"http://www.searchqu.com/406" Befall

kristiana · 30.01.2012, 13:17

Hallo, ich hab mir dieses "hxxp://www.searchqu.com/406" eingefangen.
Nach Lesen vieler Threads hier, habe ich bereits Malware, Eset und OTL laufen lassen und die Auswertungen vorliegen.
Es kommt wohl von einer toolbar "ilivid", die ungewollt installiert wurde...
Ganz vielen lieben Dank, wenn mir jemand helfen könnte, nach dem Lesen der Formsregeln hab ich mich nicht getraut, eine Kösung aus den anderen Posts umzusetzen (OTL Fix).

cosinus · 30.01.2012, 13:19

Ohne die Logs von Malwarebytes und Co wird das hier nichts.

Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

kristiana · 30.01.2012, 15:01

danke für deine Antwort, war mir nicht sicher, ob ich das alles gleich posten soll

Malware:

Code:

ATTFilter

  

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.30.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Anna :: ANNA-PC [Administrator]

Schutz: Aktiviert

30.01.2012 09:47:25
mbam-log-2012-01-30 (09-47-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176853
Laufzeit: 8 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Eset:

Code:

ATTFilter

  
C:\Program Files\FoxTabAVIConverter\AviConverter.exe	a variant of Win32/InstallCore.A application
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll	Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT4QYYFM\SetupDataMngr_Searchqu[1].exe	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe	a variant of Win32/SoftonicDownloader.A application
D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe	Win32/SoftonicDownloader application
Operating memory	a variant of Win32/Toolbar.SearchSuite application

kristiana · 30.01.2012, 15:07

und hier die OTL Logs:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/30/2012 12:21:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.00% Memory free
5.98 Gb Paging File | 4.25 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.51 Gb Total Space | 73.98 Gb Free Space | 59.41% Space Free | Partition Type: NTFS
Drive D: | 158.48 Gb Total Space | 108.60 Gb Free Space | 68.53% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/30 10:35:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Programmdateien\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/04 21:48:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 08:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/10 14:47:06 | 000,488,840 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/05 07:28:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 08:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/04 21:48:45 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/27 09:00:11 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/10 14:47:08 | 000,150,920 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2010/12/10 14:47:08 | 000,046,472 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2010/12/10 14:46:18 | 007,508,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2010/12/10 14:46:18 | 002,101,760 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2010/12/10 14:46:18 | 000,911,872 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2010/12/10 14:46:18 | 000,334,848 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/10 22:45:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/09 14:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/06/29 09:24:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 09:24:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/10 11:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/01/08 07:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/25 22:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/27 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 21:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 09:12:14 | 000,000,000 | ---D | M]
 
[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2012/01/10 18:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\d7fasik6.default\extensions
[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\d7fasik6.default\searchplugins\Search_Results.xml
[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/08 09:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/04 21:48:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/04 21:48:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/04 21:48:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/04 21:48:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/04 21:48:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/18 20:53:48 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/12/04 21:48:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/04 21:48:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{667C7950-A3FE-411C-8786-43D82AF892B9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/30 10:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/30 09:46:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012/01/30 09:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 09:45:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/30 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Apple Computer
[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple Computer
[2012/01/30 09:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/30 09:22:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple
[2012/01/30 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/12 20:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/10 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Ilivid Player
[2012/01/10 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/01/10 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Systweak
[2012/01/10 15:14:52 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/30 10:51:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/30 09:45:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 09:03:01 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/27 09:03:01 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/27 09:03:01 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/27 09:03:01 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/27 08:57:35 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
 
========== Files Created - No Company Name ==========
 
[2012/01/30 09:45:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/30 09:22:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/05 22:05:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/19 21:36:56 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2011/01/19 21:36:56 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2011/01/19 21:36:56 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2011/01/19 21:36:56 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2011/01/08 10:01:08 | 000,038,440 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010/09/24 20:04:12 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg
[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/05 23:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/05 23:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/05 23:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/05 23:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 06:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 05:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 05:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2010/01/07 16:18:52 | 000,040,588 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,429,856 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2007/04/06 23:26:10 | 000,011,264 | ---- | C] () -- C:\windows\System32\sssegfilter.dll
[2007/04/06 23:26:08 | 000,217,088 | ---- | C] () -- C:\windows\System32\ssminidriver.dll
[2007/04/06 23:26:08 | 000,027,136 | ---- | C] () -- C:\windows\System32\ssimgfilter.dll
[2007/04/06 23:26:06 | 000,010,752 | ---- | C] () -- C:\windows\System32\sserrhandler.dll
[2007/03/15 15:25:42 | 000,022,723 | ---- | C] () -- C:\windows\System32\wcpe12v3.dll
[2006/10/08 18:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor
[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn
[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft
[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak
[2011/05/22 20:50:05 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/09/18 06:26:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/03/05 05:25:32 | 000,000,000 | ---D | M] -- C:\Intel
[2010/09/18 20:24:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/03/01 18:52:18 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/01/30 10:25:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/30 09:45:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/09 20:46:41 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/01/30 12:25:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/09/09 20:47:53 | 000,000,000 | R--D | M] -- C:\Users
[2011/07/02 10:03:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011/04/25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010/11/20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009/10/06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-27 08:02:55
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\******.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

--- --- ---

Extras:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 1/30/2012 12:21:58 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.00% Memory free
5.98 Gb Paging File | 4.25 Gb Available in Paging File | 71.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.51 Gb Total Space | 73.98 Gb Free Space | 59.41% Space Free | Partition Type: NTFS
Drive D: | 158.48 Gb Total Space | 108.60 Gb Free Space | 68.53% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B0F1CBB-A317-4E2F-BF4E-F5947064DD25}" = BMWi-Updater
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CD4C30E-BD82-4592-B64A-8AD9784ECA9F}" = BMWi-Softwarepaket 10
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{525BA381-389C-4975-BDD3-C36DCF66D5BD}" = BMWi Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79846AA4-622E-5B48-18B2-02F53F423DFE}" = BMWi-Businessplaner Fuehren
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.3.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E24242E3-A4FF-FC3C-05F2-C83A9C821971}" = BMWi-Businessplaner Gruenden
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BMWi Updater" = BMWi Updater
"BMWiBusinessplanerFuehren" = BMWi-Businessplaner Fuehren
"BMWiBusinessplanerGruenden" = BMWi-Businessplaner Gruenden
"BMWi-Softwarepaket 10" = BMWi-Softwarepaket 10
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ifolor-OrderClient" = ifolor Bestellsoftware 3.7
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MyTomTom" = MyTomTom 3.0.1.203
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Warenwirtschaft" = BMWi - Warenwirtschaft
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/8/2011 6:38:36 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/8/2011 6:38:44 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\BMWi
 Updater\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\BMWi
 Updater\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 12/12/2011 10:08:18 AM | Computer Name = Anna-PC | Source = Application Hang | ID = 1002
Description = Programm Power2Go.exe, Version 6.0.0.3108 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 678    Startzeit: 
01ccb8d5f8a01b53    Endzeit: 51    Anwendungspfad: C:\Program Files\CyberLink\Power2Go\Power2Go.exe

Berichts-ID:
 b7b2f843-24ca-11e1-a514-00245485ac0b  
 
Error - 12/13/2011 9:00:25 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
 9\tbhsd\tools64\cleanup.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/13/2011 9:00:28 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\Updater\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\Updater\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 12/13/2011 9:00:32 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/13/2011 9:00:40 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
 9\tbhsd\tools64\uninstall.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/13/2011 9:00:43 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\RapidSolution\Audials
 9\tbhsd\tools64\install.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/13/2011 9:00:50 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/13/2011 9:00:57 AM | Computer Name = Anna-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\BMWi\BMWi
 Updater\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\BMWi\BMWi
 Updater\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
[ OSession Events ]
Error - 1/17/2011 4:52:36 PM | Computer Name = Anna-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1851
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/22/2011 6:42:32 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/22/2011 3:50:58 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/22/2011 3:58:11 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/22/2011 5:26:49 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/22/2011 5:31:53 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/23/2011 2:30:53 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/23/2011 9:38:07 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/25/2011 4:35:13 PM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/26/2011 2:35:35 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 9/26/2011 2:35:38 AM | Computer Name = Anna-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

--- --- ---

cosinus · 30.01.2012, 15:08

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

kristiana · 30.01.2012, 15:54

nein, das heute war zum ersten mal.

muss jetzt erstmal los, ich antworte spät heut abend wieder
danke!

cosinus · 30.01.2012, 16:05

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

kristiana · 31.01.2012, 14:51

Hallo, hat etwas gedauert, aber hier jetzt die neuen logs:

malware:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.30.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Anna :: ANNA-PC [Administrator]

Schutz: Aktiviert

30.01.2012 20:34:53
mbam-log-2012-01-30 (22-16-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378660
Laufzeit: 1 Stunde(n), 40 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

(Ende)

Eset:

Code:

ATTFilter

C:\Program Files\FoxTabAVIConverter\AviConverter.exe	a variant of Win32/InstallCore.A application
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll	Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KT4QYYFM\SetupDataMngr_Searchqu[1].exe	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\AppData\Local\Temp\SetupDataMngr_Searchqu.exe	a variant of Win32/Toolbar.SearchSuite application
C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe	a variant of Win32/SoftonicDownloader.A application
D:\$RECYCLE.BIN\S-1-5-21-2339853823-2107313754-116825072-1001\$RWCRCQP.exe	Win32/SoftonicDownloader application
Operating memory	a variant of Win32/Toolbar.SearchSuite application

Danke

cosinus · 31.01.2012, 15:21

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

kristiana · 31.01.2012, 20:14

guten abend,
hier das letzte log von OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/31/2012 3:50:40 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Programmdateien
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.30% Memory free
5.98 Gb Paging File | 4.60 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 124.51 Gb Total Space | 72.84 Gb Free Space | 58.50% Space Free | Partition Type: NTFS
Drive D: | 158.48 Gb Total Space | 108.38 Gb Free Space | 68.39% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-PC | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/30 10:35:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Programmdateien\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/07 08:08:30 | 000,216,064 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/10 14:47:06 | 000,488,840 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/05 07:28:09 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2010/01/14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/14 08:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/11/04 05:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/10 14:47:08 | 000,150,920 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2010/12/10 14:47:08 | 000,046,472 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2010/12/10 14:46:18 | 007,508,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2010/12/10 14:46:18 | 002,101,760 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2010/12/10 14:46:18 | 000,911,872 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2010/12/10 14:46:18 | 000,334,848 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2010/04/16 14:11:02 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2010/04/16 14:11:02 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/29 09:24:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 11:15:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/10 22:45:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/09 14:27:31 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011/06/29 09:24:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 09:24:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/10 11:43:18 | 001,271,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/01/08 07:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/25 22:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/06/27 15:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/01 15:41:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/04 21:48:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/30 09:12:14 | 000,000,000 | ---D | M]
 
[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2012/01/30 13:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\d7fasik6.default\extensions
[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\d7fasik6.default\searchplugins\Search_Results.xml
[2012/01/30 10:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/11/08 09:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/04 21:48:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/04 21:48:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/04 21:48:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/04 21:48:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/04 21:48:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/18 20:53:48 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/10 15:20:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/12/04 21:48:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/12/04 21:48:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{667C7950-A3FE-411C-8786-43D82AF892B9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MyTomTomSA.exe - hkey= - key= - C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - 
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/30 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\ElevatedDiagnostics
[2012/01/30 15:09:31 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/01/30 10:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/30 09:46:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012/01/30 09:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 09:45:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/30 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Apple Computer
[2012/01/30 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple Computer
[2012/01/30 09:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/30 09:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/30 09:22:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Apple
[2012/01/30 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/30 09:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/12 20:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/01/10 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Ilivid Player
[2012/01/10 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/01/10 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Systweak
[2012/01/10 15:14:52 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\windows\System32\roboot.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/31 13:29:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/30 14:45:51 | 000,186,182 | ---- | M] () -- C:\Users\Anna\Documents\Pole emploi jan2012 Unidialog_0639922T_1327931056769.pdf
[2012/01/30 09:45:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 20:45:16 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 09:03:01 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/27 09:03:01 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/27 09:03:01 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/27 09:03:01 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/27 08:57:35 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
 
========== Files Created - No Company Name ==========
 
[2012/01/30 14:45:51 | 000,186,182 | ---- | C] () -- C:\Users\Anna\Documents\Pole emploi jan2012 Unidialog_0639922T_1327931056769.pdf
[2012/01/30 09:45:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/30 09:22:52 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/05 22:05:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/19 21:36:56 | 000,000,812 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat
[2011/01/19 21:36:56 | 000,000,541 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat
[2011/01/19 21:36:56 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat
[2011/01/19 21:36:56 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat
[2011/01/08 10:01:08 | 000,038,440 | ---- | C] () -- C:\Users\Anna\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010/09/24 20:04:12 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg
[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/05 23:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/05 23:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/05 23:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/05 23:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 06:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 05:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 05:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2010/01/07 16:18:52 | 000,040,588 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,429,856 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat
[2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat
[2007/04/06 23:26:10 | 000,011,264 | ---- | C] () -- C:\windows\System32\sssegfilter.dll
[2007/04/06 23:26:08 | 000,217,088 | ---- | C] () -- C:\windows\System32\ssminidriver.dll
[2007/04/06 23:26:08 | 000,027,136 | ---- | C] () -- C:\windows\System32\ssimgfilter.dll
[2007/04/06 23:26:06 | 000,010,752 | ---- | C] () -- C:\windows\System32\sserrhandler.dll
[2007/03/15 15:25:42 | 000,022,723 | ---- | C] () -- C:\windows\System32\wcpe12v3.dll
[2006/10/08 18:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor
[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn
[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft
[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak
[2011/05/22 20:50:05 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/05/16 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Adobe
[2012/01/31 13:32:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Apple Computer
[2010/09/26 20:11:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Avira
[2011/11/30 20:36:08 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\CyberLink
[2011/03/14 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVD Flick
[2010/09/10 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Google
[2010/09/09 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Identities
[2011/02/07 13:51:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ifolor
[2011/03/01 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ImgBurn
[2010/10/07 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Macromedia
[2012/01/30 09:46:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2010/03/05 23:03:20 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Media Center Programs
[2011/09/12 08:56:09 | 000,000,000 | --SD | M] -- C:\Users\Anna\AppData\Roaming\Microsoft
[2010/09/10 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla
[2012/01/30 10:06:28 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Skype
[2011/07/18 08:10:44 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\skypePM
[2011/02/21 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Summitsoft
[2012/01/12 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Systweak
[2011/03/21 20:19:13 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/05/16 11:51:24 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/05/17 13:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/11/20 06:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\drivers\iaStor.sys
[2009/11/20 06:59:26 | 000,432,664 | ---- | M] (Intel Corporation) MD5=EDF5ECC965FAAA533D35E02F47B9132E -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_a3da184953a37ce8\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

--- --- ---

kristiana · 31.01.2012, 20:32

normalerweise downloade ich bei chip.de oder pcwelt.de, wer weiß was ich da gesucht hab

cosinus · 31.01.2012, 21:42

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q="
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2010/09/09 20:49:41 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
@Alternate Data Stream - 172 bytes -> C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b
:Files
C:\Program Files\Windows iLivid Toolbar
C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

kristiana · 01.02.2012, 11:38

Hallo, hier das neue Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Process Rezip.exe killed successfully!
Service Rezip stopped successfully!
Service Rezip deleted successfully!
C:\Windows\System32\Rezip.exe moved successfully.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=174&systemid=406&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
Unable to delete ADS C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b .
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
C:\Users\Anna\Documents\Programme\SoftonicDownloader_fuer_logo-design-studio.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anna
->Temp folder emptied: 153987547 bytes
->Temporary Internet Files folder emptied: 140673510 bytes
->Java cache emptied: 1103090 bytes
->FireFox cache emptied: 1053883856 bytes
->Flash cache emptied: 90090 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 290491884 bytes
RecycleBin emptied: 4595871352 bytes
 
Total Files Cleaned = 5,947.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02012012_111337

Files\Folders moved on Reboot...
File\Folder C:\Users\Anna\AppData\Local\Temp\WER50A3.tmp.resp.erc.xml not found!
File\Folder C:\Users\Anna\AppData\Local\Temp\WER50A4.tmp.resp not found!

Registry entries deleted on Reboot...

Hallo, hab gesehen, das das eine Bild nicht gelöscht wurde, kann ich das von Hand machen?

Code:

ATTFilter

Unable to delete ADS C:\Users\Anna\Documents\**********.jpeg:3or4kl4x13tuuug3Byamue2s4b .

cosinus · 01.02.2012, 12:06

Nicht das Bild, sondern der ADS sollte gelöscht werden.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

kristiana · 01.02.2012, 12:23

Kapersky hat nix gefunden:

Code:

ATTFilter

12:18:11.0976 2724	TDSS rootkit removing tool 2.7.9.0 Feb  1 2012 09:28:49
12:18:12.0272 2724	============================================================
12:18:12.0272 2724	Current date / time: 2012/02/01 12:18:12.0272
12:18:12.0272 2724	SystemInfo:
12:18:12.0272 2724	
12:18:12.0272 2724	OS Version: 6.1.7601 ServicePack: 1.0
12:18:12.0272 2724	Product type: Workstation
12:18:12.0272 2724	ComputerName: ANNA-PC
12:18:12.0272 2724	UserName: Anna
12:18:12.0272 2724	Windows directory: C:\windows
12:18:12.0272 2724	System windows directory: C:\windows
12:18:12.0272 2724	Processor architecture: Intel x86
12:18:12.0272 2724	Number of processors: 4
12:18:12.0272 2724	Page size: 0x1000
12:18:12.0272 2724	Boot type: Normal boot
12:18:12.0272 2724	============================================================
12:18:12.0990 2724	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:18:13.0005 2724	\Device\Harddisk0\DR0:
12:18:13.0005 2724	MBR used
12:18:13.0005 2724	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
12:18:13.0005 2724	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xF907000
12:18:13.0005 2724	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1173A000, BlocksNum 0x13CF4000
12:18:13.0068 2724	Initialize success
12:18:13.0068 2724	============================================================
12:18:58.0513 3712	============================================================
12:18:58.0513 3712	Scan started
12:18:58.0513 3712	Mode: Manual; 
12:18:58.0513 3712	============================================================
12:18:59.0355 3712	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
12:18:59.0355 3712	1394ohci - ok
12:18:59.0417 3712	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
12:18:59.0417 3712	ACPI - ok
12:18:59.0542 3712	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
12:18:59.0542 3712	AcpiPmi - ok
12:18:59.0620 3712	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
12:18:59.0636 3712	adp94xx - ok
12:18:59.0729 3712	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
12:18:59.0729 3712	adpahci - ok
12:18:59.0792 3712	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
12:18:59.0792 3712	adpu320 - ok
12:18:59.0917 3712	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
12:18:59.0932 3712	AFD - ok
12:18:59.0995 3712	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
12:18:59.0995 3712	agp440 - ok
12:19:00.0073 3712	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
12:19:00.0088 3712	aic78xx - ok
12:19:00.0197 3712	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
12:19:00.0197 3712	aliide - ok
12:19:00.0260 3712	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
12:19:00.0260 3712	amdagp - ok
12:19:00.0353 3712	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
12:19:00.0353 3712	amdide - ok
12:19:00.0416 3712	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
12:19:00.0416 3712	AmdK8 - ok
12:19:00.0509 3712	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
12:19:00.0525 3712	AmdPPM - ok
12:19:00.0556 3712	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
12:19:00.0556 3712	amdsata - ok
12:19:00.0650 3712	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
12:19:00.0665 3712	amdsbs - ok
12:19:00.0697 3712	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
12:19:00.0697 3712	amdxata - ok
12:19:00.0884 3712	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
12:19:00.0884 3712	AppID - ok
12:19:01.0009 3712	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
12:19:01.0009 3712	arc - ok
12:19:01.0040 3712	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
12:19:01.0040 3712	arcsas - ok
12:19:01.0149 3712	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
12:19:01.0149 3712	AsyncMac - ok
12:19:01.0196 3712	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
12:19:01.0211 3712	atapi - ok
12:19:01.0336 3712	athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
12:19:01.0352 3712	athr - ok
12:19:01.0477 3712	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
12:19:01.0492 3712	avgntflt - ok
12:19:01.0617 3712	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
12:19:01.0617 3712	avipbb - ok
12:19:01.0742 3712	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
12:19:01.0757 3712	b06bdrv - ok
12:19:01.0867 3712	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
12:19:01.0882 3712	b57nd60x - ok
12:19:01.0929 3712	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
12:19:01.0929 3712	Beep - ok
12:19:02.0054 3712	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
12:19:02.0054 3712	blbdrive - ok
12:19:02.0179 3712	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
12:19:02.0179 3712	bowser - ok
12:19:02.0241 3712	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:19:02.0241 3712	BrFiltLo - ok
12:19:02.0350 3712	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:19:02.0350 3712	BrFiltUp - ok
12:19:02.0397 3712	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
12:19:02.0413 3712	Brserid - ok
12:19:02.0491 3712	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
12:19:02.0506 3712	BrSerWdm - ok
12:19:02.0522 3712	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
12:19:02.0522 3712	BrUsbMdm - ok
12:19:02.0553 3712	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
12:19:02.0553 3712	BrUsbSer - ok
12:19:02.0662 3712	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
12:19:02.0662 3712	BthEnum - ok
12:19:02.0709 3712	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
12:19:02.0709 3712	BTHMODEM - ok
12:19:02.0803 3712	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
12:19:02.0803 3712	BthPan - ok
12:19:02.0943 3712	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
12:19:02.0943 3712	BTHPORT - ok
12:19:03.0068 3712	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
12:19:03.0068 3712	BTHUSB - ok
12:19:03.0115 3712	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
12:19:03.0115 3712	cdfs - ok
12:19:03.0239 3712	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
12:19:03.0239 3712	cdrom - ok
12:19:03.0349 3712	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
12:19:03.0349 3712	circlass - ok
12:19:03.0395 3712	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
12:19:03.0395 3712	CLFS - ok
12:19:03.0489 3712	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
12:19:03.0489 3712	CmBatt - ok
12:19:03.0505 3712	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
12:19:03.0505 3712	cmdide - ok
12:19:03.0598 3712	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
12:19:03.0614 3712	CNG - ok
12:19:03.0676 3712	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
12:19:03.0676 3712	Compbatt - ok
12:19:03.0754 3712	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
12:19:03.0754 3712	CompositeBus - ok
12:19:03.0817 3712	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
12:19:03.0817 3712	crcdisk - ok
12:19:03.0910 3712	CryptOSD        (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
12:19:03.0926 3712	CryptOSD - ok
12:19:04.0051 3712	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
12:19:04.0051 3712	DfsC - ok
12:19:04.0097 3712	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
12:19:04.0097 3712	discache - ok
12:19:04.0175 3712	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
12:19:04.0175 3712	Disk - ok
12:19:04.0222 3712	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
12:19:04.0222 3712	drmkaud - ok
12:19:04.0269 3712	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
12:19:04.0285 3712	DXGKrnl - ok
12:19:04.0456 3712	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
12:19:04.0487 3712	ebdrv - ok
12:19:04.0612 3712	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
12:19:04.0628 3712	elxstor - ok
12:19:04.0721 3712	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
12:19:04.0721 3712	ErrDev - ok
12:19:04.0815 3712	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
12:19:04.0815 3712	exfat - ok
12:19:04.0862 3712	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
12:19:04.0862 3712	fastfat - ok
12:19:04.0987 3712	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
12:19:04.0987 3712	fdc - ok
12:19:05.0033 3712	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
12:19:05.0033 3712	FileInfo - ok
12:19:05.0049 3712	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
12:19:05.0049 3712	Filetrace - ok
12:19:05.0158 3712	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
12:19:05.0158 3712	flpydisk - ok
12:19:05.0189 3712	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
12:19:05.0205 3712	FltMgr - ok
12:19:05.0299 3712	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
12:19:05.0299 3712	FsDepends - ok
12:19:05.0345 3712	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
12:19:05.0345 3712	fssfltr - ok
12:19:05.0455 3712	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
12:19:05.0455 3712	Fs_Rec - ok
12:19:05.0517 3712	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
12:19:05.0517 3712	fvevol - ok
12:19:05.0611 3712	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
12:19:05.0611 3712	gagp30kx - ok
12:19:05.0689 3712	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:19:05.0689 3712	GEARAspiWDM - ok
12:19:05.0798 3712	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
12:19:05.0798 3712	hcw85cir - ok
12:19:05.0860 3712	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
12:19:05.0876 3712	HdAudAddService - ok
12:19:05.0969 3712	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
12:19:05.0969 3712	HDAudBus - ok
12:19:06.0001 3712	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
12:19:06.0001 3712	HidBatt - ok
12:19:06.0047 3712	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
12:19:06.0047 3712	HidBth - ok
12:19:06.0125 3712	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
12:19:06.0125 3712	HidIr - ok
12:19:06.0203 3712	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
12:19:06.0203 3712	HidUsb - ok
12:19:06.0281 3712	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
12:19:06.0281 3712	HpSAMD - ok
12:19:06.0359 3712	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
12:19:06.0375 3712	HTTP - ok
12:19:06.0469 3712	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
12:19:06.0469 3712	hwpolicy - ok
12:19:06.0578 3712	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
12:19:06.0578 3712	i8042prt - ok
12:19:06.0609 3712	iaStor          (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys
12:19:06.0625 3712	iaStor - ok
12:19:06.0718 3712	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
12:19:06.0734 3712	iaStorV - ok
12:19:06.0905 3712	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
12:19:07.0030 3712	igfx - ok
12:19:07.0139 3712	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
12:19:07.0139 3712	iirsp - ok
12:19:07.0264 3712	Impcd           (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys
12:19:07.0264 3712	Impcd - ok
12:19:07.0451 3712	IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
12:19:07.0529 3712	IntcAzAudAddService - ok
12:19:07.0639 3712	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
12:19:07.0639 3712	intelide - ok
12:19:07.0670 3712	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
12:19:07.0670 3712	intelppm - ok
12:19:07.0763 3712	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:19:07.0779 3712	IpFilterDriver - ok
12:19:07.0810 3712	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
12:19:07.0810 3712	IPMIDRV - ok
12:19:07.0904 3712	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
12:19:07.0904 3712	IPNAT - ok
12:19:07.0935 3712	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
12:19:07.0935 3712	IRENUM - ok
12:19:08.0044 3712	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
12:19:08.0044 3712	isapnp - ok
12:19:08.0075 3712	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
12:19:08.0075 3712	iScsiPrt - ok
12:19:08.0185 3712	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
12:19:08.0185 3712	kbdclass - ok
12:19:08.0216 3712	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
12:19:08.0216 3712	kbdhid - ok
12:19:08.0325 3712	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
12:19:08.0325 3712	KSecDD - ok
12:19:08.0341 3712	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
12:19:08.0356 3712	KSecPkg - ok
12:19:08.0465 3712	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
12:19:08.0465 3712	lltdio - ok
12:19:08.0512 3712	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
12:19:08.0512 3712	LSI_FC - ok
12:19:08.0606 3712	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
12:19:08.0621 3712	LSI_SAS - ok
12:19:08.0668 3712	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:19:08.0668 3712	LSI_SAS2 - ok
12:19:08.0731 3712	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:19:08.0746 3712	LSI_SCSI - ok
12:19:08.0762 3712	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
12:19:08.0762 3712	luafv - ok
12:19:08.0824 3712	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
12:19:08.0824 3712	MBAMProtector - ok
12:19:08.0949 3712	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
12:19:08.0949 3712	megasas - ok
12:19:09.0011 3712	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
12:19:09.0011 3712	MegaSR - ok
12:19:09.0089 3712	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
12:19:09.0089 3712	Modem - ok
12:19:09.0152 3712	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
12:19:09.0152 3712	monitor - ok
12:19:09.0214 3712	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
12:19:09.0214 3712	mouclass - ok
12:19:09.0292 3712	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
12:19:09.0292 3712	mouhid - ok
12:19:09.0386 3712	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
12:19:09.0386 3712	mountmgr - ok
12:19:09.0433 3712	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
12:19:09.0433 3712	mpio - ok
12:19:09.0464 3712	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
12:19:09.0464 3712	mpsdrv - ok
12:19:09.0573 3712	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
12:19:09.0573 3712	MRxDAV - ok
12:19:09.0620 3712	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
12:19:09.0620 3712	mrxsmb - ok
12:19:09.0698 3712	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:19:09.0713 3712	mrxsmb10 - ok
12:19:09.0776 3712	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:19:09.0776 3712	mrxsmb20 - ok
12:19:09.0838 3712	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
12:19:09.0838 3712	msahci - ok
12:19:09.0885 3712	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
12:19:09.0885 3712	msdsm - ok
12:19:09.0963 3712	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
12:19:09.0963 3712	Msfs - ok
12:19:09.0994 3712	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
12:19:09.0994 3712	mshidkmdf - ok
12:19:10.0010 3712	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
12:19:10.0025 3712	msisadrv - ok
12:19:10.0103 3712	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
12:19:10.0103 3712	MSKSSRV - ok
12:19:10.0150 3712	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
12:19:10.0150 3712	MSPCLOCK - ok
12:19:10.0228 3712	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
12:19:10.0228 3712	MSPQM - ok
12:19:10.0259 3712	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
12:19:10.0275 3712	MsRPC - ok
12:19:10.0306 3712	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
12:19:10.0306 3712	mssmbios - ok
12:19:10.0384 3712	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
12:19:10.0384 3712	MSTEE - ok
12:19:10.0415 3712	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
12:19:10.0415 3712	MTConfig - ok
12:19:10.0431 3712	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
12:19:10.0431 3712	Mup - ok
12:19:10.0525 3712	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
12:19:10.0525 3712	NativeWifiP - ok
12:19:10.0634 3712	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
12:19:10.0634 3712	NDIS - ok
12:19:10.0743 3712	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
12:19:10.0743 3712	NdisCap - ok
12:19:10.0852 3712	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
12:19:10.0852 3712	NdisTapi - ok
12:19:10.0977 3712	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
12:19:10.0977 3712	Ndisuio - ok
12:19:11.0039 3712	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
12:19:11.0039 3712	NdisWan - ok
12:19:11.0149 3712	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
12:19:11.0149 3712	NDProxy - ok
12:19:11.0195 3712	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
12:19:11.0195 3712	NetBIOS - ok
12:19:11.0320 3712	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
12:19:11.0320 3712	NetBT - ok
12:19:11.0429 3712	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
12:19:11.0429 3712	nfrd960 - ok
12:19:11.0461 3712	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
12:19:11.0461 3712	Npfs - ok
12:19:11.0570 3712	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
12:19:11.0570 3712	nsiproxy - ok
12:19:11.0632 3712	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
12:19:11.0663 3712	Ntfs - ok
12:19:11.0741 3712	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
12:19:11.0741 3712	Null - ok
12:19:11.0835 3712	NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys
12:19:11.0835 3712	NVHDA - ok
12:19:12.0147 3712	nvlddmkm        (006aa27afb7079787d5fd2b4b691c4f6) C:\windows\system32\DRIVERS\nvlddmkm.sys
12:19:12.0412 3712	nvlddmkm - ok
12:19:12.0537 3712	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
12:19:12.0537 3712	nvraid - ok
12:19:12.0553 3712	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
12:19:12.0553 3712	nvstor - ok
12:19:12.0677 3712	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
12:19:12.0677 3712	nv_agp - ok
12:19:12.0709 3712	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
12:19:12.0709 3712	ohci1394 - ok
12:19:12.0849 3712	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
12:19:12.0849 3712	Parport - ok
12:19:12.0911 3712	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
12:19:12.0911 3712	partmgr - ok
12:19:13.0005 3712	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
12:19:13.0005 3712	Parvdm - ok
12:19:13.0036 3712	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
12:19:13.0036 3712	pci - ok
12:19:13.0114 3712	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
12:19:13.0130 3712	pciide - ok
12:19:13.0145 3712	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
12:19:13.0145 3712	pcmcia - ok
12:19:13.0239 3712	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
12:19:13.0239 3712	pcw - ok
12:19:13.0270 3712	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
12:19:13.0286 3712	PEAUTH - ok
12:19:13.0426 3712	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
12:19:13.0426 3712	PptpMiniport - ok
12:19:13.0442 3712	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
12:19:13.0442 3712	Processor - ok
12:19:13.0551 3712	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
12:19:13.0551 3712	Psched - ok
12:19:13.0613 3712	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
12:19:13.0629 3712	ql2300 - ok
12:19:13.0723 3712	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
12:19:13.0738 3712	ql40xx - ok
12:19:13.0754 3712	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
12:19:13.0754 3712	QWAVEdrv - ok
12:19:13.0785 3712	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
12:19:13.0785 3712	RasAcd - ok
12:19:13.0863 3712	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
12:19:13.0863 3712	RasAgileVpn - ok
12:19:13.0910 3712	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
12:19:13.0910 3712	Rasl2tp - ok
12:19:14.0003 3712	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
12:19:14.0003 3712	RasPppoe - ok
12:19:14.0035 3712	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
12:19:14.0035 3712	RasSstp - ok
12:19:14.0081 3712	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
12:19:14.0081 3712	rdbss - ok
12:19:14.0159 3712	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
12:19:14.0159 3712	rdpbus - ok
12:19:14.0206 3712	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
12:19:14.0206 3712	RDPCDD - ok
12:19:14.0300 3712	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
12:19:14.0300 3712	RDPENCDD - ok
12:19:14.0331 3712	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
12:19:14.0331 3712	RDPREFMP - ok
12:19:14.0393 3712	RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
12:19:14.0393 3712	RDPWD - ok
12:19:14.0518 3712	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
12:19:14.0518 3712	rdyboost - ok
12:19:14.0581 3712	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
12:19:14.0581 3712	RFCOMM - ok
12:19:14.0705 3712	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
12:19:14.0705 3712	rspndr - ok
12:19:14.0737 3712	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
12:19:14.0737 3712	RTL8167 - ok
12:19:14.0861 3712	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
12:19:14.0861 3712	SABI - ok
12:19:14.0893 3712	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
12:19:14.0893 3712	sbp2port - ok
12:19:15.0002 3712	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
12:19:15.0002 3712	scfilter - ok
12:19:15.0127 3712	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
12:19:15.0127 3712	secdrv - ok
12:19:15.0251 3712	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
12:19:15.0251 3712	Serenum - ok
12:19:15.0267 3712	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
12:19:15.0283 3712	Serial - ok
12:19:15.0376 3712	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
12:19:15.0376 3712	sermouse - ok
12:19:15.0407 3712	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
12:19:15.0407 3712	sffdisk - ok
12:19:15.0423 3712	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
12:19:15.0423 3712	sffp_mmc - ok
12:19:15.0454 3712	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
12:19:15.0454 3712	sffp_sd - ok
12:19:15.0563 3712	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
12:19:15.0563 3712	sfloppy - ok
12:19:15.0595 3712	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
12:19:15.0610 3712	sisagp - ok
12:19:15.0704 3712	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:19:15.0704 3712	SiSRaid2 - ok
12:19:15.0719 3712	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
12:19:15.0719 3712	SiSRaid4 - ok
12:19:15.0766 3712	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
12:19:15.0766 3712	Smb - ok
12:19:15.0860 3712	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
12:19:15.0860 3712	spldr - ok
12:19:15.0938 3712	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
12:19:15.0938 3712	srv - ok
12:19:16.0000 3712	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
12:19:16.0016 3712	srv2 - ok
12:19:16.0078 3712	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
12:19:16.0078 3712	srvnet - ok
12:19:16.0172 3712	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
12:19:16.0172 3712	ssmdrv - ok
12:19:16.0234 3712	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
12:19:16.0234 3712	stexstor - ok
12:19:16.0343 3712	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
12:19:16.0343 3712	swenum - ok
12:19:16.0468 3712	SynTP           (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
12:19:16.0484 3712	SynTP - ok
12:19:16.0624 3712	tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\windows\system32\drivers\tbhsd.sys
12:19:16.0624 3712	tbhsd - ok
12:19:16.0687 3712	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
12:19:16.0718 3712	Tcpip - ok
12:19:16.0827 3712	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
12:19:16.0843 3712	TCPIP6 - ok
12:19:16.0983 3712	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
12:19:16.0983 3712	tcpipreg - ok
12:19:17.0045 3712	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
12:19:17.0045 3712	TDPIPE - ok
12:19:17.0155 3712	TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
12:19:17.0155 3712	TDTCP - ok
12:19:17.0217 3712	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
12:19:17.0217 3712	tdx - ok
12:19:17.0311 3712	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
12:19:17.0311 3712	TermDD - ok
12:19:17.0467 3712	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
12:19:17.0467 3712	tssecsrv - ok
12:19:17.0591 3712	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
12:19:17.0591 3712	TsUsbFlt - ok
12:19:17.0669 3712	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
12:19:17.0669 3712	tunnel - ok
12:19:17.0747 3712	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
12:19:17.0747 3712	uagp35 - ok
12:19:17.0810 3712	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
12:19:17.0810 3712	udfs - ok
12:19:17.0919 3712	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
12:19:17.0919 3712	uliagpkx - ok
12:19:17.0966 3712	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
12:19:17.0981 3712	umbus - ok
12:19:18.0044 3712	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
12:19:18.0044 3712	UmPass - ok
12:19:18.0106 3712	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
12:19:18.0106 3712	usbccgp - ok
12:19:18.0184 3712	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
12:19:18.0184 3712	usbcir - ok
12:19:18.0231 3712	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
12:19:18.0231 3712	usbehci - ok
12:19:18.0325 3712	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
12:19:18.0340 3712	usbhub - ok
12:19:18.0403 3712	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
12:19:18.0403 3712	usbohci - ok
12:19:18.0481 3712	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
12:19:18.0481 3712	usbprint - ok
12:19:18.0527 3712	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
12:19:18.0543 3712	usbscan - ok
12:19:18.0605 3712	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:19:18.0621 3712	USBSTOR - ok
12:19:18.0652 3712	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
12:19:18.0652 3712	usbuhci - ok
12:19:18.0730 3712	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
12:19:18.0730 3712	usbvideo - ok
12:19:18.0793 3712	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
12:19:18.0793 3712	usb_rndisx - ok
12:19:18.0871 3712	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
12:19:18.0871 3712	vdrvroot - ok
12:19:18.0933 3712	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
12:19:18.0933 3712	vga - ok
12:19:18.0995 3712	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
12:19:18.0995 3712	VgaSave - ok
12:19:19.0042 3712	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
12:19:19.0042 3712	vhdmp - ok
12:19:19.0120 3712	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
12:19:19.0136 3712	viaagp - ok
12:19:19.0183 3712	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
12:19:19.0183 3712	ViaC7 - ok
12:19:19.0245 3712	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
12:19:19.0245 3712	viaide - ok
12:19:19.0292 3712	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
12:19:19.0307 3712	volmgr - ok
12:19:19.0370 3712	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
12:19:19.0370 3712	volmgrx - ok
12:19:19.0432 3712	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
12:19:19.0432 3712	volsnap - ok
12:19:19.0510 3712	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
12:19:19.0510 3712	vsmraid - ok
12:19:19.0557 3712	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
12:19:19.0557 3712	vwifibus - ok
12:19:19.0619 3712	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
12:19:19.0635 3712	vwififlt - ok
12:19:19.0744 3712	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
12:19:19.0744 3712	WacomPen - ok
12:19:19.0838 3712	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:19:19.0853 3712	WANARP - ok
12:19:19.0853 3712	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:19:19.0853 3712	Wanarpv6 - ok
12:19:19.0978 3712	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
12:19:19.0978 3712	Wd - ok
12:19:20.0009 3712	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
12:19:20.0009 3712	Wdf01000 - ok
12:19:20.0134 3712	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
12:19:20.0150 3712	WfpLwf - ok
12:19:20.0165 3712	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
12:19:20.0165 3712	WIMMount - ok
12:19:20.0321 3712	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
12:19:20.0321 3712	WinUsb - ok
12:19:20.0353 3712	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
12:19:20.0353 3712	WmiAcpi - ok
12:19:20.0431 3712	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
12:19:20.0431 3712	ws2ifsl - ok
12:19:20.0509 3712	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
12:19:20.0509 3712	WudfPf - ok
12:19:20.0555 3712	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
12:19:20.0571 3712	WUDFRd - ok
12:19:20.0665 3712	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
12:19:20.0665 3712	yukonw7 - ok
12:19:20.0774 3712	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
12:19:21.0429 3712	\Device\Harddisk0\DR0 - ok
12:19:21.0429 3712	Boot (0x1200)   (21ca5d1e9d7b400a90e47c6eb81dade8) \Device\Harddisk0\DR0\Partition0
12:19:21.0445 3712	\Device\Harddisk0\DR0\Partition0 - ok
12:19:21.0445 3712	Boot (0x1200)   (bc19836cb0898fba2148318ec0e91a5f) \Device\Harddisk0\DR0\Partition1
12:19:21.0445 3712	\Device\Harddisk0\DR0\Partition1 - ok
12:19:21.0476 3712	Boot (0x1200)   (3c8a9eeb3e2c6325903218d7528bb664) \Device\Harddisk0\DR0\Partition2
12:19:21.0476 3712	\Device\Harddisk0\DR0\Partition2 - ok
12:19:21.0476 3712	============================================================
12:19:21.0476 3712	Scan finished
12:19:21.0476 3712	============================================================
12:19:21.0491 3644	Detected object count: 0
12:19:21.0491 3644	Actual detected object count: 0
12:21:07.0213 3936	============================================================
12:21:07.0213 3936	Scan started
12:21:07.0213 3936	Mode: Manual; SigCheck; TDLFS; 
12:21:07.0213 3936	============================================================
12:21:07.0478 3936	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
12:21:07.0618 3936	1394ohci - ok
12:21:07.0728 3936	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
12:21:07.0759 3936	ACPI - ok
12:21:07.0774 3936	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
12:21:07.0852 3936	AcpiPmi - ok
12:21:07.0977 3936	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
12:21:08.0008 3936	adp94xx - ok
12:21:08.0102 3936	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
12:21:08.0133 3936	adpahci - ok
12:21:08.0164 3936	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
12:21:08.0196 3936	adpu320 - ok
12:21:08.0289 3936	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
12:21:08.0352 3936	AFD - ok
12:21:08.0445 3936	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
12:21:08.0461 3936	agp440 - ok
12:21:08.0508 3936	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
12:21:08.0523 3936	aic78xx - ok
12:21:08.0617 3936	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
12:21:08.0632 3936	aliide - ok
12:21:08.0664 3936	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
12:21:08.0679 3936	amdagp - ok
12:21:08.0773 3936	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
12:21:08.0788 3936	amdide - ok
12:21:08.0820 3936	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
12:21:08.0898 3936	AmdK8 - ok
12:21:08.0991 3936	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
12:21:09.0038 3936	AmdPPM - ok
12:21:09.0147 3936	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
12:21:09.0163 3936	amdsata - ok
12:21:09.0194 3936	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
12:21:09.0210 3936	amdsbs - ok
12:21:09.0303 3936	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
12:21:09.0334 3936	amdxata - ok
12:21:09.0397 3936	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
12:21:09.0522 3936	AppID - ok
12:21:09.0631 3936	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
12:21:09.0662 3936	arc - ok
12:21:09.0678 3936	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
12:21:09.0709 3936	arcsas - ok
12:21:09.0724 3936	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
12:21:09.0849 3936	AsyncMac - ok
12:21:09.0943 3936	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
12:21:09.0974 3936	atapi - ok
12:21:10.0036 3936	athr            (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
12:21:10.0114 3936	athr - ok
12:21:10.0224 3936	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
12:21:10.0270 3936	avgntflt - ok
12:21:10.0302 3936	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
12:21:10.0317 3936	avipbb - ok
12:21:10.0364 3936	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
12:21:10.0426 3936	b06bdrv - ok
12:21:10.0520 3936	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
12:21:10.0567 3936	b57nd60x - ok
12:21:10.0598 3936	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
12:21:10.0676 3936	Beep - ok
12:21:10.0770 3936	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
12:21:10.0801 3936	blbdrive - ok
12:21:10.0848 3936	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
12:21:10.0894 3936	bowser - ok
12:21:10.0988 3936	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:21:11.0050 3936	BrFiltLo - ok
12:21:11.0160 3936	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:21:11.0222 3936	BrFiltUp - ok
12:21:11.0331 3936	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
12:21:11.0394 3936	Brserid - ok
12:21:11.0472 3936	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
12:21:11.0518 3936	BrSerWdm - ok
12:21:11.0534 3936	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
12:21:11.0581 3936	BrUsbMdm - ok
12:21:11.0674 3936	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
12:21:11.0721 3936	BrUsbSer - ok
12:21:11.0752 3936	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
12:21:11.0815 3936	BthEnum - ok
12:21:11.0908 3936	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
12:21:11.0955 3936	BTHMODEM - ok
12:21:11.0986 3936	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
12:21:12.0033 3936	BthPan - ok
12:21:12.0127 3936	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
12:21:12.0189 3936	BTHPORT - ok
12:21:12.0283 3936	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
12:21:12.0314 3936	BTHUSB - ok
12:21:12.0408 3936	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
12:21:12.0470 3936	cdfs - ok
12:21:12.0501 3936	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
12:21:12.0548 3936	cdrom - ok
12:21:12.0626 3936	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
12:21:12.0673 3936	circlass - ok
12:21:12.0720 3936	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
12:21:12.0751 3936	CLFS - ok
12:21:12.0829 3936	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
12:21:12.0860 3936	CmBatt - ok
12:21:12.0891 3936	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
12:21:12.0907 3936	cmdide - ok
12:21:13.0000 3936	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
12:21:13.0047 3936	CNG - ok
12:21:13.0125 3936	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
12:21:13.0156 3936	Compbatt - ok
12:21:13.0188 3936	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
12:21:13.0234 3936	CompositeBus - ok
12:21:13.0312 3936	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
12:21:13.0328 3936	crcdisk - ok
12:21:13.0406 3936	CryptOSD        (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
12:21:13.0453 3936	CryptOSD - ok
12:21:13.0531 3936	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
12:21:13.0609 3936	DfsC - ok
12:21:13.0671 3936	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
12:21:13.0749 3936	discache - ok
12:21:13.0780 3936	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
12:21:13.0812 3936	Disk - ok
12:21:13.0874 3936	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
12:21:13.0921 3936	drmkaud - ok
12:21:13.0999 3936	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
12:21:14.0046 3936	DXGKrnl - ok
12:21:14.0186 3936	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
12:21:14.0373 3936	ebdrv - ok
12:21:14.0482 3936	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
12:21:14.0514 3936	elxstor - ok
12:21:14.0607 3936	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
12:21:14.0638 3936	ErrDev - ok
12:21:14.0685 3936	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
12:21:14.0763 3936	exfat - ok
12:21:14.0841 3936	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
12:21:14.0904 3936	fastfat - ok
12:21:14.0950 3936	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
12:21:14.0982 3936	fdc - ok
12:21:15.0061 3936	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
12:21:15.0076 3936	FileInfo - ok
12:21:15.0123 3936	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
12:21:15.0201 3936	Filetrace - ok
12:21:15.0217 3936	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
12:21:15.0248 3936	flpydisk - ok
12:21:15.0326 3936	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
12:21:15.0341 3936	FltMgr - ok
12:21:15.0373 3936	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
12:21:15.0404 3936	FsDepends - ok
12:21:15.0435 3936	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
12:21:15.0451 3936	fssfltr - ok
12:21:15.0513 3936	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
12:21:15.0544 3936	Fs_Rec - ok
12:21:15.0591 3936	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
12:21:15.0622 3936	fvevol - ok
12:21:15.0638 3936	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
12:21:15.0669 3936	gagp30kx - ok
12:21:15.0747 3936	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:21:15.0763 3936	GEARAspiWDM - ok
12:21:15.0809 3936	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
12:21:15.0841 3936	hcw85cir - ok
12:21:15.0919 3936	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
12:21:15.0965 3936	HdAudAddService - ok
12:21:16.0012 3936	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
12:21:16.0044 3936	HDAudBus - ok
12:21:16.0122 3936	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
12:21:16.0154 3936	HidBatt - ok
12:21:16.0185 3936	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
12:21:16.0232 3936	HidBth - ok
12:21:16.0294 3936	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
12:21:16.0341 3936	HidIr - ok
12:21:16.0372 3936	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
12:21:16.0419 3936	HidUsb - ok
12:21:16.0512 3936	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
12:21:16.0528 3936	HpSAMD - ok
12:21:16.0590 3936	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
12:21:16.0684 3936	HTTP - ok
12:21:16.0793 3936	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
12:21:16.0809 3936	hwpolicy - ok
12:21:16.0840 3936	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
12:21:16.0887 3936	i8042prt - ok
12:21:16.0980 3936	iaStor          (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys
12:21:17.0012 3936	iaStor - ok
12:21:17.0106 3936	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
12:21:17.0153 3936	iaStorV - ok
12:21:17.0309 3936	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
12:21:17.0449 3936	igfx - ok
12:21:17.0559 3936	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
12:21:17.0574 3936	iirsp - ok
12:21:17.0621 3936	Impcd           (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys
12:21:17.0668 3936	Impcd - ok
12:21:17.0839 3936	IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
12:21:17.0980 3936	IntcAzAudAddService - ok
12:21:18.0120 3936	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
12:21:18.0136 3936	intelide - ok
12:21:18.0167 3936	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
12:21:18.0198 3936	intelppm - ok
12:21:18.0292 3936	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:21:18.0370 3936	IpFilterDriver - ok
12:21:18.0417 3936	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
12:21:18.0448 3936	IPMIDRV - ok
12:21:18.0541 3936	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
12:21:18.0604 3936	IPNAT - ok
12:21:18.0619 3936	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
12:21:18.0666 3936	IRENUM - ok
12:21:18.0775 3936	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
12:21:18.0791 3936	isapnp - ok
12:21:18.0822 3936	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
12:21:18.0869 3936	iScsiPrt - ok
12:21:18.0947 3936	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
12:21:18.0963 3936	kbdclass - ok
12:21:18.0994 3936	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
12:21:19.0025 3936	kbdhid - ok
12:21:19.0134 3936	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
12:21:19.0150 3936	KSecDD - ok
12:21:19.0165 3936	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
12:21:19.0197 3936	KSecPkg - ok
12:21:19.0290 3936	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
12:21:19.0368 3936	lltdio - ok
12:21:19.0462 3936	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
12:21:19.0477 3936	LSI_FC - ok
12:21:19.0509 3936	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
12:21:19.0524 3936	LSI_SAS - ok
12:21:19.0540 3936	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:21:19.0555 3936	LSI_SAS2 - ok
12:21:19.0649 3936	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:21:19.0665 3936	LSI_SCSI - ok
12:21:19.0696 3936	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
12:21:19.0758 3936	luafv - ok
12:21:19.0867 3936	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
12:21:19.0883 3936	MBAMProtector - ok
12:21:19.0914 3936	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
12:21:19.0945 3936	megasas - ok
12:21:20.0039 3936	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
12:21:20.0055 3936	MegaSR - ok
12:21:20.0086 3936	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
12:21:20.0164 3936	Modem - ok
12:21:20.0257 3936	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
12:21:20.0304 3936	monitor - ok
12:21:20.0320 3936	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
12:21:20.0351 3936	mouclass - ok
12:21:20.0429 3936	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
12:21:20.0460 3936	mouhid - ok
12:21:20.0491 3936	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
12:21:20.0523 3936	mountmgr - ok
12:21:20.0554 3936	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
12:21:20.0585 3936	mpio - ok
12:21:20.0663 3936	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
12:21:20.0757 3936	mpsdrv - ok
12:21:20.0850 3936	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
12:21:20.0897 3936	MRxDAV - ok
12:21:20.0991 3936	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
12:21:21.0037 3936	mrxsmb - ok
12:21:21.0147 3936	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:21:21.0178 3936	mrxsmb10 - ok
12:21:21.0271 3936	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:21:21.0318 3936	mrxsmb20 - ok
12:21:21.0396 3936	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
12:21:21.0412 3936	msahci - ok
12:21:21.0443 3936	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
12:21:21.0474 3936	msdsm - ok
12:21:21.0568 3936	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
12:21:21.0646 3936	Msfs - ok
12:21:21.0677 3936	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
12:21:21.0739 3936	mshidkmdf - ok
12:21:21.0833 3936	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
12:21:21.0849 3936	msisadrv - ok
12:21:21.0880 3936	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
12:21:21.0958 3936	MSKSSRV - ok
12:21:22.0036 3936	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
12:21:22.0114 3936	MSPCLOCK - ok
12:21:22.0207 3936	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
12:21:22.0270 3936	MSPQM - ok
12:21:22.0301 3936	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
12:21:22.0332 3936	MsRPC - ok
12:21:22.0426 3936	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
12:21:22.0441 3936	mssmbios - ok
12:21:22.0488 3936	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
12:21:22.0551 3936	MSTEE - ok
12:21:22.0644 3936	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
12:21:22.0675 3936	MTConfig - ok
12:21:22.0769 3936	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
12:21:22.0785 3936	Mup - ok
12:21:22.0816 3936	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
12:21:22.0863 3936	NativeWifiP - ok
12:21:22.0909 3936	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
12:21:22.0956 3936	NDIS - ok
12:21:23.0050 3936	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
12:21:23.0128 3936	NdisCap - ok
12:21:23.0237 3936	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
12:21:23.0299 3936	NdisTapi - ok
12:21:23.0393 3936	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
12:21:23.0471 3936	Ndisuio - ok
12:21:23.0502 3936	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
12:21:23.0565 3936	NdisWan - ok
12:21:23.0689 3936	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
12:21:23.0767 3936	NDProxy - ok
12:21:23.0783 3936	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
12:21:23.0861 3936	NetBIOS - ok
12:21:23.0970 3936	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
12:21:24.0048 3936	NetBT - ok
12:21:24.0095 3936	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
12:21:24.0111 3936	nfrd960 - ok
12:21:24.0205 3936	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
12:21:24.0299 3936	Npfs - ok
12:21:24.0314 3936	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
12:21:24.0392 3936	nsiproxy - ok
12:21:24.0502 3936	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
12:21:24.0580 3936	Ntfs - ok
12:21:24.0658 3936	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
12:21:24.0736 3936	Null - ok
12:21:24.0782 3936	NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys
12:21:24.0798 3936	NVHDA - ok
12:21:25.0141 3936	nvlddmkm        (006aa27afb7079787d5fd2b4b691c4f6) C:\windows\system32\DRIVERS\nvlddmkm.sys
12:21:25.0516 3936	nvlddmkm - ok
12:21:25.0625 3936	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
12:21:25.0640 3936	nvraid - ok
12:21:25.0672 3936	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
12:21:25.0703 3936	nvstor - ok
12:21:25.0796 3936	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
12:21:25.0812 3936	nv_agp - ok
12:21:25.0859 3936	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
12:21:25.0890 3936	ohci1394 - ok
12:21:25.0999 3936	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
12:21:26.0030 3936	Parport - ok
12:21:26.0140 3936	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
12:21:26.0155 3936	partmgr - ok
12:21:26.0171 3936	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
12:21:26.0218 3936	Parvdm - ok
12:21:26.0311 3936	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
12:21:26.0342 3936	pci - ok
12:21:26.0358 3936	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
12:21:26.0374 3936	pciide - ok
12:21:26.0405 3936	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
12:21:26.0436 3936	pcmcia - ok
12:21:26.0514 3936	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
12:21:26.0545 3936	pcw - ok
12:21:26.0576 3936	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
12:21:26.0670 3936	PEAUTH - ok
12:21:26.0810 3936	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
12:21:26.0888 3936	PptpMiniport - ok
12:21:26.0966 3936	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
12:21:27.0013 3936	Processor - ok
12:21:27.0044 3936	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
12:21:27.0122 3936	Psched - ok
12:21:27.0247 3936	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
12:21:27.0325 3936	ql2300 - ok
12:21:27.0419 3936	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
12:21:27.0450 3936	ql40xx - ok
12:21:27.0466 3936	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
12:21:27.0512 3936	QWAVEdrv - ok
12:21:27.0606 3936	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
12:21:27.0684 3936	RasAcd - ok
12:21:27.0700 3936	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
12:21:27.0762 3936	RasAgileVpn - ok
12:21:27.0871 3936	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
12:21:27.0949 3936	Rasl2tp - ok
12:21:28.0027 3936	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
12:21:28.0105 3936	RasPppoe - ok
12:21:28.0121 3936	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
12:21:28.0199 3936	RasSstp - ok
12:21:28.0292 3936	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
12:21:28.0370 3936	rdbss - ok
12:21:28.0402 3936	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
12:21:28.0448 3936	rdpbus - ok
12:21:28.0526 3936	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
12:21:28.0604 3936	RDPCDD - ok
12:21:28.0651 3936	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
12:21:28.0714 3936	RDPENCDD - ok
12:21:28.0807 3936	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
12:21:28.0885 3936	RDPREFMP - ok
12:21:28.0979 3936	RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
12:21:29.0041 3936	RDPWD - ok
12:21:29.0150 3936	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
12:21:29.0182 3936	rdyboost - ok
12:21:29.0228 3936	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
12:21:29.0260 3936	RFCOMM - ok
12:21:29.0369 3936	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
12:21:29.0462 3936	rspndr - ok
12:21:29.0478 3936	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
12:21:29.0525 3936	RTL8167 - ok
12:21:29.0618 3936	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
12:21:29.0665 3936	SABI - ok
12:21:29.0743 3936	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
12:21:29.0774 3936	sbp2port - ok
12:21:29.0821 3936	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
12:21:29.0884 3936	scfilter - ok
12:21:29.0993 3936	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
12:21:30.0071 3936	secdrv - ok
12:21:30.0164 3936	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
12:21:30.0180 3936	Serenum - ok
12:21:30.0212 3936	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
12:21:30.0243 3936	Serial - ok
12:21:30.0337 3936	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
12:21:30.0368 3936	sermouse - ok
12:21:30.0399 3936	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
12:21:30.0446 3936	sffdisk - ok
12:21:30.0524 3936	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
12:21:30.0555 3936	sffp_mmc - ok
12:21:30.0587 3936	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
12:21:30.0633 3936	sffp_sd - ok
12:21:30.0727 3936	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
12:21:30.0758 3936	sfloppy - ok
12:21:30.0867 3936	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
12:21:30.0883 3936	sisagp - ok
12:21:30.0914 3936	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:21:30.0930 3936	SiSRaid2 - ok
12:21:31.0023 3936	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
12:21:31.0039 3936	SiSRaid4 - ok
12:21:31.0070 3936	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
12:21:31.0133 3936	Smb - ok
12:21:31.0242 3936	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
12:21:31.0273 3936	spldr - ok
12:21:31.0320 3936	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
12:21:31.0367 3936	srv - ok
12:21:31.0460 3936	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
12:21:31.0507 3936	srv2 - ok
12:21:31.0523 3936	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
12:21:31.0554 3936	srvnet - ok
12:21:31.0647 3936	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
12:21:31.0663 3936	ssmdrv - ok
12:21:31.0694 3936	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
12:21:31.0725 3936	stexstor - ok
12:21:31.0819 3936	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
12:21:31.0835 3936	swenum - ok
12:21:31.0881 3936	SynTP           (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys
12:21:31.0913 3936	SynTP - ok
12:21:32.0022 3936	tbhsd           (d7f411c5af992bb44e86083a6aa7b045) C:\windows\system32\drivers\tbhsd.sys
12:21:32.0037 3936	tbhsd - ok
12:21:32.0100 3936	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
12:21:32.0178 3936	Tcpip - ok
12:21:32.0287 3936	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
12:21:32.0365 3936	TCPIP6 - ok
12:21:32.0474 3936	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
12:21:32.0537 3936	tcpipreg - ok
12:21:32.0599 3936	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
12:21:32.0677 3936	TDPIPE - ok
12:21:32.0739 3936	TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
12:21:32.0817 3936	TDTCP - ok
12:21:32.0880 3936	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
12:21:32.0942 3936	tdx - ok
12:21:33.0020 3936	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
12:21:33.0036 3936	TermDD - ok
12:21:33.0129 3936	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
12:21:33.0192 3936	tssecsrv - ok
12:21:33.0270 3936	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
12:21:33.0301 3936	TsUsbFlt - ok
12:21:33.0363 3936	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
12:21:33.0441 3936	tunnel - ok
12:21:33.0504 3936	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
12:21:33.0535 3936	uagp35 - ok
12:21:33.0597 3936	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
12:21:33.0675 3936	udfs - ok
12:21:33.0753 3936	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
12:21:33.0769 3936	uliagpkx - ok
12:21:33.0816 3936	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
12:21:33.0863 3936	umbus - ok
12:21:33.0925 3936	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
12:21:33.0972 3936	UmPass - ok
12:21:34.0019 3936	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
12:21:34.0081 3936	usbccgp - ok
12:21:34.0143 3936	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
12:21:34.0175 3936	usbcir - ok
12:21:34.0221 3936	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
12:21:34.0268 3936	usbehci - ok
12:21:34.0346 3936	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
12:21:34.0393 3936	usbhub - ok
12:21:34.0471 3936	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
12:21:34.0518 3936	usbohci - ok
12:21:34.0611 3936	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
12:21:34.0658 3936	usbprint - ok
12:21:34.0752 3936	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
12:21:34.0783 3936	usbscan - ok
12:21:34.0830 3936	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:21:34.0877 3936	USBSTOR - ok
12:21:34.0970 3936	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
12:21:35.0001 3936	usbuhci - ok
12:21:35.0033 3936	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
12:21:35.0079 3936	usbvideo - ok
12:21:35.0173 3936	usb_rndisx      (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
12:21:35.0189 3936	usb_rndisx - ok
12:21:35.0220 3936	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
12:21:35.0251 3936	vdrvroot - ok
12:21:35.0282 3936	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
12:21:35.0313 3936	vga - ok
12:21:35.0423 3936	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
12:21:35.0501 3936	VgaSave - ok
12:21:35.0563 3936	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
12:21:35.0594 3936	vhdmp - ok
12:21:35.0657 3936	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
12:21:35.0672 3936	viaagp - ok
12:21:35.0735 3936	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
12:21:35.0766 3936	ViaC7 - ok
12:21:35.0828 3936	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
12:21:35.0844 3936	viaide - ok
12:21:35.0891 3936	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
12:21:35.0906 3936	volmgr - ok
12:21:35.0953 3936	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
12:21:35.0984 3936	volmgrx - ok
12:21:36.0047 3936	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
12:21:36.0078 3936	volsnap - ok
12:21:36.0109 3936	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
12:21:36.0140 3936	vsmraid - ok
12:21:36.0171 3936	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
12:21:36.0218 3936	vwifibus - ok
12:21:36.0265 3936	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
12:21:36.0327 3936	vwififlt - ok
12:21:36.0390 3936	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
12:21:36.0405 3936	WacomPen - ok
12:21:36.0452 3936	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:21:36.0515 3936	WANARP - ok
12:21:36.0530 3936	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
12:21:36.0593 3936	Wanarpv6 - ok
12:21:36.0671 3936	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
12:21:36.0686 3936	Wd - ok
12:21:36.0749 3936	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
12:21:36.0780 3936	Wdf01000 - ok
12:21:36.0873 3936	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
12:21:36.0936 3936	WfpLwf - ok
12:21:36.0983 3936	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
12:21:37.0014 3936	WIMMount - ok
12:21:37.0107 3936	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
12:21:37.0154 3936	WinUsb - ok
12:21:37.0232 3936	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
12:21:37.0263 3936	WmiAcpi - ok
12:21:37.0295 3936	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
12:21:37.0373 3936	ws2ifsl - ok
12:21:37.0466 3936	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
12:21:37.0544 3936	WudfPf - ok
12:21:37.0575 3936	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
12:21:37.0638 3936	WUDFRd - ok
12:21:37.0716 3936	yukonw7         (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
12:21:37.0778 3936	yukonw7 - ok
12:21:37.0825 3936	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
12:21:38.0324 3936	\Device\Harddisk0\DR0 - ok
12:21:38.0324 3936	Boot (0x1200)   (21ca5d1e9d7b400a90e47c6eb81dade8) \Device\Harddisk0\DR0\Partition0
12:21:38.0324 3936	\Device\Harddisk0\DR0\Partition0 - ok
12:21:38.0340 3936	Boot (0x1200)   (bc19836cb0898fba2148318ec0e91a5f) \Device\Harddisk0\DR0\Partition1
12:21:38.0340 3936	\Device\Harddisk0\DR0\Partition1 - ok
12:21:38.0355 3936	Boot (0x1200)   (3c8a9eeb3e2c6325903218d7528bb664) \Device\Harddisk0\DR0\Partition2
12:21:38.0371 3936	\Device\Harddisk0\DR0\Partition2 - ok
12:21:38.0371 3936	============================================================
12:21:38.0371 3936	Scan finished
12:21:38.0371 3936	============================================================
12:21:38.0371 1584	Detected object count: 0
12:21:38.0371 1584	Actual detected object count: 0

30.01.2012, 13:19	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"http://www.searchqu.com/406" Befall Ohne die Logs von Malwarebytes und Co wird das hier nichts. Alles von Malwarebytes und den anderen Scannern muss hier gepostet werden. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: ATTFilter hier steht das Log __________________ __________________

30.01.2012, 15:08	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	"http://www.searchqu.com/406" Befall Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

"http://www.searchqu.com/406" Befall

Log-Analyse und Auswertung: "http://www.searchqu.com/406" Befall