Trojaner-Board - evtl. virus befall?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - evtl. virus befall? (https://www.trojaner-board.de/103586-evtl-virus-befall.html)

evtl. virus befall?

Hallo,

ich habe ja seit neusten folgendes Problem. Alle virenscanner stürtzten mit fehlermeldung bei mir ab. Ich hatte die ganze zeit AVG free drauf und plötzlich abstürtze. Danach habe ich antivir und avast ausprobiert genau das selbe. Also irgendetwas stimmt ja hier nicht. Kann das mit einem virus zusammen hängen? Mein system ist Windows 7 64 Bit. Ich poste einmal die log von malwarebytes:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7766

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.09.2011 02:01:04
mbam-log-2011-09-22 (02-01-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336625
Laufzeit: 36 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Zitat:

Ich hatte die ganze zeit AVG free

Und warum steht in deiner Sig => Avast & Windows Firewall :confused:

Hallo,

ja sig ist schon ewig nicht mehr aktualisiert habs gerade mal nachgeholt. Habe jetzt mal geschaut unter logs sind keine weiteren vorhanden. Im moment läuft immernoch avast aber schutzkomponenten sind deaktiviert krieg die nicht mehr an. Habe gerade nochmal malwarebytes aktualisiert und quickscan der hat auch was gefunden.

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7770

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.09.2011 15:03:53
mbam-log-2011-09-22 (15-03-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 37219
Laufzeit: 2 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\presirak.zip (Trojan.Proxy) -> No action taken.

hallo,

habe noch die logs von avg rausgesucht:

Zitat:

Residenten Schutz
"Infektion" "Objekt" "Ergebnis" "Erkennungszeit" "Objekttyp" "Vorgang"
"Trojaner: Proxy.11.AK" "c:\Users\xxxxx\win\presirak.exe" "Infiziert" "22.09.2011, 14:58:32" "Datei" "C:\Windows\System32\SearchProtocolHost.exe"
"Trojaner: Proxy.11.AK" "c:\Users\xxxxxx\win\trimor54.exe" "Infiziert" "22.09.2011, 14:57:51" "Datei" "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"Virus identifiziert: I-Worm/Netsky" "c:\Users\xxxxx\win\neoions.exe" "In Virenquarantäne verschoben" "20.09.2011, 01:20:34" "Datei" "C:\Windows\System32\SearchProtocolHost.exe"
"Trojaner: Proxy.11.AK" "c:\Users\xxxxx\win\presirak.exe" "In Virenquarantäne verschoben" "20.09.2011, 01:20:21" "Datei" "C:\Windows\System32\SearchProtocolHost.exe"
"Trojaner: Generic24.GU" "c:\Users\xxxxx\win\trimor54.exe" "In Virenquarantäne verschoben" "20.09.2011, 01:20:03" "Datei" "C:\Windows\System32\SearchProtocolHost.exe"

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Hab das programm entfernt:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7770

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.09.2011 16:14:47
mbam-log-2011-09-22 (16-14-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 79639
Laufzeit: 10 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\presirak.zip (Trojan.Proxy) -> Quarantined and deleted successfully.

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

So hier dann mal die log von eset:

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c830bdd0e0b8984a8e6a79787c6a89c4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-22 03:20:27
# local_time=2011-09-22 05:20:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 555418 555418 0 0
# compatibility_mode=5893 16776574 100 94 260015 68331722 0 0
# compatibility_mode=8192 67108863 100 0 164 164 0 0
# scanned=107421
# found=0
# cleaned=0
# scan_time=2955

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier das gewünschte log:

OTL Logfile:

Code:

OTL logfile created on: 22.09.2011 21:11:17 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\xxxxxxxxxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 59,85% Memory free

7,49 Gb Paging File | 5,51 Gb Available in Paging File | 73,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451,32 Gb Total Space | 410,05 Gb Free Space | 90,86% Space Free | Partition Type: NTFS

Drive D: | 14,15 Gb Total Space | 1,74 Gb Free Space | 12,31% Space Free | Partition Type: NTFS

Drive E: | 609,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 99,02 Mb Total Space | 88,88 Mb Free Space | 89,76% Space Free | Partition Type: FAT32

 

Computer Name: xxxxxxxxxx-HP | User Name: xxxxxxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\xxxxxxxxxx\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)

PRC - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\xxxxxxxxxx\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\307dea1fa71faaa1c2dc0175487d9639\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\bbc34aac73481fc04fe9b7aff9927437\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cadbfd56dbffb78f67b92027bd56862e\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\64d84a18bdebd88f137f11ec220748ff\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d23889e1eceadc97a6f227dbb392cb60\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e3eea502999efc06079a0f40a795731\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6cf9069b4b5feb38824a79009ed9c7b4\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ea0f339fb15935f1878e115be1c04f8f\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\55b41158ada67f5b5a132e120e7de269\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2721a63758cab451543e8a58dc4ffeeb\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c4a0cae96fe506534d1ed4b8e905d04\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ffc825af968e2afbdd0d894b475331f3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\93e7df09dacd5fef442cc22d28efec83\mscorlib.ni.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Users\xxxxxxxxxx\AppData\Roaming\PictureMover\DE-DE\Presentation.dll ()

MOD - C:\Users\xxxxxxxxxx\AppData\Roaming\PictureMover\Bin\Core.dll ()

MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)

SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)

SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (CDMA Device Service) -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe ()

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.)

SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()

DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (StarPortLite) StarPort Storage Controller (Lite) -- C:\Windows\SysNative\drivers\StarPortLite.sys (Rocket Division Software)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (HWiNFO32) -- C:\Programme\HWiNFO64\HWiNFO64A.SYS (REALiX(tm))

DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()

DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/4

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011.09.20 19:12:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.16 06:59:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.16 06:59:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011.09.16 06:14:57 | 000,000,000 | ---D | M]

 

[2011.09.16 05:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxxxx\AppData\Roaming\mozilla\Extensions

[2011.09.16 06:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011.09.16 06:32:28 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.09.16 06:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011.09.20 19:12:48 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4

[2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB46D7C1-6D3C-42BD-BFD5-2D1E3F745F82}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.22 17:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo

[2011.09.22 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo

[2011.09.22 02:21:34 | 000,000,000 | ---D | C] -- C:\Temp

[2011.09.22 02:21:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Samsung

[2011.09.20 23:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2

[2011.09.20 23:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metin2

[2011.09.20 19:12:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.09.20 14:50:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\Documents\StarBurn

[2011.09.20 14:50:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\StarBurn

[2011.09.20 01:20:13 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011.09.20 00:45:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\CrashDumps

[2011.09.20 00:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda Fusion 3

[2011.09.20 00:44:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Miranda Fusion

[2011.09.20 00:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MirandaFusion

[2011.09.19 16:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2011.09.19 16:02:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2011.09.16 10:52:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

[2011.09.16 10:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4 Demo

[2011.09.16 10:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\id Software

[2011.09.16 09:39:10 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll

[2011.09.16 09:38:53 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll

[2011.09.16 08:30:26 | 000,000,000 | ---D | C] -- C:\7B219B681D82F2DA0C4CD51F

[2011.09.16 08:28:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TV-Browser

[2011.09.16 08:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2011.09.16 08:20:07 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\Documents\samsung

[2011.09.16 07:58:17 | 000,000,000 | ---D | C] -- C:\BDB599930F7B32ABE33D08B1B35A

[2011.09.16 07:58:15 | 000,000,000 | ---D | C] -- C:\209B54B309E467D920

[2011.09.16 07:58:13 | 000,000,000 | ---D | C] -- C:\B4E5FB7EA5E216C29241714DBB

[2011.09.16 07:46:47 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.4

[2011.09.16 07:46:47 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew

[2011.09.16 07:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.4

[2011.09.16 07:42:38 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys

[2011.09.16 07:42:38 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys

[2011.09.16 07:42:38 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys

[2011.09.16 07:42:38 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys

[2011.09.16 07:42:38 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys

[2011.09.16 07:42:38 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys

[2011.09.16 07:42:38 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys

[2011.09.16 07:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2011.09.16 07:41:28 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll

[2011.09.16 07:41:15 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll

[2011.09.16 07:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny

[2011.09.16 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Samsung

[2011.09.16 07:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung

[2011.09.16 07:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung

[2011.09.16 07:40:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Downloaded Installations

[2011.09.16 07:37:32 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Malwarebytes

[2011.09.16 07:37:01 | 000,000,000 | ---D | C] -- C:\PlugIns

[2011.09.16 07:36:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Ashampoo

[2011.09.16 07:35:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\ashampoo

[2011.09.16 07:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo

[2011.09.16 07:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo

[2011.09.16 07:35:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2011.09.16 07:33:13 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment

[2011.09.16 07:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment

[2011.09.16 07:23:15 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment

[2011.09.16 07:12:27 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TS3Client

[2011.09.16 07:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2011.09.16 07:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2011.09.16 07:10:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder x64

[2011.09.16 07:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.16 07:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.16 07:09:41 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.09.16 07:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.09.16 07:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

[2011.09.16 07:08:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Broad Intelligence

[2011.09.16 07:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder

[2011.09.16 07:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter

[2011.09.16 07:05:50 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\FreeVideoConverter

[2011.09.16 07:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter

[2011.09.16 06:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2011.09.16 06:59:04 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2011.09.16 06:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real

[2011.09.16 06:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2011.09.16 06:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real

[2011.09.16 06:58:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Real

[2011.09.16 06:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.09.16 06:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2011.09.16 06:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2011.09.16 06:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2011.09.16 06:56:38 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Apple

[2011.09.16 06:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011.09.16 06:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2011.09.16 06:55:34 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\COWON

[2011.09.16 06:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio

[2011.09.16 06:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COWON

[2011.09.16 06:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JetAudio

[2011.09.16 06:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Browser

[2011.09.16 06:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Browser

[2011.09.16 06:47:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx

[2011.09.16 06:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011.09.16 06:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.09.16 06:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011.09.16 06:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarBurn Software

[2011.09.16 06:39:04 | 000,118,888 | ---- | C] (Rocket Division Software) -- C:\Windows\SysNative\drivers\StarPortLite.sys

[2011.09.16 06:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarBurn Software

[2011.09.16 06:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64

[2011.09.16 06:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO64

[2011.09.16 06:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune

[2011.09.16 06:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HD Tune

[2011.09.16 06:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2011.09.16 06:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition

[2011.09.16 06:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS

[2011.09.16 06:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011.09.16 06:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.09.16 06:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2011.09.16 06:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

[2011.09.16 06:32:49 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\CyberLink

[2011.09.16 06:32:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\Documents\Youcam

[2011.09.16 06:32:48 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\CyberLink

[2011.09.16 06:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011.09.16 06:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc

[2011.09.16 06:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc

[2011.09.16 06:26:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2011.09.16 06:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2011.09.16 06:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.09.16 06:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2011.09.16 06:17:31 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\WindowsUpdate

[2011.09.16 06:15:59 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\AVG2012

[2011.09.16 06:15:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2011.09.16 06:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2011.09.16 06:15:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

[2011.09.16 06:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2011.09.16 06:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2011.09.16 06:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2011.09.16 06:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2011.09.16 06:00:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\ZumoDrive

[2011.09.16 05:58:10 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Adobe

[2011.09.16 05:54:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Skype

[2011.09.16 05:54:38 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

[2011.09.16 05:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2011.09.16 05:48:25 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Mozilla

[2011.09.16 05:47:23 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla

[2011.09.16 05:47:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thunderbird

[2011.09.16 05:47:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Thunderbird

[2011.09.16 05:47:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2011.09.16 05:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2011.09.16 05:43:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Macromedia

[2011.09.16 05:43:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Adobe

[2011.09.16 05:41:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\AMD

[2011.09.16 05:41:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\ATI

[2011.09.16 05:41:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\ATI

[2011.09.16 05:41:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\PictureMover

[2011.09.16 05:40:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\hpqLog

[2011.09.16 05:40:43 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Synaptics

[2011.09.16 05:40:28 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011.09.16 05:40:28 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Searches

[2011.09.16 05:40:28 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011.09.16 05:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Identities

[2011.09.16 05:40:17 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Contacts

[2011.09.16 05:39:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\RemEngine

[2011.09.16 05:39:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Hewlett-Packard

[2011.09.16 05:38:55 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Hewlett-Packard

[2011.09.16 05:38:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Hewlett-Packard_Company

[2011.09.16 05:37:38 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\VirtualStore

[2011.09.16 05:37:02 | 000,000,000 | --SD | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Videos

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Saved Games

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Pictures

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Music

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Links

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Favorites

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Downloads

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Documents

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\Desktop

[2011.09.16 05:37:02 | 000,000,000 | R--D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Vorlagen

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Verlauf

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Temporary Internet Files

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Startmenü

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\SendTo

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Recent

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Netzwerkumgebung

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Lokale Einstellungen

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Documents\Eigene Videos

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Documents\Eigene Musik

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Eigene Dateien

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Documents\Eigene Bilder

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Druckumgebung

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Cookies

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Anwendungsdaten

[2011.09.16 05:37:02 | 000,000,000 | -HSD | C] -- C:\Users\xxxxxxxxxx\Anwendungsdaten

[2011.09.16 05:37:02 | 000,000,000 | -H-D | C] -- C:\Users\xxxxxxxxxx\AppData

[2011.09.16 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Temp

[2011.09.16 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Local\Microsoft

[2011.09.16 05:37:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Media Center Programs

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Programme

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2011.09.16 05:36:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2011.09.16 05:35:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011.09.14 18:38:35 | 000,000,000 | ---D | C] -- C:\Windows\ehome

[2011.09.14 09:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2011.09.14 09:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2011.09.14 09:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011.09.14 08:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011.09.14 08:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PictureMover

[2011.09.14 08:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PictureMover

[2011.09.14 08:58:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam

[2011.09.14 08:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star

[2011.09.14 08:54:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling

[2011.09.14 08:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe

[2011.09.14 08:52:26 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard

[2011.09.14 08:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2011.09.14 08:50:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011.09.14 08:50:14 | 000,349,800 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys

[2011.09.14 08:50:01 | 005,900,288 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe

[2011.09.14 08:50:01 | 004,594,176 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll

[2011.09.14 08:50:01 | 003,069,952 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll

[2011.09.14 08:50:01 | 000,968,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll

[2011.09.14 08:50:01 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe

[2011.09.14 08:50:01 | 000,524,800 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe

[2011.09.14 08:50:01 | 000,438,784 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl

[2011.09.14 08:50:01 | 000,211,968 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe

[2011.09.14 08:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs

[2011.09.14 08:49:34 | 000,520,192 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys

[2011.09.14 08:49:34 | 000,220,160 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll

[2011.09.14 08:49:33 | 001,497,088 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll

[2011.09.14 08:49:33 | 000,651,264 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll

[2011.09.14 08:49:33 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll

[2011.09.14 08:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\IDT

[2011.09.14 08:49:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sda

[2011.09.14 08:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2011.09.14 08:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics

[2011.09.14 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2011.09.14 08:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2011.09.14 08:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2011.09.14 08:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2011.09.14 08:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2011.09.14 08:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2011.09.14 08:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2011.09.14 08:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2011.09.14 08:42:05 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.22 20:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.22 18:40:50 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.22 18:40:50 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.22 18:33:19 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.22 17:43:42 | 000,001,940 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\CrystalDiskInfo.lnk

[2011.09.22 14:41:36 | 104,899,240 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2011.09.22 02:20:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.09.20 23:41:32 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Metin2.lnk

[2011.09.20 19:12:49 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2011.09.20 00:44:56 | 000,001,271 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Miranda Fusion Configurator.lnk

[2011.09.20 00:44:55 | 000,001,240 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Miranda Fusion.lnk

[2011.09.19 18:33:19 | 000,079,000 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2011.09.19 17:46:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.19 17:46:28 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.19 17:46:28 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.19 17:46:28 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.19 17:46:28 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.19 17:41:00 | 000,299,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.09.16 10:52:42 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\Quake 4 Demo.lnk

[2011.09.16 08:05:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2011.09.16 08:05:50 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2011.09.16 07:46:48 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.4.lnk

[2011.09.16 07:43:43 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk

[2011.09.16 07:37:01 | 000,047,718 | ---- | M] () -- C:\Windows\unins000.dat

[2011.09.16 07:37:01 | 000,013,156 | ---- | M] () -- C:\Windows\unins000.msg

[2011.09.16 07:36:53 | 000,720,784 | ---- | M] () -- C:\Windows\unins000.exe

[2011.09.16 07:35:41 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 8.lnk

[2011.09.16 07:33:19 | 000,001,195 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Perfect World International.lnk

[2011.09.16 07:12:13 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2011.09.16 07:10:55 | 000,000,836 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\MediaCoder x64.lnk

[2011.09.16 07:09:44 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.16 07:05:52 | 000,001,101 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Free Video Converter.lnk

[2011.09.16 06:59:04 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2011.09.16 06:55:21 | 000,001,781 | ---- | M] () -- C:\Users\Public\Desktop\jetAudio.lnk

[2011.09.16 06:48:43 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\TV-Browser.lnk

[2011.09.16 06:45:03 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForxxxxxxxxxx.job

[2011.09.16 06:40:03 | 000,867,824 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011.09.16 06:39:06 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\StarBurn.lnk

[2011.09.16 06:38:38 | 000,000,830 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\HWiNFO64 Program.lnk

[2011.09.16 06:38:08 | 000,000,886 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\HD Tune.lnk

[2011.09.16 06:37:49 | 000,001,390 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk

[2011.09.16 06:37:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.09.16 06:32:19 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011.09.16 06:29:37 | 000,001,789 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\IZArc.lnk

[2011.09.16 06:15:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2011.09.16 06:15:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2011.09.16 05:47:02 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

[2011.09.16 05:46:46 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.09.16 05:36:15 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2011.09.16 05:36:15 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2011.09.14 08:58:47 | 000,002,029 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk

[2011.09.14 08:53:10 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2011.09.14 08:51:50 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem10.inf

[2011.09.14 08:51:07 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011.09.14 08:49:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2011.09.14 08:46:34 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_QCNF116707Q_E635093-041_4A_I1661_SHP_V20.21_BF.24_T110630_W73-0_L407_M3835_J500_7AMD_8F63_93.00_#110914_N_(LF141EA#ABD)_XMOBILE_CN10_Z_2059A100000204610000020100.MRK

[2011.09.14 08:46:34 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_QCNF116707Q_E635093-041_4A_I1661_SHP_V20.21_BF.24_T110630_W73-0_L407_M3835_J500_7AMD_8F63_93.00_#110914_N_(LF141EA#ABD)_XMOBILE_CN10_Z_2059A100000204610000020100.MRK

[2011.09.14 08:43:33 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.09.09 18:23:34 | 002,469,760 | ---- | M] () -- C:\Windows\SysWow64\BootMan.exe

[2011.09.07 17:06:40 | 003,321,728 | ---- | M] () -- C:\Windows\SysNative\BootMan.exe

[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.22 17:43:42 | 000,001,940 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\CrystalDiskInfo.lnk

[2011.09.22 14:41:36 | 104,899,240 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2011.09.22 02:20:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.09.20 23:41:32 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Metin2.lnk

[2011.09.20 00:44:56 | 000,001,271 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Miranda Fusion Configurator.lnk

[2011.09.20 00:44:55 | 000,001,240 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Miranda Fusion.lnk

[2011.09.19 18:33:19 | 000,079,000 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2011.09.16 10:52:42 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\Quake 4 Demo.lnk

[2011.09.16 09:39:59 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd

[2011.09.16 09:38:34 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml

[2011.09.16 09:38:22 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml

[2011.09.16 09:38:22 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml

[2011.09.16 09:38:07 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml

[2011.09.16 08:05:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2011.09.16 08:05:50 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2011.09.16 07:46:48 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.4.lnk

[2011.09.16 07:43:43 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk

[2011.09.16 07:37:01 | 000,013,156 | ---- | C] () -- C:\Windows\unins000.msg

[2011.09.16 07:37:00 | 000,720,784 | ---- | C] () -- C:\Windows\unins000.exe

[2011.09.16 07:37:00 | 000,047,718 | ---- | C] () -- C:\Windows\unins000.dat

[2011.09.16 07:35:41 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 8.lnk

[2011.09.16 07:33:19 | 000,001,195 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Perfect World International.lnk

[2011.09.16 07:12:13 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

[2011.09.16 07:10:55 | 000,000,836 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\MediaCoder x64.lnk

[2011.09.16 07:09:44 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.16 07:05:52 | 000,001,101 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Free Video Converter.lnk

[2011.09.16 06:56:36 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2011.09.16 06:55:21 | 000,001,781 | ---- | C] () -- C:\Users\Public\Desktop\jetAudio.lnk

[2011.09.16 06:48:43 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\TV-Browser.lnk

[2011.09.16 06:41:02 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForxxxxxxxxxx.job

[2011.09.16 06:40:03 | 000,867,824 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys

[2011.09.16 06:39:06 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\StarBurn.lnk

[2011.09.16 06:38:38 | 000,000,830 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\HWiNFO64 Program.lnk

[2011.09.16 06:38:08 | 000,000,886 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\HD Tune.lnk

[2011.09.16 06:37:49 | 000,001,390 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk

[2011.09.16 06:37:47 | 003,321,728 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe

[2011.09.16 06:37:47 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe

[2011.09.16 06:37:47 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe

[2011.09.16 06:37:47 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe

[2011.09.16 06:37:47 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll

[2011.09.16 06:37:47 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys

[2011.09.16 06:37:47 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll

[2011.09.16 06:37:47 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys

[2011.09.16 06:37:47 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys

[2011.09.16 06:37:47 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys

[2011.09.16 06:37:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.09.16 06:29:37 | 000,001,789 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\IZArc.lnk

[2011.09.16 06:24:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.09.16 06:15:33 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2011.09.16 06:15:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2011.09.16 06:15:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2011.09.16 05:47:02 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

[2011.09.16 05:47:01 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2011.09.16 05:46:45 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.09.16 05:46:44 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.09.16 05:40:36 | 000,001,405 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2011.09.16 05:40:29 | 000,001,399 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011.09.16 05:38:45 | 000,002,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk

[2011.09.16 05:38:45 | 000,002,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

[2011.09.16 05:38:45 | 000,002,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk

[2011.09.16 05:35:01 | 3015,888,896 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.14 18:39:11 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml

[2011.09.14 08:58:47 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish PictureMover.lnk

[2011.09.14 08:58:47 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk

[2011.09.14 08:53:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.09.14 08:51:56 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem10.inf

[2011.09.14 08:51:19 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll

[2011.09.14 08:50:14 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll

[2011.09.14 08:49:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2011.09.14 08:46:34 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_QCNF116707Q_E635093-041_4A_I1661_SHP_V20.21_BF.24_T110630_W73-0_L407_M3835_J500_7AMD_8F63_93.00_#110914_N_(LF141EA#ABD)_XMOBILE_CN10_Z_2059A100000204610000020100.MRK

[2011.09.14 08:46:34 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion g6 Notebook PC_Y5335KV_0U_QCNF116707Q_E635093-041_4A_I1661_SHP_V20.21_BF.24_T110630_W73-0_L407_M3835_J500_7AMD_8F63_93.00_#110914_N_(LF141EA#ABD)_XMOBILE_CN10_Z_2059A100000204610000020100.MRK

[2011.09.14 08:44:19 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011.09.14 08:44:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011.09.14 08:43:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.01.11 05:05:09 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini

[2011.01.11 04:58:13 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2010.12.17 04:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2010.09.24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2010.09.18 00:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.09.16 07:36:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Ashampoo

[2011.09.16 06:15:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\AVG2012

[2011.09.16 07:08:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Broad Intelligence

[2011.09.20 17:52:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\COWON

[2011.09.16 07:05:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\FreeVideoConverter

[2011.09.20 00:44:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Miranda Fusion

[2011.09.16 05:41:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\PictureMover

[2011.09.16 07:40:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Samsung

[2011.09.20 14:50:03 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\StarBurn

[2011.09.16 05:40:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Synaptics

[2011.09.16 05:47:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thunderbird

[2011.09.20 01:15:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TS3Client

[2011.09.22 18:44:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TV-Browser

[2011.09.16 06:00:49 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\ZumoDrive

[2009.07.14 07:08:49 | 000,007,174 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Hier noch die andere log;

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 22.09.2011 21:11:17 - Run 1

OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\xxxxxx\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 59,85% Memory free

7,49 Gb Paging File | 5,51 Gb Available in Paging File | 73,59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451,32 Gb Total Space | 410,05 Gb Free Space | 90,86% Space Free | Partition Type: NTFS

Drive D: | 14,15 Gb Total Space | 1,74 Gb Free Space | 12,31% Space Free | Partition Type: NTFS

Drive E: | 609,99 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive F: | 99,02 Mb Total Space | 88,88 Mb Free Space | 89,76% Space Free | Partition Type: FAT32

 

Computer Name: xxxxxx-HP | User Name: xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0D0AD116-BE74-4ADD-9E80-83199F53370F}" = AVG 2012

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback

"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{44C05FED-4BA8-4C65-A39D-FA83451E6ACB}" = AVG 2012

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel

"AVG" = AVG 2012

"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter

"CCleaner" = CCleaner

"HWiNFO64_is1" = HWiNFO64 Version 3.86

"MediaCoder x64" = MediaCoder x64 2011

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English

"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display

"{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish

"{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53CD60C7-12F9-420D-A9BF-EC8D815475A9}" = HP Documentation

"{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish

"{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese

"{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian

"{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static

"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup

"{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard

"{825C4BE0-5C73-4B05-A0BC-CB16F0C100D3}" = HP Software Framework

"{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6

"{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian

"{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai

"{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional

"{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish

"{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo

"{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese

"{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All

"{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.4.0

"Ashampoo Photo Commander Plugin Pack_is1" = Ashampoo Photo Commander Plugin Pack

"CrystalDiskInfo_is1" = CrystalDiskInfo 4.0.2

"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition

"Free Video Converter_is1" = Free Video Converter V 3.0

"HD Tune_is1" = HD Tune 2.55

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{BAB004F0-F04C-49DD-8118-AE4A7697C469}" = Quake 4(TM) Demo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Metin2_is1" = Metin2

"MirandaFusion" = Miranda Fusion 3.0.22

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)

"RealPlayer 12.0" = RealPlayer

"StarBurn_is1" = StarBurn Version 13 (Build 0x20110818)

"tvbrowser" = TV-Browser 3.0.2

"WinLiveSuite" = Windows Live Essentials

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16.09.2011 00:05:15 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Iron Driver.  System Error: Das System kann die angegebene Datei nicht finden.

.

 

Error - 16.09.2011 00:05:15 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Network Security WFP Driver.  System Error: Das System kann die angegebene

 Datei nicht finden.  .

 

Error - 16.09.2011 00:07:02 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Iron Driver.  System Error: Das System kann die angegebene Datei nicht finden.

.

 

Error - 16.09.2011 00:07:02 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Network Security WFP Driver.  System Error: Das System kann die angegebene

 Datei nicht finden.  .

 

Error - 16.09.2011 00:07:42 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Iron Driver.  System Error: Das System kann die angegebene Datei nicht finden.

.

 

Error - 16.09.2011 00:07:42 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Network Security WFP Driver.  System Error: Das System kann die angegebene

 Datei nicht finden.  .

 

Error - 16.09.2011 00:08:07 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Iron Driver.  System Error: Das System kann die angegebene Datei nicht finden.

.

 

Error - 16.09.2011 00:08:07 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts

 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary

 Symantec Network Security WFP Driver.  System Error: Das System kann die angegebene

 Datei nicht finden.  .

 

[ HP Wireless Assistant Events ]

Error - 15.09.2011 23:59:46 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:00:54 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:02:02 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:03:11 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:04:19 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:05:28 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:06:36 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:07:43 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:08:52 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

Error - 16.09.2011 00:10:00 | Computer Name = xxxxxx-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht

 verfügbar. (Ausnahme von HRESULT: 0x800706BA)    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32

 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object

 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObject.Initialize(Boolean

 getObject)     bei System.Management.ManagementBaseObject.get_Properties()     bei 

System.Management.ManagementBaseObject.GetPropertyValue(String propertyName)     bei

 HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

 

[ System Events ]

Error - 16.09.2011 00:10:00 | Computer Name = xxxxxx-HP | Source = DCOM | ID = 10009

Description = 

 

Error - 16.09.2011 01:43:25 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7030

Description = Der Dienst "CDMA Device Service" ist als interaktiver Dienst gekennzeichnet.

 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich

 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

 

Error - 16.09.2011 02:13:12 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 

beendet:   %%32

 

Error - 16.09.2011 02:19:01 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 

beendet:   %%16405

 

Error - 16.09.2011 02:21:55 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für

 Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2447568)

 

Error - 16.09.2011 02:21:55 | Computer Name = xxxxxx-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installationsfehler: Die Installation des folgenden Updates ist mit

 Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter

 Windows 7 für x64-basierte Systeme (KB2544521)

 

Error - 16.09.2011 03:47:26 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7043

Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements

 nicht richtig heruntergefahren werden.

 

Error - 16.09.2011 04:23:35 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7043

Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements

 nicht richtig heruntergefahren werden.

 

Error - 16.09.2011 04:51:25 | Computer Name = xxxxxx-HP | Source = DCOM | ID = 10001

Description = 

 

Error - 19.09.2011 16:55:49 | Computer Name = xxxxxx-HP | Source = Service Control Manager | ID = 7011

Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung

 von Dienst ShellHWDetection erreicht.

 

 

< End of report >

--- --- ---

Ziemlich unauffällig.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

So hier noch das andere log :

Zitat:

13:41:02.0364 4744 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
13:41:02.0489 4744 ============================================================
13:41:02.0489 4744 Current date / time: 2011/09/28 13:41:02.0489
13:41:02.0489 4744 SystemInfo:
13:41:02.0489 4744
13:41:02.0489 4744 OS Version: 6.1.7601 ServicePack: 1.0
13:41:02.0489 4744 Product type: Workstation
13:41:02.0489 4744 ComputerName: xxxxxx-HP
13:41:02.0490 4744 UserName: xxxxxxx
13:41:02.0490 4744 Windows directory: C:\Windows
13:41:02.0490 4744 System windows directory: C:\Windows
13:41:02.0490 4744 Running under WOW64
13:41:02.0490 4744 Processor architecture: Intel x64
13:41:02.0490 4744 Number of processors: 2
13:41:02.0490 4744 Page size: 0x1000
13:41:02.0490 4744 Boot type: Normal boot
13:41:02.0490 4744 ============================================================
13:41:04.0703 4744 Initialize success
13:41:12.0740 4708 ============================================================
13:41:12.0740 4708 Scan started
13:41:12.0740 4708 Mode: Manual;
13:41:12.0740 4708 ============================================================
13:41:13.0857 4708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:41:13.0890 4708 1394ohci - ok
13:41:13.0926 4708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:41:13.0930 4708 ACPI - ok
13:41:14.0043 4708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:41:14.0059 4708 AcpiPmi - ok
13:41:14.0207 4708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:41:14.0219 4708 adp94xx - ok
13:41:14.0291 4708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:41:14.0297 4708 adpahci - ok
13:41:14.0337 4708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:41:14.0341 4708 adpu320 - ok
13:41:14.0438 4708 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
13:41:14.0449 4708 AFD - ok
13:41:14.0518 4708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:41:14.0541 4708 agp440 - ok
13:41:14.0681 4708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:41:14.0697 4708 aliide - ok
13:41:14.0837 4708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:41:14.0855 4708 amdide - ok
13:41:14.0957 4708 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:41:14.0960 4708 amdiox64 - ok
13:41:15.0024 4708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:41:15.0054 4708 AmdK8 - ok
13:41:15.0326 4708 amdkmdag (98e20c5a39fea1920031d3850004b334) C:\Windows\system32\DRIVERS\atikmdag.sys
13:41:15.0515 4708 amdkmdag - ok
13:41:15.0646 4708 amdkmdap (8624dc7b8d22daf28f5438735095f6c4) C:\Windows\system32\DRIVERS\atikmpag.sys
13:41:15.0653 4708 amdkmdap - ok
13:41:15.0746 4708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:41:15.0748 4708 AmdPPM - ok
13:41:15.0814 4708 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:41:15.0827 4708 amdsata - ok
13:41:15.0913 4708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:41:15.0919 4708 amdsbs - ok
13:41:15.0973 4708 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:41:15.0976 4708 amdxata - ok
13:41:16.0063 4708 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
13:41:16.0064 4708 amd_sata - ok
13:41:16.0081 4708 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
13:41:16.0083 4708 amd_xata - ok
13:41:16.0185 4708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:41:16.0196 4708 AppID - ok
13:41:16.0260 4708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:41:16.0264 4708 arc - ok
13:41:16.0330 4708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:41:16.0334 4708 arcsas - ok
13:41:16.0372 4708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:41:16.0375 4708 AsyncMac - ok
13:41:16.0490 4708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:41:16.0492 4708 atapi - ok
13:41:16.0612 4708 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
13:41:16.0616 4708 AtiHdmiService - ok
13:41:16.0654 4708 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
13:41:16.0657 4708 AtiPcie - ok
13:41:16.0793 4708 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:41:16.0797 4708 AVGIDSDriver - ok
13:41:16.0930 4708 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:41:16.0933 4708 AVGIDSEH - ok
13:41:16.0960 4708 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:41:16.0963 4708 AVGIDSFilter - ok
13:41:17.0069 4708 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
13:41:17.0075 4708 Avgldx64 - ok
13:41:17.0168 4708 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:41:17.0171 4708 Avgmfx64 - ok
13:41:17.0208 4708 Avgrkx64 (5a7aa579d4fa072fb9715f8d83eb1f00) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:41:17.0210 4708 Avgrkx64 - ok
13:41:17.0304 4708 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
13:41:17.0313 4708 Avgtdia - ok
13:41:17.0458 4708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:41:17.0469 4708 b06bdrv - ok
13:41:17.0565 4708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:41:17.0569 4708 b57nd60a - ok
13:41:17.0772 4708 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:41:17.0808 4708 BCM43XX - ok
13:41:17.0899 4708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:41:17.0903 4708 Beep - ok
13:41:18.0016 4708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:41:18.0018 4708 blbdrive - ok
13:41:18.0053 4708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:41:18.0056 4708 bowser - ok
13:41:18.0147 4708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:41:18.0150 4708 BrFiltLo - ok
13:41:18.0162 4708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:41:18.0166 4708 BrFiltUp - ok
13:41:18.0215 4708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:41:18.0222 4708 Brserid - ok
13:41:18.0294 4708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:41:18.0299 4708 BrSerWdm - ok
13:41:18.0307 4708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:41:18.0311 4708 BrUsbMdm - ok
13:41:18.0329 4708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:41:18.0331 4708 BrUsbSer - ok
13:41:18.0341 4708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:41:18.0343 4708 BTHMODEM - ok
13:41:18.0455 4708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:41:18.0459 4708 cdfs - ok
13:41:18.0579 4708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:41:18.0600 4708 cdrom - ok
13:41:18.0716 4708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:41:18.0720 4708 circlass - ok
13:41:18.0773 4708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:41:18.0803 4708 CLFS - ok
13:41:18.0928 4708 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
13:41:18.0931 4708 clwvd - ok
13:41:18.0968 4708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:41:18.0970 4708 CmBatt - ok
13:41:19.0066 4708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:41:19.0078 4708 cmdide - ok
13:41:19.0153 4708 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
13:41:19.0163 4708 CNG - ok
13:41:19.0265 4708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:41:19.0268 4708 Compbatt - ok
13:41:19.0328 4708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:41:19.0347 4708 CompositeBus - ok
13:41:19.0435 4708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:41:19.0438 4708 crcdisk - ok
13:41:19.0573 4708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:41:19.0577 4708 DfsC - ok
13:41:19.0622 4708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:41:19.0624 4708 discache - ok
13:41:19.0735 4708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:41:19.0739 4708 Disk - ok
13:41:19.0856 4708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:41:19.0858 4708 drmkaud - ok
13:41:19.0946 4708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:41:19.0980 4708 DXGKrnl - ok
13:41:20.0132 4708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:41:20.0167 4708 ebdrv - ok
13:41:20.0303 4708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:41:20.0315 4708 elxstor - ok
13:41:20.0397 4708 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
13:41:20.0400 4708 epmntdrv - ok
13:41:20.0465 4708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:41:20.0480 4708 ErrDev - ok
13:41:20.0561 4708 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
13:41:20.0563 4708 EuGdiDrv - ok
13:41:20.0634 4708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:41:20.0640 4708 exfat - ok
13:41:20.0754 4708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:41:20.0760 4708 fastfat - ok
13:41:20.0793 4708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:41:20.0796 4708 fdc - ok
13:41:20.0892 4708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:41:20.0894 4708 FileInfo - ok
13:41:20.0907 4708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:41:20.0910 4708 Filetrace - ok
13:41:20.0925 4708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:41:20.0927 4708 flpydisk - ok
13:41:20.0986 4708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:41:20.0994 4708 FltMgr - ok
13:41:21.0097 4708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:41:21.0101 4708 FsDepends - ok
13:41:21.0129 4708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:41:21.0131 4708 Fs_Rec - ok
13:41:21.0252 4708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:41:21.0256 4708 fvevol - ok
13:41:21.0297 4708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:41:21.0301 4708 gagp30kx - ok
13:41:21.0368 4708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:41:21.0371 4708 hcw85cir - ok
13:41:21.0445 4708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:41:21.0471 4708 HdAudAddService - ok
13:41:21.0566 4708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:41:21.0571 4708 HDAudBus - ok
13:41:21.0604 4708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:41:21.0606 4708 HidBatt - ok
13:41:21.0616 4708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:41:21.0618 4708 HidBth - ok
13:41:21.0628 4708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:41:21.0630 4708 HidIr - ok
13:41:21.0740 4708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
13:41:21.0743 4708 HidUsb - ok
13:41:21.0928 4708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:41:21.0947 4708 HpSAMD - ok
13:41:22.0032 4708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:41:22.0047 4708 HTTP - ok
13:41:22.0154 4708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:41:22.0155 4708 hwpolicy - ok
13:41:22.0213 4708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:41:22.0233 4708 i8042prt - ok
13:41:22.0347 4708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:41:22.0361 4708 iaStorV - ok
13:41:22.0574 4708 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:41:22.0728 4708 igfx - ok
13:41:22.0818 4708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:41:22.0821 4708 iirsp - ok
13:41:22.0881 4708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:41:22.0891 4708 intelide - ok
13:41:22.0954 4708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:41:22.0958 4708 intelppm - ok
13:41:23.0043 4708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:41:23.0078 4708 IpFilterDriver - ok
13:41:23.0167 4708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:41:23.0185 4708 IPMIDRV - ok
13:41:23.0248 4708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:41:23.0252 4708 IPNAT - ok
13:41:23.0308 4708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:41:23.0311 4708 IRENUM - ok
13:41:23.0388 4708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:41:23.0406 4708 isapnp - ok
13:41:23.0478 4708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:41:23.0503 4708 iScsiPrt - ok
13:41:23.0582 4708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:41:23.0601 4708 kbdclass - ok
13:41:23.0662 4708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:41:23.0680 4708 kbdhid - ok
13:41:23.0797 4708 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
13:41:23.0801 4708 KSecDD - ok
13:41:23.0852 4708 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
13:41:23.0855 4708 KSecPkg - ok
13:41:23.0942 4708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:41:23.0945 4708 ksthunk - ok
13:41:24.0088 4708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:41:24.0091 4708 lltdio - ok
13:41:24.0148 4708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:41:24.0151 4708 LSI_FC - ok
13:41:24.0231 4708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:41:24.0236 4708 LSI_SAS - ok
13:41:24.0249 4708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:41:24.0253 4708 LSI_SAS2 - ok
13:41:24.0277 4708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:41:24.0280 4708 LSI_SCSI - ok
13:41:24.0344 4708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:41:24.0347 4708 luafv - ok
13:41:24.0404 4708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:41:24.0407 4708 megasas - ok
13:41:24.0459 4708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:41:24.0466 4708 MegaSR - ok
13:41:24.0529 4708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:41:24.0533 4708 Modem - ok
13:41:24.0588 4708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:41:24.0589 4708 monitor - ok
13:41:24.0688 4708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:41:24.0707 4708 mouclass - ok
13:41:24.0777 4708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:41:24.0780 4708 mouhid - ok
13:41:24.0858 4708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:41:24.0860 4708 mountmgr - ok
13:41:24.0930 4708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:41:24.0941 4708 mpio - ok
13:41:25.0013 4708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:41:25.0017 4708 mpsdrv - ok
13:41:25.0111 4708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:41:25.0130 4708 MRxDAV - ok
13:41:25.0200 4708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:25.0206 4708 mrxsmb - ok
13:41:25.0266 4708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:25.0271 4708 mrxsmb10 - ok
13:41:25.0333 4708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:25.0338 4708 mrxsmb20 - ok
13:41:25.0417 4708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:41:25.0420 4708 msahci - ok
13:41:25.0488 4708 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:41:25.0512 4708 msdsm - ok
13:41:25.0580 4708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:41:25.0591 4708 Msfs - ok
13:41:25.0638 4708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:41:25.0640 4708 mshidkmdf - ok
13:41:25.0692 4708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:41:25.0695 4708 msisadrv - ok
13:41:25.0804 4708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:41:25.0807 4708 MSKSSRV - ok
13:41:25.0819 4708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:41:25.0821 4708 MSPCLOCK - ok
13:41:25.0836 4708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:41:25.0838 4708 MSPQM - ok
13:41:25.0903 4708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:41:25.0911 4708 MsRPC - ok
13:41:26.0027 4708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:41:26.0029 4708 mssmbios - ok
13:41:26.0071 4708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:41:26.0072 4708 MSTEE - ok
13:41:26.0129 4708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:41:26.0131 4708 MTConfig - ok
13:41:26.0159 4708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:41:26.0163 4708 Mup - ok
13:41:26.0259 4708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:41:26.0268 4708 NativeWifiP - ok
13:41:26.0355 4708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:41:26.0366 4708 NDIS - ok
13:41:26.0465 4708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:41:26.0468 4708 NdisCap - ok
13:41:26.0527 4708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:26.0530 4708 NdisTapi - ok
13:41:26.0609 4708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:41:26.0612 4708 Ndisuio - ok
13:41:26.0686 4708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:26.0708 4708 NdisWan - ok
13:41:26.0792 4708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:41:26.0811 4708 NDProxy - ok
13:41:26.0892 4708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:41:26.0895 4708 NetBIOS - ok
13:41:26.0964 4708 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:41:26.0970 4708 NetBT - ok
13:41:27.0222 4708 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:41:27.0381 4708 netw5v64 - ok
13:41:27.0463 4708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:41:27.0466 4708 nfrd960 - ok
13:41:27.0504 4708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:41:27.0506 4708 Npfs - ok
13:41:27.0520 4708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:41:27.0522 4708 nsiproxy - ok
13:41:27.0616 4708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:41:27.0643 4708 Ntfs - ok
13:41:27.0725 4708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:41:27.0728 4708 Null - ok
13:41:27.0785 4708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:41:27.0803 4708 nvraid - ok
13:41:27.0872 4708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:41:27.0895 4708 nvstor - ok
13:41:27.0958 4708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:41:27.0980 4708 nv_agp - ok
13:41:28.0082 4708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:41:28.0093 4708 ohci1394 - ok
13:41:28.0139 4708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:41:28.0142 4708 Parport - ok
13:41:28.0251 4708 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:41:28.0255 4708 partmgr - ok
13:41:28.0316 4708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:41:28.0320 4708 pci - ok
13:41:28.0403 4708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:41:28.0421 4708 pciide - ok
13:41:28.0454 4708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:41:28.0459 4708 pcmcia - ok
13:41:28.0531 4708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:41:28.0534 4708 pcw - ok
13:41:28.0565 4708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:41:28.0583 4708 PEAUTH - ok
13:41:28.0739 4708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:41:28.0760 4708 PptpMiniport - ok
13:41:28.0793 4708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:41:28.0796 4708 Processor - ok
13:41:28.0915 4708 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:41:28.0917 4708 Psched - ok
13:41:28.0984 4708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:41:29.0016 4708 ql2300 - ok
13:41:29.0089 4708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:41:29.0093 4708 ql40xx - ok
13:41:29.0123 4708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:41:29.0125 4708 QWAVEdrv - ok
13:41:29.0134 4708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:41:29.0136 4708 RasAcd - ok
13:41:29.0179 4708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:41:29.0182 4708 RasAgileVpn - ok
13:41:29.0289 4708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:41:29.0307 4708 Rasl2tp - ok
13:41:29.0360 4708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:29.0366 4708 RasPppoe - ok
13:41:29.0441 4708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:41:29.0445 4708 RasSstp - ok
13:41:29.0514 4708 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:41:29.0522 4708 rdbss - ok
13:41:29.0612 4708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:41:29.0617 4708 rdpbus - ok
13:41:29.0641 4708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:41:29.0642 4708 RDPCDD - ok
13:41:29.0655 4708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:41:29.0656 4708 RDPENCDD - ok
13:41:29.0731 4708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:41:29.0733 4708 RDPREFMP - ok
13:41:29.0791 4708 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
13:41:29.0813 4708 RDPWD - ok
13:41:29.0914 4708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:41:29.0920 4708 rdyboost - ok
13:41:30.0014 4708 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
13:41:30.0021 4708 RSPCIESTOR - ok
13:41:30.0119 4708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:41:30.0123 4708 rspndr - ok
13:41:30.0197 4708 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:41:30.0206 4708 RTL8167 - ok
13:41:30.0296 4708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:41:30.0315 4708 sbp2port - ok
13:41:30.0378 4708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:41:30.0381 4708 scfilter - ok
13:41:30.0491 4708 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:41:30.0511 4708 sdbus - ok
13:41:30.0558 4708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:41:30.0560 4708 secdrv - ok
13:41:30.0628 4708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:41:30.0631 4708 Serenum - ok
13:41:30.0647 4708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:41:30.0650 4708 Serial - ok
13:41:30.0684 4708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:41:30.0700 4708 sermouse - ok
13:41:30.0761 4708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:41:30.0773 4708 sffdisk - ok
13:41:30.0795 4708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:41:30.0813 4708 sffp_mmc - ok
13:41:30.0861 4708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:41:30.0877 4708 sffp_sd - ok
13:41:30.0907 4708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:41:30.0908 4708 sfloppy - ok
13:41:30.0939 4708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:41:30.0941 4708 SiSRaid2 - ok
13:41:30.0951 4708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:41:30.0953 4708 SiSRaid4 - ok
13:41:31.0011 4708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:41:31.0015 4708 Smb - ok
13:41:31.0075 4708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:41:31.0076 4708 spldr - ok
13:41:31.0229 4708 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\system32\Drivers\sptd.sys
13:41:31.0230 4708 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 131575cdf93fdf365de107d0242e52d8
13:41:31.0235 4708 sptd ( LockedFile.Multi.Generic ) - warning
13:41:31.0235 4708 sptd - detected LockedFile.Multi.Generic (1)
13:41:31.0326 4708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:41:31.0353 4708 srv - ok
13:41:31.0438 4708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:41:31.0451 4708 srv2 - ok
13:41:31.0500 4708 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:41:31.0522 4708 SrvHsfHDA - ok
13:41:31.0653 4708 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:41:31.0677 4708 SrvHsfV92 - ok
13:41:31.0782 4708 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:41:31.0799 4708 SrvHsfWinac - ok
13:41:31.0836 4708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:41:31.0840 4708 srvnet - ok
13:41:31.0971 4708 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys
13:41:31.0976 4708 StarPortLite - ok
13:41:32.0008 4708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:41:32.0011 4708 stexstor - ok
13:41:32.0125 4708 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
13:41:32.0136 4708 STHDA - ok
13:41:32.0243 4708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:41:32.0262 4708 swenum - ok
13:41:32.0428 4708 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
13:41:32.0453 4708 SynTP - ok
13:41:32.0618 4708 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
13:41:32.0653 4708 Tcpip - ok
13:41:32.0806 4708 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
13:41:32.0823 4708 TCPIP6 - ok
13:41:32.0939 4708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:41:32.0942 4708 tcpipreg - ok
13:41:32.0997 4708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:41:33.0000 4708 TDPIPE - ok
13:41:33.0063 4708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:41:33.0066 4708 TDTCP - ok
13:41:33.0124 4708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:41:33.0144 4708 tdx - ok
13:41:33.0201 4708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:41:33.0225 4708 TermDD - ok
13:41:33.0364 4708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:33.0368 4708 tssecsrv - ok
13:41:33.0489 4708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:41:33.0493 4708 TsUsbFlt - ok
13:41:33.0568 4708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:41:33.0590 4708 tunnel - ok
13:41:33.0686 4708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:41:33.0690 4708 uagp35 - ok
13:41:33.0751 4708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:41:33.0775 4708 udfs - ok
13:41:33.0908 4708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:41:33.0929 4708 uliagpkx - ok
13:41:33.0992 4708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:41:34.0002 4708 umbus - ok
13:41:34.0087 4708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:41:34.0089 4708 UmPass - ok
13:41:34.0151 4708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:34.0155 4708 usbccgp - ok
13:41:34.0263 4708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:41:34.0284 4708 usbcir - ok
13:41:34.0310 4708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:41:34.0328 4708 usbehci - ok
13:41:34.0363 4708 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
13:41:34.0365 4708 usbfilter - ok
13:41:34.0490 4708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:41:34.0515 4708 usbhub - ok
13:41:34.0538 4708 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:41:34.0552 4708 usbohci - ok
13:41:34.0629 4708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:41:34.0632 4708 usbprint - ok
13:41:34.0682 4708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
13:41:34.0700 4708 USBSTOR - ok
13:41:34.0801 4708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:41:34.0818 4708 usbuhci - ok
13:41:34.0897 4708 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:41:34.0903 4708 usbvideo - ok
13:41:34.0993 4708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:41:34.0996 4708 vdrvroot - ok
13:41:35.0058 4708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:35.0063 4708 vga - ok
13:41:35.0119 4708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:41:35.0121 4708 VgaSave - ok
13:41:35.0178 4708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:41:35.0203 4708 vhdmp - ok
13:41:35.0249 4708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:41:35.0265 4708 viaide - ok
13:41:35.0366 4708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:41:35.0370 4708 volmgr - ok
13:41:35.0462 4708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:41:35.0470 4708 volmgrx - ok
13:41:35.0591 4708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:41:35.0598 4708 volsnap - ok
13:41:35.0648 4708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:41:35.0653 4708 vsmraid - ok
13:41:35.0727 4708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:41:35.0738 4708 vwifibus - ok
13:41:35.0811 4708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:41:35.0815 4708 vwififlt - ok
13:41:35.0874 4708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:41:35.0878 4708 WacomPen - ok
13:41:35.0967 4708 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:35.0987 4708 WANARP - ok
13:41:36.0004 4708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:41:36.0007 4708 Wanarpv6 - ok
13:41:36.0105 4708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:41:36.0108 4708 Wd - ok
13:41:36.0172 4708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:41:36.0182 4708 Wdf01000 - ok
13:41:36.0280 4708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:36.0283 4708 WfpLwf - ok
13:41:36.0316 4708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:41:36.0319 4708 WIMMount - ok
13:41:36.0445 4708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:41:36.0446 4708 WmiAcpi - ok
13:41:36.0529 4708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:41:36.0532 4708 ws2ifsl - ok
13:41:36.0623 4708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:41:36.0643 4708 WudfPf - ok
13:41:36.0733 4708 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:41:36.0743 4708 yukonw7 - ok
13:41:36.0786 4708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:41:36.0800 4708 \Device\Harddisk0\DR0 - ok
13:41:36.0805 4708 Boot (0x1200) (91f4876c25d705bd67230cef5418ddd8) \Device\Harddisk0\DR0\Partition0
13:41:36.0806 4708 \Device\Harddisk0\DR0\Partition0 - ok
13:41:36.0820 4708 Boot (0x1200) (b261654ead5f444840ea5a922a4f4f47) \Device\Harddisk0\DR0\Partition1
13:41:36.0821 4708 \Device\Harddisk0\DR0\Partition1 - ok
13:41:36.0857 4708 Boot (0x1200) (84697d7442e4bd6fc4eef3f6886f3350) \Device\Harddisk0\DR0\Partition2
13:41:36.0858 4708 \Device\Harddisk0\DR0\Partition2 - ok
13:41:36.0877 4708 Boot (0x1200) (de330709e74b6f3f4772acc81673eee4) \Device\Harddisk0\DR0\Partition3
13:41:36.0877 4708 \Device\Harddisk0\DR0\Partition3 - ok
13:41:36.0877 4708 ============================================================
13:41:36.0877 4708 Scan finished
13:41:36.0878 4708 ============================================================
13:41:36.0889 1100 Detected object count: 1
13:41:36.0889 1100 Actual detected object count: 1
13:41:44.0159 1100 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:41:44.0159 1100 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Nur SPTD. Ist der Treiber für emulierte (virtuelle) DVD/CD Laufwerke.
Wollen wir noch tiefer buddeln?

SPTD stimmt ist für virtuelles laufwerk das ist schon ok. Ja weiss ich nicht ob man noch gründlicher schauen muss wenn du der meinung bist das wir noch tiefgründiger schauen sollten dann machen wir das.