Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
failed save system 32, hilfe :(

failed save system 32, hilfe :(


Plagegeister aller Art und deren Bekämpfung: failed save system 32, hilfe :(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 23.01.2012, 22:27   #1
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Hallo,

ich habe Windows 7 und seit ein paar Tagen einen schwarzen Bildschirm und es kommt immer die Fehlermeldung failed save 32 System, außerdem ist ein Fenster System Check offen und ich kann Task Manager nicht aufmachen.

Da ich absolut keine Ahnung von Computern hab, bitte alles verständlich zu erklären :/
Danke im Voraus.

Alt 24.01.2012, 21:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________

__________________
Alt 25.01.2012, 02:31   #3
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e88c0aa566127647a0828df28f328372
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-25 01:22:18
# local_time=2012-01-25 02:22:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 87447 87447 0 0
# compatibility_mode=3588 16777214 85 79 1417697 31342048 0 0
# compatibility_mode=5893 16776573 100 94 34839 79079092 0 0
# compatibility_mode=8192 67108863 100 0 3826 3826 0 0
# scanned=174001
# found=10
# cleaned=0
# scan_time=5296
C:\ProgramData\2Mhk1BXXOm5qGF.exe	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\ProgramData\FpNsnrTURn.exe	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\2Mhk1BXXOm5qGF.exe	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\FpNsnrTURn.exe	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\mary\AppData\Local\Temp\dUqeFs2Mhk1BXX.exe.tmp	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\mary\AppData\Local\Temp\vTMHYQxt79YIph.exe.tmp	a variant of Win32/Kryptik.ZGE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\58ce481b-38bb348a	a variant of Java/TrojanDownloader.Agent.ME trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\816f23d-1efe718a	Java/TrojanDownloader.OpenStream.NCO trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\mary\Downloads\SoftonicDownloader_fuer_firefox.exe	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
${Memory}	multiple threats	00000000000000000000000000000000	I
__________________
Alt 25.01.2012, 11:00   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Du solltest eigentlich erst den Vollscan mit Malwarebytes machen...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2012, 18:06   #5
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.25.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
mary :: MARY-HP [Administrator]

Schutz: Aktiviert

25.01.2012 16:25:33
mbam-log-2012-01-25 (16-25-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 177424
Laufzeit: 5 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\FpNsnrTURn.exe (Rogue.FakeHDD) -> 4068 -> Löschen bei Neustart.
C:\ProgramData\2Mhk1BXXOm5qGF.exe (Rogue.FakeAlert) -> 2220 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FpNsnrTURn.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\FpNsnrTURn.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\ProgramData\FpNsnrTURn.exe (Rogue.FakeHDD) -> Löschen bei Neustart.
C:\ProgramData\2Mhk1BXXOm5qGF.exe (Rogue.FakeAlert) -> Löschen bei Neustart.
C:\Users\mary\AppData\Local\Temp\dUqeFs2Mhk1BXX.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mary\AppData\Local\Temp\vTMHYQxt79YIph.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mary\Downloads\SoftonicDownloader_fuer_firefox.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.25.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
mary :: MARY-HP [Administrator]

Schutz: Aktiviert

25.01.2012 16:39:15
mbam-log-2012-01-25 (16-39-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342543
Laufzeit: 1 Stunde(n), 13 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.25.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
mary :: MARY-HP [Administrator]

Schutz: Aktiviert

25.01.2012 16:39:15
mbam-log-2012-01-25 (16-39-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342543
Laufzeit: 1 Stunde(n), 13 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Code:
ATTFilter
2012/01/25 16:24:52 +0100	MARY-HP	mary	MESSAGE	Starting protection
2012/01/25 16:24:54 +0100	MARY-HP	mary	MESSAGE	Protection started successfully
2012/01/25 16:24:57 +0100	MARY-HP	mary	MESSAGE	Starting IP protection
2012/01/25 16:24:59 +0100	MARY-HP	mary	MESSAGE	IP Protection started successfully
2012/01/25 16:32:06 +0100	MARY-HP	mary	MESSAGE	Executing scheduled update:  Daily
2012/01/25 16:32:07 +0100	MARY-HP	mary	MESSAGE	Database already up-to-date
2012/01/25 16:35:00 +0100	MARY-HP	mary	MESSAGE	Starting protection
2012/01/25 16:35:03 +0100	MARY-HP	mary	MESSAGE	Protection started successfully
2012/01/25 16:35:06 +0100	MARY-HP	mary	MESSAGE	Starting IP protection
2012/01/25 16:35:09 +0100	MARY-HP	mary	MESSAGE	IP Protection started successfully


Alt 25.01.2012, 19:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> failed save system 32, hilfe :(

Alt 25.01.2012, 20:23   #7
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
OTL logfile created on: 21.01.2012 03:57:43 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\mary
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 53,59% Memory free
7,80 Gb Paging File | 5,90 Gb Available in Paging File | 75,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 399,26 Gb Free Space | 89,03% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,77% Space Free | Partition Type: FAT32
 
Computer Name: MARY-HP | User Name: mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.21 03:28:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\mary\OTL.exe
PRC - [2012.01.21 01:11:27 | 000,360,704 | -H-- | M] () -- C:\ProgramData\2Mhk1BXXOm5qGF.exe
PRC - [2012.01.21 01:08:38 | 000,457,984 | -H-- | M] () -- C:\ProgramData\FpNsnrTURn.exe
PRC - [2011.09.10 15:08:17 | 000,347,008 | -H-- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2010.07.13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.07.06 15:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.04.10 00:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010.01.12 21:27:38 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.21 01:11:27 | 000,360,704 | -H-- | M] () -- C:\ProgramData\2Mhk1BXXOm5qGF.exe
MOD - [2012.01.21 01:08:38 | 000,457,984 | -H-- | M] () -- C:\ProgramData\FpNsnrTURn.exe
MOD - [2012.01.11 10:58:39 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\b8ee7bf7d7ac34623238f731b05395a2\System.Web.ni.dll
MOD - [2012.01.11 10:58:31 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll
MOD - [2011.10.15 18:31:18 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll
MOD - [2011.10.14 14:05:46 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.14 14:05:36 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.14 14:05:21 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.14 14:05:13 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.14 14:05:09 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.14 14:05:08 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.14 14:04:57 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010.12.10 04:40:53 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.12.10 04:40:49 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.17 12:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.06.28 13:21:42 | 009,905,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2010.06.28 13:21:42 | 007,793,152 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2010.06.28 13:21:42 | 002,530,304 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
MOD - [2010.06.28 13:21:42 | 002,094,592 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2010.06.28 13:21:42 | 001,116,160 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2010.06.28 13:21:42 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2010.06.28 13:21:42 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2010.06.28 13:21:42 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2010.06.28 13:21:42 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2010.01.22 19:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.01.22 19:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.01.22 19:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.30 10:45:40 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.06.29 19:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010.05.20 21:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010.05.20 21:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010.01.29 05:15:24 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.11.02 21:11:52 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe -- (AESTFilters)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011.03.30 10:45:40 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.05 17:20:54 | 000,119,688 | ---- | M] (SecureW2 B.V.) [Auto | Running] -- C:\Program Files (x86)\SecureW2\sw2_service.exe -- (SW2SVC)
SRV - [2010.07.13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.05.03 21:48:04 | 002,782,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010.01.12 21:27:38 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.05.11 19:40:39 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.07.08 23:45:22 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010.06.29 17:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.05.21 03:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010.05.03 23:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.10 00:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010.03.19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.15 04:45:26 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010.01.29 05:15:24 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.01.25 14:51:02 | 007,842,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.01.22 19:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.11.02 21:12:00 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010.08.13 10:00:00 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS -- (NAVEX15)
DRV - [2010.08.13 10:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010.08.13 10:00:00 | 000,132,656 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.08.13 10:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS -- (NAVENG)
DRV - [2010.08.09 04:11:49 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010.06.27 05:05:05 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys -- (IDSVia64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 67.207.128.249:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/br/ff3_startpage"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:2.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.10 05:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.10 05:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.10 05:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.28 10:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012.01.21 03:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.19 11:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.19 11:18:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.2.0\FF [2011.04.30 03:28:55 | 000,000,000 | ---D | M]
 
[2011.11.24 18:06:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Extensions
[2012.01.20 18:34:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] (WEB.DE Firefox Addon) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\allglassv2@ambroos.neowin.net
[2011.11.24 18:06:49 | 000,001,371 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\amazonde.xml
[2011.11.28 16:12:22 | 000,000,931 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\conduit.xml
[2011.11.25 22:08:17 | 000,001,420 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\preisvergleich.xml
[2011.11.24 18:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.24 18:06:08 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.24 18:06:07 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2011.04.30 03:28:55 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF
[2012.01.21 03:03:57 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3
[2011.09.28 10:28:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011.12.03 17:13:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.03 17:13:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.03 17:13:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.03 17:13:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.03 17:13:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DVDVideoSoftTB = C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.3.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGong Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Fast Search by Surf Canyon) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WEB.DE Update] C:\Program Files (x86)\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKCU..\Run: [FpNsnrTURn.exe] C:\ProgramData\FpNsnrTURn.exe ()
O4 - HKCU..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10B3E137-B082-4A3C-ABFA-FC9E5A59AC25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B05A5FB4-3A2A-43C0-A73B-434729217352}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.21 03:28:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\mary\OTL.exe
[2012.01.21 01:11:34 | 000,000,000 | -H-D | C] -- C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.01.12 12:41:29 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012.01.12 12:41:28 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012.01.12 12:41:28 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012.01.12 12:41:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012.01.12 12:41:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012.01.12 12:41:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012.01.11 17:04:14 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012.01.11 17:04:14 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012.01.11 17:04:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012.01.11 17:04:13 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012.01.11 17:04:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012.01.11 17:04:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012.01.11 17:04:11 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012.01.11 17:04:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012.01.11 17:04:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
 
========== Files - Modified Within 30 Days ==========
 
[2034.07.30 04:02:38 | 001,144,100 | -H-- | M] () -- C:\Users\mary\Desktop\100_2634.JPG
[2012.01.21 03:28:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\mary\OTL.exe
[2012.01.21 03:23:01 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 03:23:01 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.6b
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.6a
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.69
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.68
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.67
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.66
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.65
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.64
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.63
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.62
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.61
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.60
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5v
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5u
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5t
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5s
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5r
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5q
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5p
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5o
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5n
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5m
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5l
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5k
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5j
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5i
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5h
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5g
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5f
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5e
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5d
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5c
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5b
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.5a
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.59
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.58
[2012.01.21 03:04:49 | 000,000,000 | -H-- | M] () -- C:\t2i8.57
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.56
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.55
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.54
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.53
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.52
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.51
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.50
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.4a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.49
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.48
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.47
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.46
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.45
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.44
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.43
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.42
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.41
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.40
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.3a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.39
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.38
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.37
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.36
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.35
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.34
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.33
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.32
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.31
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.30
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.2a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.29
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.28
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.27
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.26
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.25
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.24
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.23
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.22
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.21
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.20
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.1a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.19
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.18
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.17
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.16
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.15
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.14
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.13
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.12
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.11
[2012.01.21 03:04:48 | 000,000,000 | -H-- | M] () -- C:\t2i8.10
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.b
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.a
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.9
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.8
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.7
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.6
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.5
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.4
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.3
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.2
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8.1
[2012.01.21 03:04:47 | 000,000,000 | -H-- | M] () -- C:\t2i8
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.9
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.8
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.7
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.6
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.5
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.4
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.39
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.38
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.37
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.36
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.35
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.34
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.33
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.32
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.31
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.30
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.3
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.29
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.28
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.27
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.26
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.25
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.24
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.23
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.22
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.21
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.20
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.2
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.19
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.18
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.17
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.16
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.15
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.14
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.13
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.12
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.11
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.10
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4.1
[2012.01.21 03:04:27 | 000,000,000 | -H-- | M] () -- C:\tv4
[2012.01.21 03:03:49 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job
[2012.01.21 03:03:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.21 03:03:22 | 4190,388,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.21 02:22:59 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.01.21 02:22:59 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.01.21 02:22:59 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.01.21 02:22:59 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.01.21 02:22:59 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.01.21 01:13:52 | 000,000,440 | -H-- | M] () -- C:\ProgramData\2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,653 | -H-- | M] () -- C:\Users\mary\Desktop\System Check.lnk
[2012.01.21 01:11:35 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~2Mhk1BXXOm5qGFr
[2012.01.21 01:11:27 | 000,360,704 | -H-- | M] () -- C:\ProgramData\2Mhk1BXXOm5qGF.exe
[2012.01.21 01:08:38 | 000,457,984 | -H-- | M] () -- C:\ProgramData\FpNsnrTURn.exe
[2012.01.19 23:02:18 | 000,024,604 | -H-- | M] () -- C:\Users\mary\Desktop\presentation research methodes.odt
[2012.01.19 20:04:07 | 000,021,643 | -H-- | M] () -- C:\Users\mary\Desktop\Unbenannt 1.odt
[2012.01.18 17:58:03 | 000,016,249 | -H-- | M] () -- C:\Users\mary\Desktop\Research_proposal Marianna & Johannes.odt
[2012.01.18 14:36:23 | 455,606,273 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.01.17 22:02:28 | 000,073,337 | -H-- | M] () -- C:\Users\mary\Desktop\Final potato for vld with pages 15 and 16.ods
 
========== Files Created - No Company Name ==========
 
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.6b
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.6a
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.69
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.68
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.67
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.66
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.65
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.64
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.63
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.62
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.61
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.60
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5v
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5u
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5t
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5s
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5r
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5q
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5p
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5o
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5n
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5m
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5l
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5k
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5j
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5i
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5h
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5g
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5f
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5e
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5d
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5c
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5b
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.5a
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.59
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.58
[2012.01.21 03:04:49 | 000,000,000 | -H-- | C] () -- C:\t2i8.57
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.56
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.55
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.54
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.53
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.52
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.51
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.50
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.4a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.49
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.48
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.47
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.46
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.45
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.44
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.43
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.42
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.41
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.40
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.3a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.39
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.38
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.37
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.36
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.35
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.34
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.33
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.32
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.31
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.30
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.2a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.29
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.28
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.27
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.26
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.25
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.24
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.23
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.22
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.21
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.20
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1v
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1u
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1t
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1s
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1r
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1q
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1p
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1o
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1n
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1m
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1l
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1k
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1j
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1i
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1h
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1g
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1f
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1e
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1d
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1c
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1b
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.1a
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.19
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.18
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.17
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.16
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.15
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.14
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.13
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.12
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.11
[2012.01.21 03:04:48 | 000,000,000 | -H-- | C] () -- C:\t2i8.10
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.b
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.a
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.9
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.8
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.7
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.6
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.5
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.4
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.3
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.2
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8.1
[2012.01.21 03:04:47 | 000,000,000 | -H-- | C] () -- C:\t2i8
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.9
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.8
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.7
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.6
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.5
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.4
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.39
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.38
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.37
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.36
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.35
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.34
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.33
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.32
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.31
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.30
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.3
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.29
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.28
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.27
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.26
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.25
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.24
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.23
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.22
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.21
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.20
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.2
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1v
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1u
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1t
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1s
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1r
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1q
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1p
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1o
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1n
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1m
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1l
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1k
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1j
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1i
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1h
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1g
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1f
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1e
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1d
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1c
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1b
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1a
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.19
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.18
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.17
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.16
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.15
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.14
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.13
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.12
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.11
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.10
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4.1
[2012.01.21 03:04:27 | 000,000,000 | -H-- | C] () -- C:\tv4
[2012.01.21 01:11:35 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~2Mhk1BXXOm5qGFr
[2012.01.21 01:11:34 | 000,000,653 | -H-- | C] () -- C:\Users\mary\Desktop\System Check.lnk
[2012.01.21 01:11:32 | 000,000,440 | -H-- | C] () -- C:\ProgramData\2Mhk1BXXOm5qGF
[2012.01.21 01:11:27 | 000,360,704 | -H-- | C] () -- C:\ProgramData\2Mhk1BXXOm5qGF.exe
[2012.01.21 01:08:39 | 000,457,984 | -H-- | C] () -- C:\ProgramData\FpNsnrTURn.exe
[2012.01.18 17:58:01 | 000,016,249 | -H-- | C] () -- C:\Users\mary\Desktop\Research_proposal Marianna & Johannes.odt
[2012.01.18 17:57:48 | 000,024,604 | -H-- | C] () -- C:\Users\mary\Desktop\presentation research methodes.odt
[2012.01.18 14:36:23 | 455,606,273 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.01.17 22:02:23 | 000,073,337 | -H-- | C] () -- C:\Users\mary\Desktop\Final potato for vld with pages 15 and 16.ods
[2012.01.16 20:48:58 | 000,021,643 | -H-- | C] () -- C:\Users\mary\Desktop\Unbenannt 1.odt
[2011.05.15 12:14:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.29 12:10:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\916F6A88B8.sys
[2011.04.29 12:09:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.03.30 10:50:07 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2010.01.25 14:48:56 | 000,982,224 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010.01.25 14:48:56 | 000,439,336 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010.01.25 14:48:56 | 000,092,292 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010.01.25 13:43:18 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010.01.25 13:43:18 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >

Alt 25.01.2012, 20:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Ich weiß zwar nicht was du gemacht hast, es war aber kein CustomScan. Bitte einfach mal die Anleitung lesen und umsetzen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2012, 20:43   #9
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


hallo Arne,

erstmals danke dass du mir hilfst, aber ich bin auf OTL gegangen, hab den Text reinkopiert, minimal Ausgabe gewählt und dann auf quick scan und dass kam dann raus
Alt 25.01.2012, 20:47   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Das Log entspricht aber keinem CustomScan. Wiederhol das
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.01.2012, 21:14   #11
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
OTL logfile created on: 25.01.2012 20:56:28 - Run 8
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\mary\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 58,27% Memory free
7,80 Gb Paging File | 5,98 Gb Available in Paging File | 76,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 399,38 Gb Free Space | 89,05% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,77% Space Free | Partition Type: FAT32
 
Computer Name: MARY-HP | User Name: mary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mary\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\cf95add46bfba066f035bd78f6e21d86\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SW2SVC) -- C:\Program Files (x86)\SecureW2\sw2_service.exe (SecureW2 B.V.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys (Symantec Corporation)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 67.207.128.249:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/br/ff3_startpage"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:2.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.4.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.10 05:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.10 05:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.10 05:07:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.28 10:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2012.01.25 16:34:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.19 11:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.19 11:18:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.2.0\FF [2011.04.30 03:28:55 | 000,000,000 | ---D | M]
 
[2011.11.24 18:06:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Extensions
[2012.01.25 20:34:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] (WEB.DE Firefox Addon) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\allglassv2@ambroos.neowin.net
[2011.11.24 18:06:49 | 000,001,371 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\amazonde.xml
[2011.11.28 16:12:22 | 000,000,931 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\conduit.xml
[2011.11.25 22:08:17 | 000,001,420 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\preisvergleich.xml
[2012.01.25 17:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.25 17:13:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.24 18:06:08 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.24 18:06:07 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2011.04.30 03:28:55 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF
[2012.01.25 16:34:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3
[2011.09.28 10:28:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011.12.03 17:13:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.03 17:13:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.03 17:13:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.03 17:13:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.03 17:13:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = hxxp://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mary\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DVDVideoSoftTB = C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo\2.3.3.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGong Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Fast Search by Surf Canyon) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [WEB.DE Update] C:\Program Files (x86)\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKCU..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10B3E137-B082-4A3C-ABFA-FC9E5A59AC25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B05A5FB4-3A2A-43C0-A73B-434729217352}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {89E0D7E9-61E2-BC66-0FB0-EEFD4BC49DFA} - Microsoft Windows Media Player
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7B7EA601-042D-175F-C5E5-B92FB9FC23A7} - LightScribe Control Panel
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BC5F5D49-F35A-3133-38A0-F24ADD93893F} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECBD7C6B-FB47-8E4B-4427-7946CD6AC45A} - Internet Explorer
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.25 17:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.01.25 17:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.01.25 16:24:05 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Roaming\Malwarebytes
[2012.01.25 16:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.25 16:23:57 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.01.25 16:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.25 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.25 00:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.24 01:42:04 | 000,000,000 | -H-D | C] -- C:\Users\mary\AppData\Roaming\Avira
[2012.01.24 01:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.24 01:36:36 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2012.01.24 01:36:36 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012.01.24 01:36:36 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012.01.24 01:36:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2012.01.24 01:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.01.24 01:32:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012.01.23 22:55:52 | 000,000,000 | ---D | C] -- C:\Users\mary\AppData\Local\ElevatedDiagnostics
[2012.01.21 01:11:34 | 000,000,000 | -H-D | C] -- C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
 
========== Files - Modified Within 30 Days ==========
 
[2034.07.30 04:02:38 | 001,144,100 | -H-- | M] () -- C:\Users\mary\Desktop\100_2634.JPG
[2012.01.25 18:50:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.01.25 16:41:53 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 16:41:53 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.25 16:33:56 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job
[2012.01.25 16:33:41 | 4190,388,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.25 16:23:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.23 22:22:47 | 000,023,971 | -H-- | M] () -- C:\Users\mary\mary.zip
[2012.01.23 20:55:40 | 000,012,341 | -H-- | M] () -- C:\Users\mary\Desktop\OpenDocument Text (neu) (2).odt
[2012.01.23 20:02:04 | 000,000,000 | -H-- | M] () -- C:\Users\mary\defogger_reenable
[2012.01.22 21:57:58 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.01.22 21:57:58 | 000,654,166 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.01.22 21:57:58 | 000,616,008 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.01.22 21:57:58 | 000,130,006 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.01.22 21:57:58 | 000,106,388 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.01.21 18:52:24 | 000,000,638 | -H-- | M] () -- C:\Users\mary\Desktop\mary - Verknüpfung.lnk
[2012.01.21 04:36:24 | 000,029,253 | -H-- | M] () -- C:\Users\mary\extras.odt
[2012.01.21 04:34:26 | 000,007,334 | -H-- | M] () -- C:\Users\mary\Desktop\OpenDocument Text (neu).odt
[2012.01.21 01:13:52 | 000,000,440 | -H-- | M] () -- C:\ProgramData\2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,653 | -H-- | M] () -- C:\Users\mary\Desktop\System Check.lnk
[2012.01.21 01:11:35 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~2Mhk1BXXOm5qGFr
[2012.01.19 23:02:18 | 000,024,604 | -H-- | M] () -- C:\Users\mary\Desktop\presentation research methodes.odt
[2012.01.19 20:04:07 | 000,021,643 | -H-- | M] () -- C:\Users\mary\Desktop\Unbenannt 1.odt
[2012.01.18 17:58:03 | 000,016,249 | -H-- | M] () -- C:\Users\mary\Desktop\Research_proposal Marianna & Johannes.odt
[2012.01.18 14:36:23 | 455,606,273 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012.01.17 22:02:28 | 000,073,337 | -H-- | M] () -- C:\Users\mary\Desktop\Final potato for vld with pages 15 and 16.ods
 
========== Files Created - No Company Name ==========
 
[2012.01.25 16:23:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.23 22:22:47 | 000,023,971 | -H-- | C] () -- C:\Users\mary\mary.zip
[2012.01.23 20:55:28 | 000,012,341 | -H-- | C] () -- C:\Users\mary\Desktop\OpenDocument Text (neu) (2).odt
[2012.01.23 20:02:04 | 000,000,000 | -H-- | C] () -- C:\Users\mary\defogger_reenable
[2012.01.21 18:52:24 | 000,000,638 | -H-- | C] () -- C:\Users\mary\Desktop\mary - Verknüpfung.lnk
[2012.01.21 04:36:21 | 000,029,253 | -H-- | C] () -- C:\Users\mary\extras.odt
[2012.01.21 04:34:26 | 000,007,334 | -H-- | C] () -- C:\Users\mary\Desktop\OpenDocument Text (neu).odt
[2012.01.21 01:11:35 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~2Mhk1BXXOm5qGF
[2012.01.21 01:11:35 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~2Mhk1BXXOm5qGFr
[2012.01.21 01:11:34 | 000,000,653 | -H-- | C] () -- C:\Users\mary\Desktop\System Check.lnk
[2012.01.21 01:11:32 | 000,000,440 | -H-- | C] () -- C:\ProgramData\2Mhk1BXXOm5qGF
[2012.01.18 17:58:01 | 000,016,249 | -H-- | C] () -- C:\Users\mary\Desktop\Research_proposal Marianna & Johannes.odt
[2012.01.18 17:57:48 | 000,024,604 | -H-- | C] () -- C:\Users\mary\Desktop\presentation research methodes.odt
[2012.01.18 14:36:23 | 455,606,273 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012.01.17 22:02:23 | 000,073,337 | -H-- | C] () -- C:\Users\mary\Desktop\Final potato for vld with pages 15 and 16.ods
[2012.01.16 20:48:58 | 000,021,643 | -H-- | C] () -- C:\Users\mary\Desktop\Unbenannt 1.odt
[2011.05.15 12:14:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.29 12:10:30 | 000,000,088 | RHS- | C] () -- C:\ProgramData\916F6A88B8.sys
[2011.04.29 12:09:59 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.03.30 10:50:07 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2010.01.25 14:48:56 | 000,982,224 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010.01.25 14:48:56 | 000,439,336 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010.01.25 14:48:56 | 000,092,292 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010.01.25 13:43:18 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010.01.25 13:43:18 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.21 00:49:06 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Dropbox
[2011.11.29 18:21:57 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\DVDVideoSoft
[2011.11.29 18:21:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.21 02:45:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\FinalMediaPlayer
[2012.01.25 16:06:41 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\go
[2011.05.12 23:27:20 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\OpenOffice.org
[2012.01.25 16:33:56 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Final Media Player Update Checker.job
[2011.11.30 09:04:11 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.29 20:23:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Adobe
[2011.09.19 00:00:53 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Apple Computer
[2012.01.24 01:42:04 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Avira
[2011.04.29 12:10:29 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Corel
[2012.01.21 02:45:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\CorelHomeOffice
[2012.01.21 00:49:06 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Dropbox
[2011.11.29 18:21:57 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\DVDVideoSoft
[2011.11.29 18:21:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.21 02:45:17 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\FinalMediaPlayer
[2012.01.25 16:06:41 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\go
[2011.04.29 12:03:25 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Hewlett-Packard
[2011.04.29 12:01:39 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\hpqLog
[2011.04.29 12:06:24 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Identities
[2011.04.29 12:06:44 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Intel Corporation
[2011.04.29 20:23:20 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Macromedia
[2012.01.25 16:24:05 | 000,000,000 | ---D | M] -- C:\Users\mary\AppData\Roaming\Malwarebytes
[2012.01.21 02:45:16 | 000,000,000 | --SD | M] -- C:\Users\mary\AppData\Roaming\Microsoft
[2011.11.24 18:06:34 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Mozilla
[2011.05.12 23:27:20 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\OpenOffice.org
[2012.01.25 19:55:43 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Skype
[2011.10.30 17:08:06 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\skypePM
[2012.01.21 18:49:47 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\vlc
[2011.04.30 03:28:50 | 000,000,000 | -H-D | M] -- C:\Users\mary\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | -H-- | M] (Dropbox, Inc.) -- C:\Users\mary\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | -H-- | M] (Dropbox, Inc.) -- C:\Users\mary\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.06.21 15:20:53 | 003,120,288 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\mary\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.05.12 23:23:53 | 168,166,968 | -H-- | M] () -- C:\OOo_3.3.0_Win_x86_install-wJRE_de.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.04 04:33:26 | 000,435,736 | -H-- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\Drivers\32\HDD\iaStor.sys
[2010.03.04 04:33:26 | 000,435,736 | -H-- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | -H-- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\Drivers\64\HDD\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | -H-- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\drivers\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010.05.12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010.05.12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.05.12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010.05.12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010.12.10 05:06:45 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Alt 26.01.2012, 11:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 67.207.128.249:3128
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "WEB.DE Suche"
FF - prefs.js..browser.search.order.2: "amazon.de"
FF - prefs.js..browser.startup.homepage: "http://go.web.de/br/ff3_startpage"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4
FF - prefs.js..keyword.URL: "http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=http://suche.web.de/search/web/?origin=br_urlbar_ff&su="
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.01.21 02:45:14 | 000,000,000 | -H-D | M] (Update Notifier) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] (WEB.DE Firefox Addon) -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2012.01.21 02:45:13 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.24 18:06:49 | 000,001,371 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\amazonde.xml
[2011.11.28 16:12:22 | 000,000,931 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\conduit.xml
[2011.11.25 22:08:17 | 000,001,420 | -H-- | M] () -- C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\preisvergleich.xml
[2012.01.25 17:13:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.24 18:06:08 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2011.11.24 18:06:07 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2011.04.30 03:28:55 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF
[2012.01.25 16:34:13 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3
[2011.09.28 10:28:17 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2269050
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PriceGong Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Fast Search by Surf Canyon) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [WEB.DE Update] C:\Program Files (x86)\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
:Files
C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
C:\ProgramData\2Mhk1BXXOm5qGF
C:\Users\mary\Desktop\System Check.lnk
C:\ProgramData\~2Mhk1BXXOm5qGF
C:\ProgramData\~2Mhk1BXXOm5qGFr
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.01.2012, 15:15   #13
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "WEB.DE Suche" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "WEB.DE Suche" removed from browser.search.order.1
Prefs.js: "amazon.de" removed from browser.search.order.2
Prefs.js: "hxxp://go.web.de/br/ff3_startpage" removed from browser.startup.homepage
Prefs.js: allglassv2@ambroos.neowin.net:2.1.4 removed from extensions.enabledItems
Prefs.js: "hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=br_urlbar_ff&su=" removed from keyword.URL
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\defaults\preferences folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\defaults folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\components folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\chrome folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\searchplugins folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\defaults\preferences folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\defaults folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\locale\de-DE folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\locale folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\content folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mary\AppData\Roaming\mozilla\Firefox\Profiles\4l9ke1jf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\amazonde.xml moved successfully.
C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\conduit.xml moved successfully.
C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\4l9ke1jf.default\searchplugins\preisvergleich.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}\chrome folder moved successfully.
C:\Program Files (x86)\mozilla firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54} folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\modules folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\components folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\PRICEGONG\2.2.0\FF folder moved successfully.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3 scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN scheduled to be moved on reboot.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Program Files (x86)\PriceGong\2.2.0\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}\ deleted successfully.
C:\Program Files (x86)\Surf Canyon\surfcanyon.dll moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
File C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ .
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WEB.DE Update deleted successfully.
C:\Program Files (x86)\WEB.DE\LiveUpdate\m2LUTray.exe moved successfully.
========== FILES ==========
C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\2Mhk1BXXOm5qGF moved successfully.
C:\Users\mary\Desktop\System Check.lnk moved successfully.
C:\ProgramData\~2Mhk1BXXOm5qGF moved successfully.
C:\ProgramData\~2Mhk1BXXOm5qGFr moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mary
->Temp folder emptied: 3187796025 bytes
->Temporary Internet Files folder emptied: 377056094 bytes
->Java cache emptied: 15772892 bytes
->FireFox cache emptied: 96119518 bytes
->Google Chrome cache emptied: 322267373 bytes
->Flash cache emptied: 3229163 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115338612 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1825712 bytes
 
Total Files Cleaned = 3.929,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01262012_150117

Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_4_3 scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\components scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN\chrome scheduled to be moved on reboot.
Folder move failed. C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL scheduled to be moved on reboot.
C:\Users\mary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ .
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ .

Alt 26.01.2012, 16:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.01.2012, 21:29   #15
mary17
 
failed save system 32, hilfe :( - Standard

failed save system 32, hilfe :(


Code:
ATTFilter
21:14:29.0980 1548	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:14:30.0089 1548	============================================================
21:14:30.0089 1548	Current date / time: 2012/01/26 21:14:30.0089
21:14:30.0089 1548	SystemInfo:
21:14:30.0089 1548	
21:14:30.0089 1548	OS Version: 6.1.7600 ServicePack: 0.0
21:14:30.0089 1548	Product type: Workstation
21:14:30.0089 1548	ComputerName: MARY-HP
21:14:30.0089 1548	UserName: mary
21:14:30.0089 1548	Windows directory: C:\windows
21:14:30.0089 1548	System windows directory: C:\windows
21:14:30.0089 1548	Running under WOW64
21:14:30.0089 1548	Processor architecture: Intel x64
21:14:30.0089 1548	Number of processors: 2
21:14:30.0089 1548	Page size: 0x1000
21:14:30.0089 1548	Boot type: Normal boot
21:14:30.0089 1548	============================================================
21:14:30.0696 1548	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:30.0818 1548	Initialize success
21:14:35.0132 4256	Deinitialize success

Code:
ATTFilter
21:14:54.0842 5164	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:14:54.0957 5164	============================================================
21:14:54.0957 5164	Current date / time: 2012/01/26 21:14:54.0957
21:14:54.0957 5164	SystemInfo:
21:14:54.0957 5164	
21:14:54.0957 5164	OS Version: 6.1.7600 ServicePack: 0.0
21:14:54.0957 5164	Product type: Workstation
21:14:54.0957 5164	ComputerName: MARY-HP
21:14:54.0957 5164	UserName: mary
21:14:54.0957 5164	Windows directory: C:\windows
21:14:54.0957 5164	System windows directory: C:\windows
21:14:54.0957 5164	Running under WOW64
21:14:54.0958 5164	Processor architecture: Intel x64
21:14:54.0958 5164	Number of processors: 2
21:14:54.0958 5164	Page size: 0x1000
21:14:54.0958 5164	Boot type: Normal boot
21:14:54.0958 5164	============================================================
21:14:55.0395 5164	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:14:55.0562 5164	Initialize success
21:16:00.0154 5824	============================================================
21:16:00.0154 5824	Scan started
21:16:00.0154 5824	Mode: Manual; SigCheck; TDLFS; 
21:16:00.0154 5824	============================================================
21:16:00.0958 5824	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
21:16:01.0168 5824	1394ohci - ok
21:16:01.0292 5824	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
21:16:01.0332 5824	ACPI - ok
21:16:01.0447 5824	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
21:16:01.0534 5824	AcpiPmi - ok
21:16:01.0652 5824	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:16:01.0724 5824	adp94xx - ok
21:16:01.0845 5824	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:16:01.0899 5824	adpahci - ok
21:16:02.0020 5824	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:16:02.0064 5824	adpu320 - ok
21:16:02.0206 5824	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
21:16:02.0319 5824	AFD - ok
21:16:02.0464 5824	AgereSoftModem  (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
21:16:02.0616 5824	AgereSoftModem - ok
21:16:02.0706 5824	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
21:16:02.0747 5824	agp440 - ok
21:16:02.0871 5824	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
21:16:02.0905 5824	aliide - ok
21:16:02.0929 5824	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
21:16:02.0963 5824	amdide - ok
21:16:03.0020 5824	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:16:03.0084 5824	AmdK8 - ok
21:16:03.0183 5824	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:16:03.0255 5824	AmdPPM - ok
21:16:03.0351 5824	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
21:16:03.0390 5824	amdsata - ok
21:16:03.0448 5824	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:16:03.0491 5824	amdsbs - ok
21:16:03.0534 5824	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
21:16:03.0569 5824	amdxata - ok
21:16:03.0735 5824	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
21:16:03.0826 5824	AppID - ok
21:16:03.0949 5824	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:16:03.0981 5824	arc - ok
21:16:04.0021 5824	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:16:04.0052 5824	arcsas - ok
21:16:04.0150 5824	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:16:04.0228 5824	AsyncMac - ok
21:16:04.0341 5824	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
21:16:04.0364 5824	atapi - ok
21:16:04.0500 5824	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
21:16:04.0839 5824	avgntflt - ok
21:16:04.0990 5824	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\windows\system32\DRIVERS\avipbb.sys
21:16:05.0022 5824	avipbb - ok
21:16:05.0143 5824	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
21:16:05.0175 5824	avkmgr - ok
21:16:05.0323 5824	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:16:05.0429 5824	b06bdrv - ok
21:16:05.0572 5824	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:16:05.0650 5824	b57nd60a - ok
21:16:05.0794 5824	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:16:05.0890 5824	Beep - ok
21:16:06.0068 5824	BHDrvx64        (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
21:16:06.0148 5824	BHDrvx64 - ok
21:16:06.0246 5824	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:16:06.0302 5824	blbdrive - ok
21:16:06.0452 5824	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
21:16:06.0530 5824	bowser - ok
21:16:06.0630 5824	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:16:06.0683 5824	BrFiltLo - ok
21:16:06.0720 5824	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:16:06.0745 5824	BrFiltUp - ok
21:16:06.0780 5824	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:16:06.0850 5824	Brserid - ok
21:16:06.0954 5824	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:16:07.0017 5824	BrSerWdm - ok
21:16:07.0106 5824	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:16:07.0179 5824	BrUsbMdm - ok
21:16:07.0284 5824	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:16:07.0338 5824	BrUsbSer - ok
21:16:07.0442 5824	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
21:16:07.0508 5824	BthEnum - ok
21:16:07.0609 5824	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:16:07.0671 5824	BTHMODEM - ok
21:16:07.0768 5824	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
21:16:07.0825 5824	BthPan - ok
21:16:07.0949 5824	BTHPORT         (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
21:16:08.0043 5824	BTHPORT - ok
21:16:08.0151 5824	BTHUSB          (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
21:16:08.0201 5824	BTHUSB - ok
21:16:08.0300 5824	BTMCOM          (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
21:16:08.0365 5824	BTMCOM - ok
21:16:08.0522 5824	BTMUSB          (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
21:16:08.0709 5824	BTMUSB - ok
21:16:08.0799 5824	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:16:08.0899 5824	cdfs - ok
21:16:09.0019 5824	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
21:16:09.0077 5824	cdrom - ok
21:16:09.0190 5824	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:16:09.0268 5824	circlass - ok
21:16:09.0344 5824	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:16:09.0400 5824	CLFS - ok
21:16:09.0529 5824	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:16:09.0579 5824	CmBatt - ok
21:16:09.0598 5824	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
21:16:09.0633 5824	cmdide - ok
21:16:09.0686 5824	CNG             (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
21:16:09.0755 5824	CNG - ok
21:16:09.0880 5824	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:16:09.0914 5824	Compbatt - ok
21:16:09.0978 5824	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
21:16:10.0018 5824	CompositeBus - ok
21:16:10.0104 5824	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:16:10.0136 5824	crcdisk - ok
21:16:10.0276 5824	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
21:16:10.0326 5824	DfsC - ok
21:16:10.0430 5824	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:16:10.0530 5824	discache - ok
21:16:10.0648 5824	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:16:10.0686 5824	Disk - ok
21:16:10.0783 5824	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:16:10.0840 5824	drmkaud - ok
21:16:10.0906 5824	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
21:16:10.0982 5824	DXGKrnl - ok
21:16:11.0086 5824	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:16:11.0264 5824	ebdrv - ok
21:16:11.0380 5824	eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:16:11.0446 5824	eeCtrl - ok
21:16:11.0569 5824	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:16:11.0639 5824	elxstor - ok
21:16:11.0761 5824	EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:16:11.0796 5824	EraserUtilRebootDrv - ok
21:16:11.0886 5824	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
21:16:11.0937 5824	ErrDev - ok
21:16:12.0056 5824	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:16:12.0148 5824	exfat - ok
21:16:12.0192 5824	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:16:12.0262 5824	fastfat - ok
21:16:12.0377 5824	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:16:12.0425 5824	fdc - ok
21:16:12.0520 5824	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:16:12.0559 5824	FileInfo - ok
21:16:12.0575 5824	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:16:12.0700 5824	Filetrace - ok
21:16:12.0815 5824	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:16:12.0864 5824	flpydisk - ok
21:16:12.0958 5824	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
21:16:13.0013 5824	FltMgr - ok
21:16:13.0040 5824	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:16:13.0063 5824	FsDepends - ok
21:16:13.0078 5824	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:16:13.0099 5824	Fs_Rec - ok
21:16:13.0200 5824	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
21:16:13.0251 5824	fvevol - ok
21:16:13.0304 5824	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:16:13.0327 5824	gagp30kx - ok
21:16:13.0452 5824	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:16:13.0481 5824	GEARAspiWDM - ok
21:16:13.0526 5824	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:16:13.0595 5824	hcw85cir - ok
21:16:13.0698 5824	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
21:16:13.0773 5824	HdAudAddService - ok
21:16:13.0884 5824	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:16:13.0936 5824	HDAudBus - ok
21:16:14.0035 5824	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:16:14.0086 5824	HidBatt - ok
21:16:14.0176 5824	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:16:14.0241 5824	HidBth - ok
21:16:14.0334 5824	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:16:14.0390 5824	HidIr - ok
21:16:14.0510 5824	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
21:16:14.0579 5824	HidUsb - ok
21:16:14.0750 5824	HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:16:14.0782 5824	HpqKbFiltr - ok
21:16:14.0909 5824	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
21:16:14.0943 5824	HpSAMD - ok
21:16:15.0064 5824	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
21:16:15.0181 5824	HTTP - ok
21:16:15.0271 5824	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
21:16:15.0307 5824	hwpolicy - ok
21:16:15.0418 5824	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:16:15.0464 5824	i8042prt - ok
21:16:15.0578 5824	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
21:16:15.0616 5824	iaStor - ok
21:16:15.0745 5824	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
21:16:15.0802 5824	iaStorV - ok
21:16:15.0953 5824	IDSVia64        (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
21:16:16.0013 5824	IDSVia64 - ok
21:16:16.0282 5824	igfx            (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
21:16:16.0610 5824	igfx - ok
21:16:16.0721 5824	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:16:16.0757 5824	iirsp - ok
21:16:16.0869 5824	IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
21:16:16.0933 5824	IntcHdmiAddService - ok
21:16:17.0028 5824	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
21:16:17.0062 5824	intelide - ok
21:16:17.0145 5824	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:16:17.0188 5824	intelppm - ok
21:16:17.0238 5824	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:16:17.0322 5824	IpFilterDriver - ok
21:16:17.0422 5824	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:16:17.0479 5824	IPMIDRV - ok
21:16:17.0573 5824	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:16:17.0688 5824	IPNAT - ok
21:16:17.0803 5824	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:16:17.0846 5824	IRENUM - ok
21:16:17.0881 5824	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
21:16:17.0903 5824	isapnp - ok
21:16:17.0924 5824	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
21:16:17.0954 5824	iScsiPrt - ok
21:16:18.0042 5824	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:16:18.0072 5824	kbdclass - ok
21:16:18.0175 5824	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
21:16:18.0223 5824	kbdhid - ok
21:16:18.0332 5824	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
21:16:18.0374 5824	KSecDD - ok
21:16:18.0399 5824	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
21:16:18.0425 5824	KSecPkg - ok
21:16:18.0463 5824	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:16:18.0520 5824	ksthunk - ok
21:16:18.0671 5824	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:16:18.0774 5824	lltdio - ok
21:16:18.0890 5824	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:16:18.0929 5824	LSI_FC - ok
21:16:18.0972 5824	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:16:19.0010 5824	LSI_SAS - ok
21:16:19.0051 5824	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:16:19.0089 5824	LSI_SAS2 - ok
21:16:19.0115 5824	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:16:19.0156 5824	LSI_SCSI - ok
21:16:19.0257 5824	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:16:19.0357 5824	luafv - ok
21:16:19.0479 5824	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
21:16:19.0508 5824	MBAMProtector - ok
21:16:19.0599 5824	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:16:19.0634 5824	megasas - ok
21:16:19.0657 5824	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:16:19.0704 5824	MegaSR - ok
21:16:19.0805 5824	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:16:19.0893 5824	Modem - ok
21:16:20.0009 5824	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:16:20.0066 5824	monitor - ok
21:16:20.0174 5824	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:16:20.0211 5824	mouclass - ok
21:16:20.0362 5824	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:16:20.0411 5824	mouhid - ok
21:16:20.0511 5824	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
21:16:20.0553 5824	mountmgr - ok
21:16:20.0593 5824	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
21:16:20.0636 5824	mpio - ok
21:16:20.0682 5824	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:16:20.0740 5824	mpsdrv - ok
21:16:20.0763 5824	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
21:16:20.0806 5824	MRxDAV - ok
21:16:20.0849 5824	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
21:16:20.0893 5824	mrxsmb - ok
21:16:20.0999 5824	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:16:21.0055 5824	mrxsmb10 - ok
21:16:21.0161 5824	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:16:21.0204 5824	mrxsmb20 - ok
21:16:21.0277 5824	msahci          (5e939cf91ea4a841dbafe4627e0292bb) C:\windows\system32\DRIVERS\msahci.sys
21:16:21.0316 5824	msahci - ok
21:16:21.0354 5824	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
21:16:21.0398 5824	msdsm - ok
21:16:21.0483 5824	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:16:21.0911 5824	Msfs - ok
21:16:22.0008 5824	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:16:22.0261 5824	mshidkmdf - ok
21:16:22.0336 5824	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
21:16:22.0360 5824	msisadrv - ok
21:16:22.0479 5824	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:16:22.0554 5824	MSKSSRV - ok
21:16:22.0672 5824	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:16:22.0732 5824	MSPCLOCK - ok
21:16:22.0833 5824	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:16:22.0898 5824	MSPQM - ok
21:16:22.0964 5824	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
21:16:22.0998 5824	MsRPC - ok
21:16:23.0049 5824	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:16:23.0068 5824	mssmbios - ok
21:16:23.0111 5824	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:16:23.0175 5824	MSTEE - ok
21:16:23.0209 5824	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:16:23.0246 5824	MTConfig - ok
21:16:23.0304 5824	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:16:23.0331 5824	Mup - ok
21:16:23.0448 5824	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:16:23.0512 5824	NativeWifiP - ok
21:16:23.0653 5824	NAVENG          (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
21:16:23.0670 5824	NAVENG - ok
21:16:23.0840 5824	NAVEX15         (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
21:16:23.0886 5824	NAVEX15 - ok
21:16:24.0013 5824	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
21:16:24.0063 5824	NDIS - ok
21:16:24.0162 5824	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:16:24.0229 5824	NdisCap - ok
21:16:24.0333 5824	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:16:24.0403 5824	NdisTapi - ok
21:16:24.0505 5824	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
21:16:24.0568 5824	Ndisuio - ok
21:16:24.0673 5824	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
21:16:24.0755 5824	NdisWan - ok
21:16:24.0846 5824	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
21:16:24.0919 5824	NDProxy - ok
21:16:25.0015 5824	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:16:25.0073 5824	NetBIOS - ok
21:16:25.0137 5824	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
21:16:25.0219 5824	NetBT - ok
21:16:25.0348 5824	netr28x         (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
21:16:25.0406 5824	netr28x - ok
21:16:25.0463 5824	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:16:25.0488 5824	nfrd960 - ok
21:16:25.0619 5824	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:16:25.0691 5824	Npfs - ok
21:16:25.0791 5824	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:16:25.0856 5824	nsiproxy - ok
21:16:25.0975 5824	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
21:16:26.0080 5824	Ntfs - ok
21:16:26.0175 5824	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:16:26.0243 5824	Null - ok
21:16:26.0342 5824	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
21:16:26.0371 5824	nvraid - ok
21:16:26.0388 5824	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
21:16:26.0420 5824	nvstor - ok
21:16:26.0461 5824	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
21:16:26.0490 5824	nv_agp - ok
21:16:26.0512 5824	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
21:16:26.0550 5824	ohci1394 - ok
21:16:26.0698 5824	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:16:26.0730 5824	Parport - ok
21:16:26.0764 5824	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
21:16:26.0791 5824	partmgr - ok
21:16:26.0820 5824	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
21:16:26.0856 5824	pci - ok
21:16:26.0882 5824	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:16:26.0905 5824	pciide - ok
21:16:26.0925 5824	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:16:26.0958 5824	pcmcia - ok
21:16:27.0003 5824	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:16:27.0029 5824	pcw - ok
21:16:27.0149 5824	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:16:27.0256 5824	PEAUTH - ok
21:16:27.0380 5824	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
21:16:27.0454 5824	PptpMiniport - ok
21:16:27.0518 5824	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:16:27.0561 5824	Processor - ok
21:16:27.0688 5824	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
21:16:27.0762 5824	Psched - ok
21:16:27.0830 5824	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
21:16:27.0854 5824	PxHlpa64 - ok
21:16:27.0947 5824	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:16:28.0024 5824	ql2300 - ok
21:16:28.0050 5824	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:16:28.0079 5824	ql40xx - ok
21:16:28.0116 5824	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:16:28.0260 5824	QWAVEdrv - ok
21:16:28.0387 5824	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:16:28.0509 5824	RasAcd - ok
21:16:28.0659 5824	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:16:28.0739 5824	RasAgileVpn - ok
21:16:28.0837 5824	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
21:16:28.0900 5824	Rasl2tp - ok
21:16:28.0947 5824	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:16:29.0031 5824	RasPppoe - ok
21:16:29.0139 5824	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:16:29.0212 5824	RasSstp - ok
21:16:29.0315 5824	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
21:16:29.0405 5824	rdbss - ok
21:16:29.0528 5824	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:16:29.0624 5824	rdpbus - ok
21:16:29.0725 5824	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:16:29.0846 5824	RDPCDD - ok
21:16:29.0963 5824	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:16:30.0090 5824	RDPENCDD - ok
21:16:30.0167 5824	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:16:30.0220 5824	RDPREFMP - ok
21:16:30.0252 5824	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
21:16:30.0333 5824	RDPWD - ok
21:16:30.0450 5824	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
21:16:30.0512 5824	rdyboost - ok
21:16:30.0620 5824	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
21:16:30.0672 5824	RFCOMM - ok
21:16:30.0793 5824	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:16:30.0866 5824	rspndr - ok
21:16:30.0985 5824	RTL8167         (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
21:16:31.0016 5824	RTL8167 - ok
21:16:31.0097 5824	rtsuvc          (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
21:16:31.0159 5824	rtsuvc - ok
21:16:31.0284 5824	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
21:16:31.0311 5824	sbp2port - ok
21:16:31.0360 5824	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
21:16:31.0437 5824	scfilter - ok
21:16:31.0554 5824	sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
21:16:31.0606 5824	sdbus - ok
21:16:31.0729 5824	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:16:31.0798 5824	secdrv - ok
21:16:31.0920 5824	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:16:31.0949 5824	Serenum - ok
21:16:31.0994 5824	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:16:32.0032 5824	Serial - ok
21:16:32.0094 5824	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:16:32.0122 5824	sermouse - ok
21:16:32.0157 5824	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
21:16:32.0218 5824	sffdisk - ok
21:16:32.0326 5824	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:16:32.0352 5824	sffp_mmc - ok
21:16:32.0415 5824	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
21:16:32.0453 5824	sffp_sd - ok
21:16:32.0495 5824	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:16:32.0534 5824	sfloppy - ok
21:16:32.0578 5824	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:16:32.0603 5824	SiSRaid2 - ok
21:16:32.0625 5824	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:16:32.0651 5824	SiSRaid4 - ok
21:16:32.0697 5824	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:16:32.0764 5824	Smb - ok
21:16:32.0889 5824	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:16:32.0913 5824	spldr - ok
21:16:33.0005 5824	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
21:16:33.0060 5824	SRTSP - ok
21:16:33.0083 5824	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
21:16:33.0104 5824	SRTSPX - ok
21:16:33.0153 5824	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
21:16:33.0230 5824	srv - ok
21:16:33.0351 5824	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
21:16:33.0414 5824	srv2 - ok
21:16:33.0538 5824	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
21:16:33.0582 5824	srvnet - ok
21:16:33.0718 5824	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:16:33.0743 5824	stexstor - ok
21:16:33.0871 5824	STHDA           (c962f5c90bdbefb6446b5b252c70fe33) C:\windows\system32\DRIVERS\stwrt64.sys
21:16:33.0943 5824	STHDA - ok
21:16:34.0091 5824	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:16:34.0114 5824	swenum - ok
21:16:34.0258 5824	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
21:16:34.0314 5824	SymDS - ok
21:16:34.0487 5824	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
21:16:34.0545 5824	SymEFA - ok
21:16:34.0663 5824	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:16:34.0689 5824	SymEvent - ok
21:16:34.0793 5824	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
21:16:34.0820 5824	SymIRON - ok
21:16:34.0849 5824	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
21:16:34.0902 5824	SymNetS - ok
21:16:35.0035 5824	SynTP           (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
21:16:35.0066 5824	SynTP - ok
21:16:35.0165 5824	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
21:16:35.0324 5824	Tcpip - ok
21:16:35.0487 5824	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
21:16:35.0541 5824	TCPIP6 - ok
21:16:35.0603 5824	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
21:16:35.0673 5824	tcpipreg - ok
21:16:35.0785 5824	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:16:35.0849 5824	TDPIPE - ok
21:16:35.0959 5824	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
21:16:36.0034 5824	TDTCP - ok
21:16:36.0160 5824	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
21:16:36.0234 5824	tdx - ok
21:16:36.0361 5824	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
21:16:36.0386 5824	TermDD - ok
21:16:36.0514 5824	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
21:16:36.0558 5824	TPM - ok
21:16:36.0680 5824	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
21:16:36.0733 5824	tssecsrv - ok
21:16:36.0855 5824	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
21:16:36.0928 5824	tunnel - ok
21:16:37.0037 5824	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:16:37.0064 5824	uagp35 - ok
21:16:37.0133 5824	udfs            (c06e6f4679ceb8f430b90a51d76d8d3c) C:\windows\system32\DRIVERS\udfs.sys
21:16:37.0182 5824	udfs - ok
21:16:37.0316 5824	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
21:16:37.0343 5824	uliagpkx - ok
21:16:37.0395 5824	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
21:16:37.0438 5824	umbus - ok
21:16:37.0557 5824	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:16:37.0598 5824	UmPass - ok
21:16:37.0739 5824	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:16:37.0791 5824	USBAAPL64 - ok
21:16:37.0905 5824	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
21:16:37.0957 5824	usbccgp - ok
21:16:38.0090 5824	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
21:16:38.0136 5824	usbcir - ok
21:16:38.0252 5824	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
21:16:38.0347 5824	usbehci - ok
21:16:38.0504 5824	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
21:16:38.0549 5824	usbhub - ok
21:16:38.0673 5824	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
21:16:38.0710 5824	usbohci - ok
21:16:38.0807 5824	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:16:38.0851 5824	usbprint - ok
21:16:38.0962 5824	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:16:39.0005 5824	usbscan - ok
21:16:39.0114 5824	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:16:39.0170 5824	USBSTOR - ok
21:16:39.0277 5824	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
21:16:39.0314 5824	usbuhci - ok
21:16:39.0442 5824	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
21:16:39.0500 5824	usbvideo - ok
21:16:39.0648 5824	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
21:16:39.0672 5824	vdrvroot - ok
21:16:39.0808 5824	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:16:39.0837 5824	vga - ok
21:16:39.0884 5824	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:16:39.0945 5824	VgaSave - ok
21:16:40.0073 5824	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
21:16:40.0109 5824	vhdmp - ok
21:16:40.0220 5824	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
21:16:40.0243 5824	viaide - ok
21:16:40.0325 5824	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
21:16:40.0351 5824	volmgr - ok
21:16:40.0415 5824	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
21:16:40.0459 5824	volmgrx - ok
21:16:40.0582 5824	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
21:16:40.0628 5824	volsnap - ok
21:16:40.0753 5824	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:16:40.0783 5824	vsmraid - ok
21:16:40.0880 5824	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:16:40.0910 5824	vwifibus - ok
21:16:41.0036 5824	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:16:41.0076 5824	vwififlt - ok
21:16:41.0145 5824	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:16:41.0203 5824	WacomPen - ok
21:16:41.0326 5824	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:16:41.0403 5824	WANARP - ok
21:16:41.0409 5824	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:16:41.0455 5824	Wanarpv6 - ok
21:16:41.0591 5824	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:16:41.0626 5824	Wd - ok
21:16:41.0695 5824	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:16:41.0756 5824	Wdf01000 - ok
21:16:41.0907 5824	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:16:41.0972 5824	WfpLwf - ok
21:16:42.0013 5824	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:16:42.0042 5824	WIMMount - ok
21:16:42.0218 5824	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
21:16:42.0276 5824	WinUsb - ok
21:16:42.0410 5824	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:16:42.0454 5824	WmiAcpi - ok
21:16:42.0533 5824	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:16:42.0625 5824	ws2ifsl - ok
21:16:42.0767 5824	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
21:16:42.0869 5824	WudfPf - ok
21:16:42.0879 5824	Scan interrupted by user!
21:16:42.0879 5824	Scan interrupted by user!
21:16:42.0879 5824	Scan interrupted by user!
21:16:42.0879 5824	============================================================
21:16:42.0879 5824	Scan finished
21:16:42.0879 5824	============================================================
21:16:42.0906 5132	Detected object count: 0
21:16:42.0906 5132	Actual detected object count: 0
21:16:45.0918 6124	Deinitialize success

Code:
ATTFilter
21:19:17.0892 4248	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
21:19:17.0927 4248	============================================================
21:19:17.0927 4248	Current date / time: 2012/01/26 21:19:17.0927
21:19:17.0927 4248	SystemInfo:
21:19:17.0927 4248	
21:19:17.0927 4248	OS Version: 6.1.7600 ServicePack: 0.0
21:19:17.0927 4248	Product type: Workstation
21:19:17.0927 4248	ComputerName: MARY-HP
21:19:17.0928 4248	UserName: mary
21:19:17.0928 4248	Windows directory: C:\windows
21:19:17.0928 4248	System windows directory: C:\windows
21:19:17.0928 4248	Running under WOW64
21:19:17.0928 4248	Processor architecture: Intel x64
21:19:17.0928 4248	Number of processors: 2
21:19:17.0928 4248	Page size: 0x1000
21:19:17.0928 4248	Boot type: Normal boot
21:19:17.0928 4248	============================================================
21:19:18.0371 4248	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:19:18.0515 4248	Initialize success
21:19:25.0404 4060	============================================================
21:19:25.0404 4060	Scan started
21:19:25.0404 4060	Mode: Manual; SigCheck; TDLFS; 
21:19:25.0404 4060	============================================================
21:19:25.0815 4060	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
21:19:25.0977 4060	1394ohci - ok
21:19:26.0059 4060	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
21:19:26.0094 4060	ACPI - ok
21:19:26.0181 4060	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
21:19:26.0218 4060	AcpiPmi - ok
21:19:26.0264 4060	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:19:26.0302 4060	adp94xx - ok
21:19:26.0422 4060	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:19:26.0455 4060	adpahci - ok
21:19:26.0564 4060	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:19:26.0597 4060	adpu320 - ok
21:19:26.0729 4060	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
21:19:26.0770 4060	AFD - ok
21:19:26.0920 4060	AgereSoftModem  (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
21:19:26.0972 4060	AgereSoftModem - ok
21:19:27.0073 4060	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
21:19:27.0122 4060	agp440 - ok
21:19:27.0327 4060	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
21:19:27.0345 4060	aliide - ok
21:19:27.0696 4060	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
21:19:27.0721 4060	amdide - ok
21:19:27.0820 4060	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:19:27.0853 4060	AmdK8 - ok
21:19:27.0972 4060	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:19:28.0005 4060	AmdPPM - ok
21:19:28.0107 4060	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
21:19:28.0136 4060	amdsata - ok
21:19:28.0248 4060	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:19:28.0280 4060	amdsbs - ok
21:19:28.0379 4060	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
21:19:28.0407 4060	amdxata - ok
21:19:28.0602 4060	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
21:19:28.0643 4060	AppID - ok
21:19:28.0783 4060	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:19:28.0812 4060	arc - ok
21:19:28.0877 4060	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:19:28.0907 4060	arcsas - ok
21:19:29.0028 4060	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:19:29.0082 4060	AsyncMac - ok
21:19:29.0230 4060	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
21:19:29.0253 4060	atapi - ok
21:19:29.0378 4060	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
21:19:29.0429 4060	avgntflt - ok
21:19:29.0568 4060	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\windows\system32\DRIVERS\avipbb.sys
21:19:29.0598 4060	avipbb - ok
21:19:29.0710 4060	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
21:19:29.0738 4060	avkmgr - ok
21:19:29.0856 4060	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:19:29.0896 4060	b06bdrv - ok
21:19:30.0017 4060	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:19:30.0053 4060	b57nd60a - ok
21:19:30.0183 4060	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:19:30.0256 4060	Beep - ok
21:19:30.0435 4060	BHDrvx64        (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
21:19:30.0485 4060	BHDrvx64 - ok
21:19:30.0579 4060	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:19:30.0612 4060	blbdrive - ok
21:19:30.0763 4060	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
21:19:30.0797 4060	bowser - ok
21:19:30.0886 4060	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:19:30.0922 4060	BrFiltLo - ok
21:19:30.0954 4060	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:19:30.0976 4060	BrFiltUp - ok
21:19:31.0016 4060	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:19:31.0051 4060	Brserid - ok
21:19:31.0089 4060	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:19:31.0118 4060	BrSerWdm - ok
21:19:31.0196 4060	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:19:31.0234 4060	BrUsbMdm - ok
21:19:31.0252 4060	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:19:31.0285 4060	BrUsbSer - ok
21:19:31.0377 4060	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
21:19:31.0410 4060	BthEnum - ok
21:19:31.0466 4060	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:19:31.0504 4060	BTHMODEM - ok
21:19:31.0614 4060	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
21:19:31.0653 4060	BthPan - ok
21:19:31.0761 4060	BTHPORT         (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
21:19:31.0802 4060	BTHPORT - ok
21:19:31.0841 4060	BTHUSB          (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
21:19:31.0874 4060	BTHUSB - ok
21:19:31.0968 4060	BTMCOM          (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys
21:19:31.0998 4060	BTMCOM - ok
21:19:32.0101 4060	BTMUSB          (d1bcd0e189378f81e3fe57783684b3da) C:\windows\system32\Drivers\btmusb.sys
21:19:32.0159 4060	BTMUSB - ok
21:19:32.0200 4060	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:19:32.0242 4060	cdfs - ok
21:19:32.0342 4060	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
21:19:32.0374 4060	cdrom - ok
21:19:32.0469 4060	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:19:32.0507 4060	circlass - ok
21:19:32.0590 4060	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:19:32.0620 4060	CLFS - ok
21:19:32.0753 4060	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:19:32.0786 4060	CmBatt - ok
21:19:32.0810 4060	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
21:19:32.0838 4060	cmdide - ok
21:19:32.0887 4060	CNG             (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
21:19:32.0935 4060	CNG - ok
21:19:32.0982 4060	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:19:33.0001 4060	Compbatt - ok
21:19:33.0101 4060	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
21:19:33.0140 4060	CompositeBus - ok
21:19:33.0249 4060	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:19:33.0277 4060	crcdisk - ok
21:19:33.0422 4060	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
21:19:33.0456 4060	DfsC - ok
21:19:33.0520 4060	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:19:33.0579 4060	discache - ok
21:19:33.0704 4060	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:19:33.0728 4060	Disk - ok
21:19:33.0851 4060	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:19:33.0887 4060	drmkaud - ok
21:19:33.0962 4060	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
21:19:34.0006 4060	DXGKrnl - ok
21:19:34.0108 4060	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:19:34.0166 4060	ebdrv - ok
21:19:34.0260 4060	eeCtrl          (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:19:34.0293 4060	eeCtrl - ok
21:19:34.0437 4060	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:19:34.0478 4060	elxstor - ok
21:19:34.0585 4060	EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:19:34.0613 4060	EraserUtilRebootDrv - ok
21:19:34.0710 4060	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
21:19:34.0743 4060	ErrDev - ok
21:19:34.0835 4060	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:19:34.0898 4060	exfat - ok
21:19:34.0994 4060	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:19:35.0047 4060	fastfat - ok
21:19:35.0145 4060	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:19:35.0177 4060	fdc - ok
21:19:35.0288 4060	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:19:35.0313 4060	FileInfo - ok
21:19:35.0343 4060	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:19:35.0397 4060	Filetrace - ok
21:19:35.0472 4060	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:19:35.0500 4060	flpydisk - ok
21:19:35.0548 4060	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
21:19:35.0580 4060	FltMgr - ok
21:19:35.0608 4060	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:19:35.0630 4060	FsDepends - ok
21:19:35.0646 4060	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:19:35.0667 4060	Fs_Rec - ok
21:19:35.0747 4060	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
21:19:35.0783 4060	fvevol - ok
21:19:35.0816 4060	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:19:35.0845 4060	gagp30kx - ok
21:19:35.0898 4060	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:19:35.0920 4060	GEARAspiWDM - ok
21:19:35.0961 4060	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:19:35.0994 4060	hcw85cir - ok
21:19:36.0111 4060	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
21:19:36.0154 4060	HdAudAddService - ok
21:19:36.0240 4060	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:19:36.0279 4060	HDAudBus - ok
21:19:36.0347 4060	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:19:36.0380 4060	HidBatt - ok
21:19:36.0444 4060	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:19:36.0481 4060	HidBth - ok
21:19:36.0513 4060	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:19:36.0542 4060	HidIr - ok
21:19:36.0600 4060	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
21:19:36.0633 4060	HidUsb - ok
21:19:36.0796 4060	HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:19:36.0823 4060	HpqKbFiltr - ok
21:19:36.0922 4060	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
21:19:36.0951 4060	HpSAMD - ok
21:19:37.0066 4060	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
21:19:37.0134 4060	HTTP - ok
21:19:37.0150 4060	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
21:19:37.0172 4060	hwpolicy - ok
21:19:37.0220 4060	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:19:37.0254 4060	i8042prt - ok
21:19:37.0291 4060	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
21:19:37.0323 4060	iaStor - ok
21:19:37.0458 4060	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
21:19:37.0494 4060	iaStorV - ok
21:19:37.0655 4060	IDSVia64        (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
21:19:37.0687 4060	IDSVia64 - ok
21:19:37.0955 4060	igfx            (7467ae8f96ea983423148c62458669fa) C:\windows\system32\DRIVERS\igdkmd64.sys
21:19:38.0058 4060	igfx - ok
21:19:38.0178 4060	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:19:38.0206 4060	iirsp - ok
21:19:38.0315 4060	IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\windows\system32\drivers\IntcHdmi.sys
21:19:38.0342 4060	IntcHdmiAddService - ok
21:19:38.0385 4060	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
21:19:38.0406 4060	intelide - ok
21:19:38.0446 4060	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:19:38.0480 4060	intelppm - ok
21:19:38.0572 4060	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:19:38.0647 4060	IpFilterDriver - ok
21:19:38.0691 4060	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:19:38.0724 4060	IPMIDRV - ok
21:19:38.0763 4060	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:19:38.0805 4060	IPNAT - ok
21:19:38.0838 4060	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:19:38.0861 4060	IRENUM - ok
21:19:38.0894 4060	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
21:19:38.0916 4060	isapnp - ok
21:19:38.0938 4060	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
21:19:38.0972 4060	iScsiPrt - ok
21:19:39.0077 4060	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:19:39.0105 4060	kbdclass - ok
21:19:39.0199 4060	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
21:19:39.0232 4060	kbdhid - ok
21:19:39.0278 4060	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
21:19:39.0295 4060	KSecDD - ok
21:19:39.0323 4060	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
21:19:39.0340 4060	KSecPkg - ok
21:19:39.0431 4060	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:19:39.0490 4060	ksthunk - ok
21:19:39.0628 4060	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:19:39.0692 4060	lltdio - ok
21:19:39.0757 4060	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:19:39.0783 4060	LSI_FC - ok
21:19:39.0817 4060	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:19:39.0840 4060	LSI_SAS - ok
21:19:39.0863 4060	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:19:39.0886 4060	LSI_SAS2 - ok
21:19:39.0904 4060	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:19:39.0921 4060	LSI_SCSI - ok
21:19:40.0024 4060	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:19:40.0098 4060	luafv - ok
21:19:40.0235 4060	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
21:19:40.0260 4060	MBAMProtector - ok
21:19:40.0322 4060	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:19:40.0343 4060	megasas - ok
21:19:40.0368 4060	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:19:40.0395 4060	MegaSR - ok
21:19:40.0438 4060	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:19:40.0495 4060	Modem - ok
21:19:40.0609 4060	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:19:40.0644 4060	monitor - ok
21:19:40.0753 4060	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:19:40.0782 4060	mouclass - ok
21:19:40.0918 4060	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:19:40.0951 4060	mouhid - ok
21:19:40.0989 4060	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
21:19:41.0019 4060	mountmgr - ok
21:19:41.0049 4060	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
21:19:41.0080 4060	mpio - ok
21:19:41.0127 4060	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:19:41.0192 4060	mpsdrv - ok
21:19:41.0219 4060	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
21:19:41.0244 4060	MRxDAV - ok
21:19:41.0271 4060	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
21:19:41.0292 4060	mrxsmb - ok
21:19:41.0332 4060	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:19:41.0366 4060	mrxsmb10 - ok
21:19:41.0395 4060	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:19:41.0414 4060	mrxsmb20 - ok
21:19:41.0467 4060	msahci          (5e939cf91ea4a841dbafe4627e0292bb) C:\windows\system32\DRIVERS\msahci.sys
21:19:41.0492 4060	msahci - ok
21:19:41.0521 4060	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
21:19:41.0545 4060	msdsm - ok
21:19:41.0595 4060	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:19:41.0651 4060	Msfs - ok
21:19:41.0665 4060	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:19:41.0705 4060	mshidkmdf - ok
21:19:41.0737 4060	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
21:19:41.0754 4060	msisadrv - ok
21:19:41.0813 4060	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:19:41.0875 4060	MSKSSRV - ok
21:19:41.0895 4060	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:19:41.0951 4060	MSPCLOCK - ok
21:19:41.0968 4060	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:19:42.0023 4060	MSPQM - ok
21:19:42.0054 4060	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
21:19:42.0074 4060	MsRPC - ok
21:19:42.0116 4060	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:19:42.0144 4060	mssmbios - ok
21:19:42.0190 4060	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:19:42.0263 4060	MSTEE - ok
21:19:42.0298 4060	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:19:42.0331 4060	MTConfig - ok
21:19:42.0371 4060	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:19:42.0400 4060	Mup - ok
21:19:42.0494 4060	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:19:42.0531 4060	NativeWifiP - ok
21:19:42.0665 4060	NAVENG          (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
21:19:42.0693 4060	NAVENG - ok
21:19:42.0869 4060	NAVEX15         (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
21:19:42.0917 4060	NAVEX15 - ok
21:19:43.0038 4060	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
21:19:43.0089 4060	NDIS - ok
21:19:43.0174 4060	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:19:43.0235 4060	NdisCap - ok
21:19:43.0267 4060	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:19:43.0308 4060	NdisTapi - ok
21:19:43.0417 4060	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
21:19:43.0477 4060	Ndisuio - ok
21:19:43.0507 4060	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
21:19:43.0549 4060	NdisWan - ok
21:19:43.0570 4060	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
21:19:43.0611 4060	NDProxy - ok
21:19:43.0716 4060	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:19:43.0776 4060	NetBIOS - ok
21:19:43.0839 4060	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
21:19:43.0900 4060	NetBT - ok
21:19:44.0071 4060	netr28x         (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys
21:19:44.0116 4060	netr28x - ok
21:19:44.0242 4060	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:19:44.0271 4060	nfrd960 - ok
21:19:44.0431 4060	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:19:44.0494 4060	Npfs - ok
21:19:44.0570 4060	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:19:44.0638 4060	nsiproxy - ok
21:19:44.0735 4060	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
21:19:44.0781 4060	Ntfs - ok
21:19:44.0842 4060	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:19:44.0915 4060	Null - ok
21:19:45.0032 4060	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
21:19:45.0063 4060	nvraid - ok
21:19:45.0133 4060	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
21:19:45.0164 4060	nvstor - ok
21:19:45.0307 4060	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
21:19:45.0337 4060	nv_agp - ok
21:19:45.0469 4060	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
21:19:45.0502 4060	ohci1394 - ok
21:19:45.0633 4060	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:19:45.0667 4060	Parport - ok
21:19:45.0788 4060	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
21:19:45.0817 4060	partmgr - ok
21:19:45.0944 4060	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
21:19:45.0976 4060	pci - ok
21:19:46.0105 4060	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:19:46.0133 4060	pciide - ok
21:19:46.0171 4060	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:19:46.0204 4060	pcmcia - ok
21:19:46.0249 4060	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:19:46.0278 4060	pcw - ok
21:19:46.0407 4060	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:19:46.0478 4060	PEAUTH - ok
21:19:46.0636 4060	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
21:19:46.0707 4060	PptpMiniport - ok
21:19:46.0807 4060	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:19:46.0836 4060	Processor - ok
21:19:46.0978 4060	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
21:19:47.0044 4060	Psched - ok
21:19:47.0176 4060	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
21:19:47.0203 4060	PxHlpa64 - ok
21:19:47.0319 4060	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:19:47.0374 4060	ql2300 - ok
21:19:47.0473 4060	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:19:47.0503 4060	ql40xx - ok
21:19:47.0627 4060	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:19:47.0665 4060	QWAVEdrv - ok
21:19:47.0710 4060	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:19:47.0777 4060	RasAcd - ok
21:19:47.0927 4060	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:19:47.0982 4060	RasAgileVpn - ok
21:19:48.0105 4060	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
21:19:48.0177 4060	Rasl2tp - ok
21:19:48.0293 4060	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:19:48.0367 4060	RasPppoe - ok
21:19:48.0486 4060	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:19:48.0561 4060	RasSstp - ok
21:19:48.0673 4060	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
21:19:48.0729 4060	rdbss - ok
21:19:48.0830 4060	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:19:48.0868 4060	rdpbus - ok
21:19:48.0982 4060	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:19:49.0035 4060	RDPCDD - ok
21:19:49.0156 4060	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:19:49.0212 4060	RDPENCDD - ok
21:19:49.0258 4060	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:19:49.0317 4060	RDPREFMP - ok
21:19:49.0377 4060	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
21:19:49.0439 4060	RDPWD - ok
21:19:49.0474 4060	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
21:19:49.0493 4060	rdyboost - ok
21:19:49.0622 4060	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
21:19:49.0661 4060	RFCOMM - ok
21:19:49.0817 4060	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:19:49.0893 4060	rspndr - ok
21:19:50.0022 4060	RTL8167         (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
21:19:50.0057 4060	RTL8167 - ok
21:19:50.0177 4060	rtsuvc          (73157d4a4f6da18c5148e47cb958af58) C:\windows\system32\DRIVERS\rtsuvc.sys
21:19:50.0210 4060	rtsuvc - ok
21:19:50.0275 4060	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
21:19:50.0303 4060	sbp2port - ok
21:19:50.0373 4060	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
21:19:50.0435 4060	scfilter - ok
21:19:50.0568 4060	sdbus           (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
21:19:50.0607 4060	sdbus - ok
21:19:50.0742 4060	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:19:50.0800 4060	secdrv - ok
21:19:50.0899 4060	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:19:50.0932 4060	Serenum - ok
21:19:51.0018 4060	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:19:51.0052 4060	Serial - ok
21:19:51.0118 4060	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:19:51.0151 4060	sermouse - ok
21:19:51.0237 4060	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
21:19:51.0268 4060	sffdisk - ok
21:19:51.0295 4060	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:19:51.0327 4060	sffp_mmc - ok
21:19:51.0350 4060	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
21:19:51.0382 4060	sffp_sd - ok
21:19:51.0397 4060	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:19:51.0415 4060	sfloppy - ok
21:19:51.0457 4060	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:19:51.0473 4060	SiSRaid2 - ok
21:19:51.0493 4060	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:19:51.0510 4060	SiSRaid4 - ok
21:19:51.0555 4060	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:19:51.0598 4060	Smb - ok
21:19:51.0725 4060	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:19:51.0750 4060	spldr - ok
21:19:51.0898 4060	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
21:19:51.0933 4060	SRTSP - ok
21:19:52.0085 4060	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
21:19:52.0111 4060	SRTSPX - ok
21:19:52.0223 4060	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
21:19:52.0262 4060	srv - ok
21:19:52.0387 4060	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
21:19:52.0426 4060	srv2 - ok
21:19:52.0552 4060	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
21:19:52.0587 4060	srvnet - ok
21:19:52.0719 4060	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:19:52.0747 4060	stexstor - ok
21:19:52.0896 4060	STHDA           (c962f5c90bdbefb6446b5b252c70fe33) C:\windows\system32\DRIVERS\stwrt64.sys
21:19:52.0935 4060	STHDA - ok
21:19:53.0082 4060	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:19:53.0106 4060	swenum - ok
21:19:53.0272 4060	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
21:19:53.0308 4060	SymDS - ok
21:19:53.0491 4060	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
21:19:53.0539 4060	SymEFA - ok
21:19:53.0665 4060	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:19:53.0695 4060	SymEvent - ok
21:19:53.0851 4060	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
21:19:53.0880 4060	SymIRON - ok
21:19:53.0974 4060	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
21:19:54.0009 4060	SymNetS - ok
21:19:54.0149 4060	SynTP           (be2b928de9af2848289db7a54c7e2398) C:\windows\system32\DRIVERS\SynTP.sys
21:19:54.0182 4060	SynTP - ok
21:19:54.0350 4060	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
21:19:54.0406 4060	Tcpip - ok
21:19:54.0550 4060	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
21:19:54.0610 4060	TCPIP6 - ok
21:19:54.0672 4060	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
21:19:54.0730 4060	tcpipreg - ok
21:19:54.0753 4060	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:19:54.0794 4060	TDPIPE - ok
21:19:54.0817 4060	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
21:19:54.0858 4060	TDTCP - ok
21:19:54.0895 4060	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
21:19:54.0962 4060	tdx - ok
21:19:54.0995 4060	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
21:19:55.0011 4060	TermDD - ok
21:19:55.0126 4060	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
21:19:55.0154 4060	TPM - ok
21:19:55.0304 4060	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
21:19:55.0361 4060	tssecsrv - ok
21:19:55.0478 4060	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
21:19:55.0539 4060	tunnel - ok
21:19:55.0594 4060	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:19:55.0621 4060	uagp35 - ok
21:19:55.0667 4060	udfs            (c06e6f4679ceb8f430b90a51d76d8d3c) C:\windows\system32\DRIVERS\udfs.sys
21:19:55.0703 4060	udfs - ok
21:19:55.0750 4060	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
21:19:55.0767 4060	uliagpkx - ok
21:19:55.0807 4060	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
21:19:55.0826 4060	umbus - ok
21:19:55.0858 4060	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:19:55.0877 4060	UmPass - ok
21:19:55.0940 4060	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
21:19:55.0969 4060	USBAAPL64 - ok
21:19:56.0006 4060	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
21:19:56.0040 4060	usbccgp - ok
21:19:56.0091 4060	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
21:19:56.0132 4060	usbcir - ok
21:19:56.0165 4060	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
21:19:56.0198 4060	usbehci - ok
21:19:56.0262 4060	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
21:19:56.0299 4060	usbhub - ok
21:19:56.0329 4060	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
21:19:56.0361 4060	usbohci - ok
21:19:56.0397 4060	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:19:56.0435 4060	usbprint - ok
21:19:56.0475 4060	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:19:56.0512 4060	usbscan - ok
21:19:56.0546 4060	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:19:56.0565 4060	USBSTOR - ok
21:19:56.0589 4060	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
21:19:56.0608 4060	usbuhci - ok
21:19:56.0665 4060	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
21:19:56.0698 4060	usbvideo - ok
21:19:56.0760 4060	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
21:19:56.0788 4060	vdrvroot - ok
21:19:56.0831 4060	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:19:56.0870 4060	vga - ok
21:19:56.0897 4060	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:19:56.0953 4060	VgaSave - ok
21:19:56.0997 4060	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
21:19:57.0029 4060	vhdmp - ok
21:19:57.0054 4060	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
21:19:57.0070 4060	viaide - ok
21:19:57.0093 4060	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
21:19:57.0109 4060	volmgr - ok
21:19:57.0149 4060	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
21:19:57.0170 4060	volmgrx - ok
21:19:57.0206 4060	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
21:19:57.0237 4060	volsnap - ok
21:19:57.0277 4060	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:19:57.0294 4060	vsmraid - ok
21:19:57.0326 4060	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:19:57.0347 4060	vwifibus - ok
21:19:57.0382 4060	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:19:57.0405 4060	vwififlt - ok
21:19:57.0446 4060	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:19:57.0478 4060	WacomPen - ok
21:19:57.0538 4060	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:19:57.0598 4060	WANARP - ok
21:19:57.0616 4060	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:19:57.0658 4060	Wanarpv6 - ok
21:19:57.0792 4060	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:19:57.0816 4060	Wd - ok
21:19:57.0886 4060	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:19:57.0926 4060	Wdf01000 - ok
21:19:58.0053 4060	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:19:58.0110 4060	WfpLwf - ok
21:19:58.0147 4060	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:19:58.0163 4060	WIMMount - ok
21:19:58.0330 4060	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
21:19:58.0368 4060	WinUsb - ok
21:19:58.0489 4060	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:19:58.0522 4060	WmiAcpi - ok
21:19:58.0612 4060	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:19:58.0675 4060	ws2ifsl - ok
21:19:58.0791 4060	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
21:19:58.0845 4060	WudfPf - ok
21:19:58.0961 4060	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
21:19:59.0041 4060	WUDFRd - ok
21:19:59.0114 4060	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:19:59.0237 4060	\Device\Harddisk0\DR0 - ok
21:19:59.0242 4060	Boot (0x1200)   (1ee21c7b77ed91c9058aeb55e9ecf476) \Device\Harddisk0\DR0\Partition0
21:19:59.0244 4060	\Device\Harddisk0\DR0\Partition0 - ok
21:19:59.0275 4060	Boot (0x1200)   (8fe53148daf8727d76a884b26cd7fcc9) \Device\Harddisk0\DR0\Partition1
21:19:59.0276 4060	\Device\Harddisk0\DR0\Partition1 - ok
21:19:59.0308 4060	Boot (0x1200)   (06d24fdd054d6596a2e2ce690049e3a2) \Device\Harddisk0\DR0\Partition2
21:19:59.0310 4060	\Device\Harddisk0\DR0\Partition2 - ok
21:19:59.0324 4060	Boot (0x1200)   (3be72d6f14c9e5ab3f9c2cbced562da9) \Device\Harddisk0\DR0\Partition3
21:19:59.0325 4060	\Device\Harddisk0\DR0\Partition3 - ok
21:19:59.0325 4060	============================================================
21:19:59.0326 4060	Scan finished
21:19:59.0326 4060	============================================================
21:19:59.0345 5892	Detected object count: 0
21:19:59.0345 5892	Actual detected object count: 0
21:26:41.0153 2316	Deinitialize success

Antwort
Seite 1 von 3 1 23

Themen zu failed save system 32, hilfe :(
absolut, ahnung, bildschirm, check, compu, computer, computern, erklären, failed, fehlermeldung, fenster, manager, offen, schwarze, system, system 32, system check, tagen, task manager, windows, windows 7


« Windows System wurde aus Sicherheitsgründen Blockiert! | Generic Backdoor!dxf Trojaner in C:\Windows\assembly\GAC_MSIL\Desktop.ini »


Ähnliche Themen: failed save system 32, hilfe :(


  1. windows system 32 hardware fehler: failed to save all components - wie symbole wiederherstellen?
    Log-Analyse und Auswertung - 02.04.2012 (3)
  2. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 30.03.2012 (13)
  3. Failed to save all the components
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (10)
  4. Failed to save all the components for the file \\System 32\\0000174e
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (3)
  5. Failed to save...32
    Alles rund um Windows - 21.01.2012 (2)
  6. System Check - Failed to save all the components for the file ... Trojaner oder Hardwarefehler?
    Log-Analyse und Auswertung - 10.01.2012 (6)
  7. Failed to save all components for the system.....
    Alles rund um Windows - 03.01.2012 (2)
  8. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  9. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428
    Log-Analyse und Auswertung - 15.11.2011 (35)
  10. Failed to save all the Components
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (9)
  11. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - St
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (16)
  12. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  13. failed to save all components to file system 32 0000198f this file is corrupted unreadable
    Log-Analyse und Auswertung - 11.11.2011 (24)
  14. Windows - Delayed Write Failed - Failed to save...
    Log-Analyse und Auswertung - 10.11.2011 (7)
  15. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  16. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  17. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema failed save system 32, hilfe :( - Hallo, ich habe Windows 7 und seit ein paar Tagen einen schwarzen Bildschirm und es kommt immer die Fehlermeldung failed save 32 System, außerdem ist ein Fenster System Check offen - failed save system 32, hilfe :(...
Archiv
Du betrachtest: failed save system 32, hilfe :( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55