936        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

12:21:18.0136 3936        intelide - ok

12:21:18.0167 3936        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

12:21:18.0198 3936        intelppm - ok

12:21:18.0292 3936        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:21:18.0370 3936        IpFilterDriver - ok

12:21:18.0417 3936        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

12:21:18.0448 3936        IPMIDRV - ok

12:21:18.0541 3936        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

12:21:18.0604 3936        IPNAT - ok

12:21:18.0619 3936        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

12:21:18.0666 3936        IRENUM - ok

12:21:18.0775 3936        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

12:21:18.0791 3936        isapnp - ok

12:21:18.0822 3936        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

12:21:18.0869 3936        iScsiPrt - ok

12:21:18.0947 3936        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

12:21:18.0963 3936        kbdclass - ok

12:21:18.0994 3936        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

12:21:19.0025 3936        kbdhid - ok

12:21:19.0134 3936        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

12:21:19.0150 3936        KSecDD - ok

12:21:19.0165 3936        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

12:21:19.0197 3936        KSecPkg - ok

12:21:19.0290 3936        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

12:21:19.0368 3936        lltdio - ok

12:21:19.0462 3936        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

12:21:19.0477 3936        LSI_FC - ok

12:21:19.0509 3936        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

12:21:19.0524 3936        LSI_SAS - ok

12:21:19.0540 3936        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

12:21:19.0555 3936        LSI_SAS2 - ok

12:21:19.0649 3936        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

12:21:19.0665 3936        LSI_SCSI - ok

12:21:19.0696 3936        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

12:21:19.0758 3936        luafv - ok

12:21:19.0867 3936        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys

12:21:19.0883 3936        MBAMProtector - ok

12:21:19.0914 3936        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

12:21:19.0945 3936        megasas - ok

12:21:20.0039 3936        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

12:21:20.0055 3936        MegaSR - ok

12:21:20.0086 3936        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

12:21:20.0164 3936        Modem - ok

12:21:20.0257 3936        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

12:21:20.0304 3936        monitor - ok

12:21:20.0320 3936        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

12:21:20.0351 3936        mouclass - ok

12:21:20.0429 3936        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

12:21:20.0460 3936        mouhid - ok

12:21:20.0491 3936        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

12:21:20.0523 3936        mountmgr - ok

12:21:20.0554 3936        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

12:21:20.0585 3936        mpio - ok

12:21:20.0663 3936        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

12:21:20.0757 3936        mpsdrv - ok

12:21:20.0850 3936        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

12:21:20.0897 3936        MRxDAV - ok

12:21:20.0991 3936        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

12:21:21.0037 3936        mrxsmb - ok

12:21:21.0147 3936        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

12:21:21.0178 3936        mrxsmb10 - ok

12:21:21.0271 3936        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

12:21:21.0318 3936        mrxsmb20 - ok

12:21:21.0396 3936        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

12:21:21.0412 3936        msahci - ok

12:21:21.0443 3936        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

12:21:21.0474 3936        msdsm - ok

12:21:21.0568 3936        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

12:21:21.0646 3936        Msfs - ok

12:21:21.0677 3936        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

12:21:21.0739 3936        mshidkmdf - ok

12:21:21.0833 3936        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

12:21:21.0849 3936        msisadrv - ok

12:21:21.0880 3936        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

12:21:21.0958 3936        MSKSSRV - ok

12:21:22.0036 3936        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

12:21:22.0114 3936        MSPCLOCK - ok

12:21:22.0207 3936        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

12:21:22.0270 3936        MSPQM - ok

12:21:22.0301 3936        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

12:21:22.0332 3936        MsRPC - ok

12:21:22.0426 3936        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

12:21:22.0441 3936        mssmbios - ok

12:21:22.0488 3936        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

12:21:22.0551 3936        MSTEE - ok

12:21:22.0644 3936        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

12:21:22.0675 3936        MTConfig - ok

12:21:22.0769 3936        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

12:21:22.0785 3936        Mup - ok

12:21:22.0816 3936        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

12:21:22.0863 3936        NativeWifiP - ok

12:21:22.0909 3936        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

12:21:22.0956 3936        NDIS - ok

12:21:23.0050 3936        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

12:21:23.0128 3936        NdisCap - ok

12:21:23.0237 3936        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

12:21:23.0299 3936        NdisTapi - ok

12:21:23.0393 3936        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

12:21:23.0471 3936        Ndisuio - ok

12:21:23.0502 3936        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

12:21:23.0565 3936        NdisWan - ok

12:21:23.0689 3936        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

12:21:23.0767 3936        NDProxy - ok

12:21:23.0783 3936        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

12:21:23.0861 3936        NetBIOS - ok

12:21:23.0970 3936        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

12:21:24.0048 3936        NetBT - ok

12:21:24.0095 3936        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

12:21:24.0111 3936        nfrd960 - ok

12:21:24.0205 3936        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

12:21:24.0299 3936        Npfs - ok

12:21:24.0314 3936        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

12:21:24.0392 3936        nsiproxy - ok

12:21:24.0502 3936        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

12:21:24.0580 3936        Ntfs - ok

12:21:24.0658 3936        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

12:21:24.0736 3936        Null - ok

12:21:24.0782 3936        NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys

12:21:24.0798 3936        NVHDA - ok

12:21:25.0141 3936        nvlddmkm        (006aa27afb7079787d5fd2b4b691c4f6) C:\windows\system32\DRIVERS\nvlddmkm.sys

12:21:25.0516 3936        nvlddmkm - ok

12:21:25.0625 3936        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

12:21:25.0640 3936        nvraid - ok

12:21:25.0672 3936        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

12:21:25.0703 3936        nvstor - ok

12:21:25.0796 3936        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

12:21:25.0812 3936        nv_agp - ok

12:21:25.0859 3936        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

12:21:25.0890 3936        ohci1394 - ok

12:21:25.0999 3936        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

12:21:26.0030 3936        Parport - ok

12:21:26.0140 3936        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

12:21:26.0155 3936        partmgr - ok

12:21:26.0171 3936        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

12:21:26.0218 3936        Parvdm - ok

12:21:26.0311 3936        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

12:21:26.0342 3936        pci - ok

12:21:26.0358 3936        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

12:21:26.0374 3936        pciide - ok

12:21:26.0405 3936        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

12:21:26.0436 3936        pcmcia - ok

12:21:26.0514 3936        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

12:21:26.0545 3936        pcw - ok

12:21:26.0576 3936        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

12:21:26.0670 3936        PEAUTH - ok

12:21:26.0810 3936        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

12:21:26.0888 3936        PptpMiniport - ok

12:21:26.0966 3936        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

12:21:27.0013 3936        Processor - ok

12:21:27.0044 3936        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

12:21:27.0122 3936        Psched - ok

12:21:27.0247 3936        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

12:21:27.0325 3936        ql2300 - ok

12:21:27.0419 3936        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

12:21:27.0450 3936        ql40xx - ok

12:21:27.0466 3936        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

12:21:27.0512 3936        QWAVEdrv - ok

12:21:27.0606 3936        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

12:21:27.0684 3936        RasAcd - ok

12:21:27.0700 3936        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

12:21:27.0762 3936        RasAgileVpn - ok

12:21:27.0871 3936        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

12:21:27.0949 3936        Rasl2tp - ok

12:21:28.0027 3936        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

12:21:28.0105 3936        RasPppoe - ok

12:21:28.0121 3936        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

12:21:28.0199 3936        RasSstp - ok

12:21:28.0292 3936        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

12:21:28.0370 3936        rdbss - ok

12:21:28.0402 3936        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

12:21:28.0448 3936        rdpbus - ok

12:21:28.0526 3936        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

12:21:28.0604 3936        RDPCDD - ok

12:21:28.0651 3936        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

12:21:28.0714 3936        RDPENCDD - ok

12:21:28.0807 3936        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

12:21:28.0885 3936        RDPREFMP - ok

12:21:28.0979 3936        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

12:21:29.0041 3936        RDPWD - ok

12:21:29.0150 3936        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

12:21:29.0182 3936        rdyboost - ok

12:21:29.0228 3936        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

12:21:29.0260 3936        RFCOMM - ok

12:21:29.0369 3936        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

12:21:29.0462 3936        rspndr - ok

12:21:29.0478 3936        RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

12:21:29.0525 3936        RTL8167 - ok

12:21:29.0618 3936        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

12:21:29.0665 3936        SABI - ok

12:21:29.0743 3936        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

12:21:29.0774 3936        sbp2port - ok

12:21:29.0821 3936        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

12:21:29.0884 3936        scfilter - ok

12:21:29.0993 3936        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

12:21:30.0071 3936        secdrv - ok

12:21:30.0164 3936        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

12:21:30.0180 3936        Serenum - ok

12:21:30.0212 3936        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

12:21:30.0243 3936        Serial - ok

12:21:30.0337 3936        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

12:21:30.0368 3936        sermouse - ok

12:21:30.0399 3936        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

12:21:30.0446 3936        sffdisk - ok

12:21:30.0524 3936        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

12:21:30.0555 3936        sffp_mmc - ok

12:21:30.0587 3936        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

12:21:30.0633 3936        sffp_sd - ok

12:21:30.0727 3936        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

12:21:30.0758 3936        sfloppy - ok

12:21:30.0867 3936        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

12:21:30.0883 3936        sisagp - ok

12:21:30.0914 3936        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

12:21:30.0930 3936        SiSRaid2 - ok

12:21:31.0023 3936        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

12:21:31.0039 3936        SiSRaid4 - ok

12:21:31.0070 3936        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

12:21:31.0133 3936        Smb - ok

12:21:31.0242 3936        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

12:21:31.0273 3936        spldr - ok

12:21:31.0320 3936        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

12:21:31.0367 3936        srv - ok

12:21:31.0460 3936        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

12:21:31.0507 3936        srv2 - ok

12:21:31.0523 3936        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

12:21:31.0554 3936        srvnet - ok

12:21:31.0647 3936        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

12:21:31.0663 3936        ssmdrv - ok

12:21:31.0694 3936        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

12:21:31.0725 3936        stexstor - ok

12:21:31.0819 3936        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

12:21:31.0835 3936        swenum - ok

12:21:31.0881 3936        SynTP           (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys

12:21:31.0913 3936        SynTP - ok

12:21:32.0022 3936        tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\windows\system32\drivers\tbhsd.sys

12:21:32.0037 3936        tbhsd - ok

12:21:32.0100 3936        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

12:21:32.0178 3936        Tcpip - ok

12:21:32.0287 3936        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

12:21:32.0365 3936        TCPIP6 - ok

12:21:32.0474 3936        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

12:21:32.0537 3936        tcpipreg - ok

12:21:32.0599 3936        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

12:21:32.0677 3936        TDPIPE - ok

12:21:32.0739 3936        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

12:21:32.0817 3936        TDTCP - ok

12:21:32.0880 3936        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

12:21:32.0942 3936        tdx - ok

12:21:33.0020 3936        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

12:21:33.0036 3936        TermDD - ok

12:21:33.0129 3936        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

12:21:33.0192 3936        tssecsrv - ok

12:21:33.0270 3936        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

12:21:33.0301 3936        TsUsbFlt - ok

12:21:33.0363 3936        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

12:21:33.0441 3936        tunnel - ok

12:21:33.0504 3936        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

12:21:33.0535 3936        uagp35 - ok

12:21:33.0597 3936        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

12:21:33.0675 3936        udfs - ok

12:21:33.0753 3936        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

12:21:33.0769 3936        uliagpkx - ok

12:21:33.0816 3936        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

12:21:33.0863 3936        umbus - ok

12:21:33.0925 3936        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

12:21:33.0972 3936        UmPass - ok

12:21:34.0019 3936        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

12:21:34.0081 3936        usbccgp - ok

12:21:34.0143 3936        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

12:21:34.0175 3936        usbcir - ok

12:21:34.0221 3936        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

12:21:34.0268 3936        usbehci - ok

12:21:34.0346 3936        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

12:21:34.0393 3936        usbhub - ok

12:21:34.0471 3936        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

12:21:34.0518 3936        usbohci - ok

12:21:34.0611 3936        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

12:21:34.0658 3936        usbprint - ok

12:21:34.0752 3936        usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

12:21:34.0783 3936        usbscan - ok

12:21:34.0830 3936        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:21:34.0877 3936        USBSTOR - ok

12:21:34.0970 3936        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

12:21:35.0001 3936        usbuhci - ok

12:21:35.0033 3936        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

12:21:35.0079 3936        usbvideo - ok

12:21:35.0173 3936        usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys

12:21:35.0189 3936        usb_rndisx - ok

12:21:35.0220 3936        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

12:21:35.0251 3936        vdrvroot - ok

12:21:35.0282 3936        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

12:21:35.0313 3936        vga - ok

12:21:35.0423 3936        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

12:21:35.0501 3936        VgaSave - ok

12:21:35.0563 3936        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

12:21:35.0594 3936        vhdmp - ok

12:21:35.0657 3936        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

12:21:35.0672 3936        viaagp - ok

12:21:35.0735 3936        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

12:21:35.0766 3936        ViaC7 - ok

12:21:35.0828 3936        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

12:21:35.0844 3936        viaide - ok

12:21:35.0891 3936        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

12:21:35.0906 3936        volmgr - ok

12:21:35.0953 3936        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

12:21:35.0984 3936        volmgrx - ok

12:21:36.0047 3936        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

12:21:36.0078 3936        volsnap - ok

12:21:36.0109 3936        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

12:21:36.0140 3936        vsmraid - ok

12:21:36.0171 3936        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

12:21:36.0218 3936        vwifibus - ok

12:21:36.0265 3936        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

12:21:36.0327 3936        vwififlt - ok

12:21:36.0390 3936        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

12:21:36.0405 3936        WacomPen - ok

12:21:36.0452 3936        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

12:21:36.0515 3936        WANARP - ok

12:21:36.0530 3936        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

12:21:36.0593 3936        Wanarpv6 - ok

12:21:36.0671 3936        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

12:21:36.0686 3936        Wd - ok

12:21:36.0749 3936        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

12:21:36.0780 3936        Wdf01000 - ok

12:21:36.0873 3936        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

12:21:36.0936 3936        WfpLwf - ok

12:21:36.0983 3936        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

12:21:37.0014 3936        WIMMount - ok

12:21:37.0107 3936        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

12:21:37.0154 3936        WinUsb - ok

12:21:37.0232 3936        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

12:21:37.0263 3936        WmiAcpi - ok

12:21:37.0295 3936        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

12:21:37.0373 3936        ws2ifsl - ok

12:21:37.0466 3936        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

12:21:37.0544 3936        WudfPf - ok

12:21:37.0575 3936        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

12:21:37.0638 3936        WUDFRd - ok

12:21:37.0716 3936        yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys

12:21:37.0778 3936        yukonw7 - ok

12:21:37.0825 3936        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

12:21:38.0324 3936        \Device\Harddisk0\DR0 - ok

12:21:38.0324 3936        Boot (0x1200)   (21ca5d1e9d7b400a90e47c6eb81dade8) \Device\Harddisk0\DR0\Partition0

12:21:38.0324 3936        \Device\Harddisk0\DR0\Partition0 - ok

12:21:38.0340 3936        Boot (0x1200)   (bc19836cb0898fba2148318ec0e91a5f) \Device\Harddisk0\DR0\Partition1

12:21:38.0340 3936        \Device\Harddisk0\DR0\Partition1 - ok

12:21:38.0355 3936        Boot (0x1200)   (3c8a9eeb3e2c6325903218d7528bb664) \Device\Harddisk0\DR0\Partition2

12:21:38.0371 3936        \Device\Harddisk0\DR0\Partition2 - ok

12:21:38.0371 3936        ============================================================

12:21:38.0371 3936        Scan finished

12:21:38.0371 3936        ============================================================

12:21:38.0371 1584        Detected object count: 0

12:21:38.0371 1584        Actual detected object count: 0