| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 - Auch mich hats erwischt!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.06.2012, 17:01
| #1 |
 |  TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hallo Erstmal besten Dank, dass Ihr hier uns Unwissenden mit derart viel Aufwand weiter helft. Bei meinem PC war plötzlich Avira deinstalliert und kurze Zeit später fing der Desktop an zu `spinnen`. Also Avira neu geladen und die bekannten Meldungen angezeigt bekommen - C:\Windows\assembly\temp\U\80000032.@ sowie in vielen anderen Dateien wurde der böse  TR/ATRAPS.Gen2 gefunden.Hier die Daten vom Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:28 on 01/06/2012 (1) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Und OTL: OTL logfile created on: 01.06.2012 17:31:53 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\1\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 43.29% Memory free 7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200.10 Gb Total Space | 97.14 Gb Free Space | 48.55% Space Free | Partition Type: NTFS Drive D: | 697.07 Gb Total Space | 666.97 Gb Free Space | 95.68% Space Free | Partition Type: NTFS Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: 1-PC | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.01 17:31:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\1\AppData\Local\Akamai\netsession_win.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.13 18:06:45 | 000,424,568 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe PRC - [2012.02.13 18:06:45 | 000,188,024 | ---- | M] (hxxp://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe PRC - [2011.12.05 13:42:22 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.03.15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (db2das00) SRV - [2012.05.30 08:34:57 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.09.29 07:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.01.28 16:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.21 00:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.08.14 16:50:16 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0DE28D6F-C79C-4915-B91D-F96FF45C7FDA} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {D8BD6DAA-94A1-4202-8991-182C9112FD7D} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH402 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (hxxp://www.express-files.com/) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe" File not found O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {6C9B3550-8DF6-415D-9B8F-4B1E74D08355} file:///C:/Users/1/AppData/Local/indigo/%7BC066C75D-B244-460E-A237-F1ED8E85E227%7D/www/IndigoScreen.cab (IndigoScreen2 ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D7DA3AF-0795-4C40-BA42-670FF51D9688}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E5F2BFF-ABB2-41F8-B820-E403D44E40EC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: db2das00 - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 17:31:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.05.31 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Avira [2012.05.31 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.31 13:32:29 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.31 13:32:29 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.31 13:32:29 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.31 13:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.31 13:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.30 23:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.05.30 22:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.28 17:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\HPAppData [2012.05.23 21:18:58 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2012.05.07 18:12:30 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\DiskAid [2012.05.07 18:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid [2012.05.07 18:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DigiDNA ========== Files - Modified Within 30 Days ========== [2012.06.01 17:31:34 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.06.01 17:28:07 | 000,000,000 | ---- | M] () -- C:\Users\1\defogger_reenable [2012.06.01 17:26:39 | 000,050,477 | ---- | M] () -- C:\Users\1\Desktop\Defogger.exe [2012.06.01 17:23:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.01 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job [2012.06.01 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At18.job [2012.06.01 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job [2012.06.01 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job [2012.06.01 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job [2012.06.01 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At16.job [2012.06.01 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job [2012.06.01 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job [2012.06.01 13:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job [2012.06.01 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At14.job [2012.06.01 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job [2012.06.01 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job [2012.06.01 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job [2012.06.01 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At12.job [2012.06.01 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job [2012.06.01 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job [2012.06.01 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job [2012.06.01 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At10.job [2012.06.01 08:37:34 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 08:37:34 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.01 08:30:21 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.01 08:30:19 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-1-Startup.job [2012.06.01 08:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.01 08:29:40 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2012.05.31 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job [2012.05.31 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job [2012.05.31 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job [2012.05.31 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At22.job [2012.05.31 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job [2012.05.31 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job [2012.05.31 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job [2012.05.31 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At20.job [2012.05.31 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job [2012.05.31 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job [2012.05.31 13:32:44 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.31 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job [2012.05.31 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job [2012.05.31 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job [2012.05.31 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At8.job [2012.05.31 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job [2012.05.31 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job [2012.05.31 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job [2012.05.31 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At6.job [2012.05.31 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job [2012.05.31 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job [2012.05.31 03:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job [2012.05.31 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At4.job [2012.05.31 02:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job [2012.05.31 02:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job [2012.05.31 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job [2012.05.31 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At2.job [2012.05.31 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job [2012.05.31 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job [2012.05.29 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job [2012.05.29 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At24.job [2012.05.24 09:09:09 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.10 14:24:04 | 006,232,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.07 18:12:22 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\DiskAid.lnk ========== Files Created - No Company Name ========== [2012.06.01 17:28:07 | 000,000,000 | ---- | C] () -- C:\Users\1\defogger_reenable [2012.06.01 17:26:38 | 000,050,477 | ---- | C] () -- C:\Users\1\Desktop\Defogger.exe [2012.05.31 13:32:44 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.23 21:31:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job [2012.05.23 21:31:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job [2012.05.23 21:31:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job [2012.05.23 21:31:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job [2012.05.23 21:31:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job [2012.05.23 21:31:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job [2012.05.23 21:31:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job [2012.05.23 21:31:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job [2012.05.23 21:31:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job [2012.05.23 21:30:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job [2012.05.23 21:30:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job [2012.05.23 21:30:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job [2012.05.23 21:30:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job [2012.05.23 21:30:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job [2012.05.23 21:30:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At24.job [2012.05.23 21:30:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At22.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job [2012.05.23 21:30:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At20.job [2012.05.23 21:30:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At18.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job [2012.05.23 21:30:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At16.job [2012.05.23 21:30:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job [2012.05.23 21:30:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At14.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At12.job [2012.05.23 21:30:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At10.job [2012.05.23 21:30:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At8.job [2012.05.23 21:30:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At6.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job [2012.05.23 21:30:37 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At4.job [2012.05.23 21:30:36 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At2.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job [2012.05.23 21:20:25 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.07 18:12:22 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\DiskAid.lnk [2012.02.27 15:00:00 | 000,004,096 | -H-- | C] () -- C:\Users\1\AppData\Local\keyfile3.drm [2011.03.08 23:49:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.21 21:25:04 | 000,492,517 | ---- | C] () -- C:\Windows\DIMENSION-3 Uninstaller.exe [2010.08.23 23:12:52 | 000,245,342 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.08.23 23:12:52 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.06.18 16:32:34 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2010.06.07 19:32:20 | 000,035,014 | ---- | C] () -- C:\Windows\Ascd_log.ini [2010.06.07 19:30:13 | 000,027,011 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2011.10.31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.07 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.10.31 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.01.21 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Dimension-3 [2012.05.07 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\DiskAid [2012.03.04 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\EasyTax [2012.06.01 17:34:46 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ExpressFiles [2010.07.18 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\gtk-2.0 [2011.08.14 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\inkscape [2012.01.04 18:57:16 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\MAGIX [2012.04.24 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\NetDrive [2010.06.24 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Opera [2011.11.01 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.05.31 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job [2012.06.01 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At10.job [2012.06.01 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job [2012.06.01 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At12.job [2012.06.01 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job [2012.06.01 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At14.job [2012.06.01 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job [2012.06.01 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At16.job [2012.06.01 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job [2012.06.01 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At18.job [2012.05.31 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job [2012.05.31 01:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At2.job [2012.05.31 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At20.job [2012.05.31 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job [2012.05.31 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At22.job [2012.05.31 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job [2012.05.29 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At24.job [2012.05.31 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job [2012.05.31 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job [2012.05.31 02:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job [2012.05.31 03:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job [2012.05.31 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job [2012.05.31 02:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job [2012.05.31 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job [2012.05.31 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job [2012.05.31 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job [2012.05.31 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job [2012.06.01 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job [2012.06.01 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job [2012.06.01 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job [2012.06.01 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job [2012.06.01 13:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job [2012.06.01 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job [2012.05.31 03:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At4.job [2012.06.01 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job [2012.06.01 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job [2012.06.01 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job [2012.05.31 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job [2012.05.31 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job [2012.05.31 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job [2012.05.31 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job [2012.05.31 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job [2012.05.29 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job [2012.05.31 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job [2012.05.31 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At6.job [2012.05.31 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job [2012.05.31 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At8.job [2012.05.31 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job [2012.05.04 12:58:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.01 08:30:19 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-1-Startup.job ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point < End of report > Und noch Extra.txt: OTL Extras logfile created on: 01.06.2012 17:31:53 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\1\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 43.29% Memory free 7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200.10 Gb Total Space | 97.14 Gb Free Space | 48.55% Space Free | Partition Type: NTFS Drive D: | 697.07 Gb Total Space | 666.97 Gb Free Space | 95.68% Space Free | Partition Type: NTFS Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: 1-PC | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AAD899-5254-4A90-8591-BC323AEDCC1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{0F71B78A-2723-4F85-ABE1-76E2ECAB42C6}" = lport=138 | protocol=17 | dir=in | app=system | "{27165155-F40F-47C2-B344-B63A7D971F31}" = rport=445 | protocol=6 | dir=out | app=system | "{28656EF2-D3D7-4EB4-A7F5-7369113368CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2BF4A13E-CB90-479F-8E50-05D0E275D5B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2FE8443C-32E9-4086-A7C5-8429DDA71475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BC3EB54-5326-4324-8BBB-F1B49F2952E4}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{5AE9C815-B434-4067-93EE-918E068DA85D}" = lport=139 | protocol=6 | dir=in | app=system | "{753690EA-7740-454C-9AD7-1345BF189AFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{78466685-6F26-4775-B586-52A07D2808F3}" = rport=138 | protocol=17 | dir=out | app=system | "{977EAB4B-D475-402F-8A5A-537073C9F555}" = rport=137 | protocol=17 | dir=out | app=system | "{A04E2DBF-F8DD-432B-BA96-8A53309BB96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B240258F-5546-4099-88AC-829A42477881}" = lport=137 | protocol=17 | dir=in | app=system | "{B25AB902-8336-4BBE-AD73-AB07BE5CB294}" = lport=445 | protocol=6 | dir=in | app=system | "{C084E120-9E8D-4A78-8FBF-6B550738193C}" = rport=139 | protocol=6 | dir=out | app=system | "{C139951B-D8BB-451B-80B7-F278B8EAFFD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D3F66786-D47F-4563-9BC3-97922180DEB7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E970A6-E78E-4B76-BBAC-845A8BCE14AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{040C6183-39A7-4BB2-BBB0-2987AFD6A5C3}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{0705CFBF-F0D4-496C-B4AE-A051106083DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0CD089C9-D6A9-47E2-9C7B-CFFDFC6A7224}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{137341A8-6A71-4CB4-840B-A9BCED7EE9CD}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{1B732DC9-306A-454D-A08B-E44913220881}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{219766EF-9103-41A8-8E85-BC818E790C0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{26EDFC06-EF3A-437D-BC76-3DF06DE5C93D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{290DC225-6F27-4922-93B5-2EB18ED33A42}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe | "{2D181D9C-A73D-469C-88BA-BE7D678F2503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{2DD084D0-AE21-46AD-B9B4-184CE89E2074}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{31A7B851-B754-414B-8EB3-9522989523F2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{3654C53B-22FC-43CD-95CB-F4E6AE545ED4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{3DC01B96-47CD-4BB5-9544-3FA2DCC38213}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{46932D0A-F02D-4CEC-A90E-BD116238CA83}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{4BE6ABC5-A373-49D3-83BD-EF3D1B4E9B81}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{4E7D3D73-9391-420E-B5B8-F637E4FC3FF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{528CDFD7-E430-46D8-9F81-E5F25FBCDE47}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{52E0AA66-CB34-4B84-8EF1-218BA35C6E86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{55AD4A7B-09C6-4755-B092-9E01E79E8197}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{5D7BE5C5-4C26-4EF6-8F7B-CD8B0024044C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{6133B781-C99F-4B37-AAF3-99DA741F565E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{643A86FD-E01C-464C-B515-F412135A2462}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{65983E45-FCFF-4652-B413-8EBBF646228B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{67B09C9B-11BB-4772-AABA-0DAEDD14B4EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{70174208-B44A-425C-8990-25CE06323943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{7177BDFC-3BF3-44ED-B79A-5C7498D88D43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{78EE7E73-003F-4B7B-87D3-2588788A579A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{81B58833-BF34-4794-9F0D-4CE5232E51F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{83885FED-FCC1-4FE1-969E-D8D97F731C40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{84E684BC-3340-472E-9A88-8A8E1728D343}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{883A962D-A849-4E72-BA8B-6FEE5DE41260}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8919D009-DFD4-4B32-B397-A3AEC8335BC4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{8AA65831-98F2-4939-B306-2BEBD1F0F1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8E76FABC-7426-43D2-9463-D1691AAF10AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{96A56CD8-15DD-4D8B-AA9A-864B502F44E8}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe | "{96F8BB39-7415-42D9-BE20-596DD951B27A}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{A0174283-29A7-4ABE-BF56-8A49CC962706}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "{A15D09B6-A605-4CE5-9F2B-08A4927B71CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{A233F363-568D-436D-A14C-D895F54B1D37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A6C81D56-1DD9-473C-BC71-79CC0AFB280C}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "{A88263C1-E744-4EC5-892B-93E244AD0B68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{A9614C95-46F3-4522-A2B7-FFE17C67F297}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{AB2B6405-8EE0-40FA-A821-8BB6C0E06B18}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{B4E11C8F-954B-4623-A773-5232D5EC9EFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{B5C0B9D3-4A8D-442D-9262-EEF22035B92B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B8C55DE3-A406-4E8C-B2F6-B73F30A72544}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{C420A356-D14C-44A4-95A0-397F6C3E1694}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1154CF0-12DC-4B19-A0AB-37082C2698A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D2D28C87-733A-425E-AA8C-3EC34DA3CA4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{E0D5DCA1-502D-4061-8FE9-2731E81173EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{E486AD6A-8D17-4EC9-942C-A52E4D68E5A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{E63FFE49-32D7-479C-A731-0F2B66A2F07F}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | "{E9D4A348-0D43-4EF2-B340-AD4928304F48}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EDE2BC3C-A346-4418-99E8-093F13E4729D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F3F96CCA-2E09-49EE-9CC7-0B04AE7A238A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F74C9258-6440-4E4F-86B9-33BBA53186E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{FB601163-587F-495D-923F-524B82FF4DDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "TCP Query User{953CE1AF-0910-4BAD-936D-5A873FE66F01}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | "TCP Query User{A19D75C7-E182-4FDE-85B7-476D848BE867}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe | "UDP Query User{0619A1D9-3D96-44FC-A30F-EA8C3D489898}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe | "UDP Query User{52B28C29-2886-468C-AEF6-5547F1208D62}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud "{8E1C4A73-489E-43EC-A5F9-0EACF5E61791}" = Pop Art Studio 6.1 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B30EE0A5-4671-40DD-8C75-A88D24CF0A2D}" = WinMaximizer "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinMaximizer" = WinMaximizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047B9A6A-21E7-45CF-8825-0A061EEF9B23}" = SweetIM Toolbar for Internet Explorer 4.3 "{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6 "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5 "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES "{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{970815E2-B0A8-4EDE-83B6-2689CFE5FB30}" = MAGIX Web Designer 7 Premium Download-Version "{9825D2D1-4E5D-4F5A-BE7C-22D09A37DA11}" = MAGIX Web Designer 7 Premium Content Pack "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9E21D37-B157-4245-9C33-179628C47847}" = CorelDRAW Graphics Suite X5 - Premium Fonts "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FA01D751-CE47-4533-BB5D-9BB34514A43B}" = Artcut2009 "{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Akamai" = Akamai NetSession Interface Service "ArgusMonitor" = ArgusMonitor "Artcut2009" = Artcut2009 "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Chinese Traditional Graphics" = Chinese Traditional Graphics "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DIMENSION-3" = DIMENSION-3 entfernen "DiskAid_is1" = DiskAid 5.14 "EasyTax 2010 AG 1.01" = EasyTax 2010 AG 1.01 "EasyTax 2011 AG 1.01" = EasyTax 2011 AG 1.01 "ENTERPRISER" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "Graboid Video" = Graboid Video 2.3 "Inkscape" = Inkscape 0.48.1 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "MAGIX_MSI_Web_Designer_7_Premium" = MAGIX Web Designer 7 Premium Download-Version "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "SpeedFan" = SpeedFan (remove only) "SWiSH miniMax2" = SWiSH miniMax2 "Vector Magic" = Vector Magic "Virtual Garden" = Virtual Garden "VLC media player" = VLC media player 1.0.1 "WebTemp_is1" = WebTemp 3.30 (kostenlose Version) "WinGimp-2.0_is1" = Gimp 2.6.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "ExpressFiles" = ExpressFiles ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Vielen vielen Dank fürs Helfen. |
|
03.06.2012, 14:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
04.06.2012, 20:29
| #3 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hallo
__________________Ich habe nun MWB drei Mal laufen lassen. Stopt zwischen 25 und 47 Min. mit dem Hinweis, dass das Programm keine Rückmeldung gibt und hängt sich auf. Eine Idee? |
|
04.06.2012, 21:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Schon im abgesicherten Modus mit Netzwerktreibern versucht?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2012, 16:03
| #5 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hallo Habs heute Morgen nochmals gestartet. Jetzt hats geklappt. Lass nachher gleich ESET laufen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 1 :: 1-PC [Administrator] Schutz: Aktiviert 04.06.2012 23:20:13 mbam-log-2012-06-04 (23-20-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1936101 Laufzeit: 4 Stunde(n), 43 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Users\1\AppData\Local\Temp\aowsnxrcme.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\mor.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\mransxewoc.exe (Backdoor.MSIL.P) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\msimg32.dll (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\FH\extension.exe (Adware.Soge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\ogjgft\setup.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\FH\extension.exe (PUP.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\1\AppData\Local\Temp\FH\FileHunter-Win32.exe (PUP.FileHunter) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
06.06.2012, 20:01
| #6 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hallo Arne Hab ESET laufen lassen. log.txt kann ich jedoch nicht auslesen, da die Datei nicht gefunden wird. Hab die gefundenen Fehler aber vorgängig kopiert. Hoffe, dass du diese brauchst und ich nicht nochmals laufen lassen muss. Gruss Roger Code:
ATTFilter C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll Variante von Win32/Toolbar.Babylon Anwendung
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon Anwendung
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe möglicherweise Variante von Win32/Toolbar.Babylon Anwendung
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon Anwendung
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon Anwendung
C:\Program Files (x86)\ExpressFiles\uninstall.exe Variante von Win32/ExpressFiles Anwendung
C:\Users\1\AppData\Local\Temp\update43263492.exe Variante von Win32/ExpressFiles Anwendung
C:\Users\1\AppData\Local\Temp\1461D5DC-BAB0-7891-BFE8-54F657506E77\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung
C:\Users\1\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe Variante von Win32/SweetIM.B Anwendung
C:\Windows\assembly\temp\U\80000032.@ Variante von Win32/Sirefef.EU Trojaner
C:\Windows\assembly\temp\U\80000064.@ Win64/Sirefef.AC Trojaner
C:\Windows\system64\ami0nt.dll Win64/Sirefef.W Trojaner
C:\Windows\system64\consrv.dll Win64/Sirefef.E Trojaner
Arbeitsspeicher Variante von Win32/Sirefef.DN Trojaner
|
|
07.06.2012, 12:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2012, 23:04
| #8 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Hatte zwei Mal Probleme beim Aufstarten, dass Fehlermeldungen kamen und alles geprüft wurde. Inzwischen ca. 5 Mal neu gestartet und keine Probleme mehr. Windows/Desktop alles wie gehabt und ohne Probleme. Keine fehlenden oder leere Ordner. Gruss Roger |
|
08.06.2012, 09:17
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 17:34
| #10 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! otl Code:
ATTFilter OTL logfile created on: 08.06.2012 18:09:25 - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\1\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.99 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.84% Memory free 7.98 Gb Paging File | 6.25 Gb Available in Paging File | 78.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 200.10 Gb Total Space | 91.21 Gb Free Space | 45.58% Space Free | Partition Type: NTFS Drive D: | 697.07 Gb Total Space | 666.96 Gb Free Space | 95.68% Space Free | Partition Type: NTFS Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS Computer Name: 1-PC | User Name: 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\1\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (hxxp://www.express-files.com/) PRC - C:\Program Files (x86)\ExpressFiles\EFupdater.exe (hxxp://www.express-files.com/) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL () MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (db2das00) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0DE28D6F-C79C-4915-B91D-F96FF45C7FDA} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=B0DFD008-3BEB-4FEA-8385-E4A5C4385FE8&apn_sauid=04ED8506-965D-4B45-94C1-545CD3F9E322& IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=B0DFD008-3BEB-4FEA-8385-E4A5C4385FE8&apn_sauid=04ED8506-965D-4B45-94C1-545CD3F9E322& IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes,DefaultScope = {D8BD6DAA-94A1-4202-8991-182C9112FD7D} IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH402 IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.08.23 23:19:46 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin Hosts file not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (hxxp://www.express-files.com/) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [Akamai NetSession Interface] C:\Users\1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe" File not found O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/1/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {6C9B3550-8DF6-415D-9B8F-4B1E74D08355} file:///C:/Users/1/AppData/Local/indigo/%7BC066C75D-B244-460E-A237-F1ED8E85E227%7D/www/IndigoScreen.cab (IndigoScreen2 ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D7DA3AF-0795-4C40-BA42-670FF51D9688}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E5F2BFF-ABB2-41F8-B820-E403D44E40EC}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: db2das00 - C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.08 17:19:02 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.06.06 20:58:50 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\09D2DF1A-D9F0-40ED-AEF7-92598FF613A8.aplzod [2012.06.05 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.05 17:14:46 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.05 17:14:46 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.05 17:14:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.05 17:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.06.04 19:47:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.04 19:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.01 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Malwarebytes [2012.06.01 17:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.31 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Avira [2012.05.31 13:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.30 23:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.05.30 22:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.28 17:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\HPAppData [2012.05.23 21:18:58 | 000,000,000 | ---D | C] -- C:\Windows\system64 ========== Files - Modified Within 30 Days ========== [2012.06.08 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job [2012.06.08 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job [2012.06.08 17:23:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 17:19:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\1\Desktop\OTL.exe [2012.06.08 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job [2012.06.08 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At18.job [2012.06.08 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job [2012.06.08 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job [2012.06.08 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job [2012.06.08 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At16.job [2012.06.08 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job [2012.06.08 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job [2012.06.08 13:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job [2012.06.08 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At14.job [2012.06.08 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job [2012.06.08 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job [2012.06.08 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job [2012.06.08 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At12.job [2012.06.08 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job [2012.06.08 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job [2012.06.08 09:41:17 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 09:41:17 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 09:34:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.08 09:33:55 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-1-Startup.job [2012.06.08 09:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.08 09:33:41 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2012.06.08 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job [2012.06.08 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job [2012.06.07 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job [2012.06.07 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At24.job [2012.06.07 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job [2012.06.07 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job [2012.06.07 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job [2012.06.07 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At22.job [2012.06.07 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job [2012.06.07 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job [2012.06.07 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job [2012.06.07 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At20.job [2012.06.06 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job [2012.06.06 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At10.job [2012.06.06 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job [2012.06.06 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job [2012.06.06 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job [2012.06.06 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At8.job [2012.06.06 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job [2012.06.06 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job [2012.06.06 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job [2012.06.06 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At6.job [2012.06.06 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job [2012.06.06 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job [2012.06.06 03:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job [2012.06.06 03:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At4.job [2012.06.06 02:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job [2012.06.06 02:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job [2012.06.06 01:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job [2012.06.06 01:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At2.job [2012.06.05 17:15:09 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.04 19:47:05 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 17:28:07 | 000,000,000 | ---- | M] () -- C:\Users\1\defogger_reenable [2012.05.24 09:09:09 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.10 14:24:04 | 006,232,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2037.11.30 09:43:57 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000000.@ [2037.04.10 06:28:15 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000c0.@ [2037.04.10 06:28:09 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cb.@ [2037.04.10 06:27:51 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\000000cf.@ [2037.04.10 06:27:36 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000c0.@ [2037.04.10 06:27:26 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cb.@ [2037.04.10 06:27:17 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\800000cf.@ [2012.06.06 22:08:27 | 000,001,536 | ---- | C] () -- C:\Windows\assembly\temp\U\00000001.@ [2012.06.05 17:15:09 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.04 19:47:05 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.04 17:52:21 | 000,115,712 | ---- | C] () -- C:\Windows\assembly\temp\U\80000032.@ [2012.06.01 17:28:07 | 000,000,000 | ---- | C] () -- C:\Users\1\defogger_reenable [2012.05.23 21:31:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job [2012.05.23 21:31:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job [2012.05.23 21:31:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job [2012.05.23 21:31:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job [2012.05.23 21:31:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job [2012.05.23 21:31:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job [2012.05.23 21:31:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job [2012.05.23 21:31:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job [2012.05.23 21:31:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job [2012.05.23 21:31:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job [2012.05.23 21:31:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job [2012.05.23 21:31:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job [2012.05.23 21:30:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job [2012.05.23 21:30:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job [2012.05.23 21:30:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job [2012.05.23 21:30:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job [2012.05.23 21:30:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job [2012.05.23 21:30:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job [2012.05.23 21:30:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job [2012.05.23 21:30:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At24.job [2012.05.23 21:30:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At22.job [2012.05.23 21:30:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job [2012.05.23 21:30:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At20.job [2012.05.23 21:30:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At18.job [2012.05.23 21:30:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job [2012.05.23 21:30:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At16.job [2012.05.23 21:30:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job [2012.05.23 21:30:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At14.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job [2012.05.23 21:30:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At12.job [2012.05.23 21:30:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job [2012.05.23 21:30:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At10.job [2012.05.23 21:30:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At8.job [2012.05.23 21:30:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At6.job [2012.05.23 21:30:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job [2012.05.23 21:30:37 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At4.job [2012.05.23 21:30:36 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At2.job [2012.05.23 21:30:35 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job [2012.05.23 21:20:25 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd [2012.05.23 21:18:58 | 000,002,048 | ---- | C] () -- C:\Windows\assembly\temp\@ [2012.03.30 16:18:01 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\80000004.@ [2012.03.30 15:58:12 | 000,097,280 | ---- | C] () -- C:\Windows\assembly\temp\U\80000064.@ [2012.02.27 15:00:00 | 000,004,096 | -H-- | C] () -- C:\Users\1\AppData\Local\keyfile3.drm [2011.12.02 14:07:52 | 000,224,768 | ---- | C] () -- C:\Windows\assembly\temp\U\00000002.@ [2011.11.02 19:48:14 | 000,001,024 | ---- | C] () -- C:\Windows\assembly\temp\U\00000004.@ [2011.03.08 23:49:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.21 21:25:04 | 000,492,517 | ---- | C] () -- C:\Windows\DIMENSION-3 Uninstaller.exe [2010.08.23 23:12:52 | 000,245,342 | ---- | C] () -- C:\Windows\hpoins19.dat [2010.08.23 23:12:52 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.06.18 16:32:34 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys ========== LOP Check ========== [2011.10.31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.07 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.10.31 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.01.21 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Dimension-3 [2012.05.07 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\DiskAid [2012.03.04 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\EasyTax [2012.06.08 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ExpressFiles [2010.07.18 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\gtk-2.0 [2011.08.14 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\inkscape [2012.01.04 18:57:16 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\MAGIX [2012.04.24 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\NetDrive [2010.06.24 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Opera [2011.11.01 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.08 00:08:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job [2012.06.06 09:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At10.job [2012.06.08 10:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job [2012.06.08 11:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At12.job [2012.06.08 12:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job [2012.06.08 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At14.job [2012.06.08 14:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job [2012.06.08 15:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At16.job [2012.06.08 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job [2012.06.08 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At18.job [2012.06.08 18:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job [2012.06.06 01:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At2.job [2012.06.07 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At20.job [2012.06.07 20:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job [2012.06.07 21:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At22.job [2012.06.07 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job [2012.06.07 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At24.job [2012.06.08 00:28:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job [2012.06.06 01:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job [2012.06.06 02:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job [2012.06.06 03:00:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job [2012.06.06 04:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job [2012.06.06 02:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job [2012.06.06 05:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job [2012.06.06 06:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job [2012.06.06 07:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job [2012.06.06 08:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job [2012.06.06 09:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job [2012.06.08 10:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job [2012.06.08 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job [2012.06.08 12:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job [2012.06.08 13:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job [2012.06.08 14:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job [2012.06.06 03:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At4.job [2012.06.08 15:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job [2012.06.08 16:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job [2012.06.08 17:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job [2012.06.08 18:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job [2012.06.07 19:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job [2012.06.07 20:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job [2012.06.07 21:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job [2012.06.07 22:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job [2012.06.07 23:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job [2012.06.06 04:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job [2012.06.06 05:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At6.job [2012.06.06 06:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job [2012.06.06 07:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At8.job [2012.06.06 08:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job [2012.05.04 12:58:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.08 09:33:55 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-1-Startup.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.07 18:38:04 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Adobe [2011.11.01 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Adobe Mini Bridge CS5.1 [2012.02.21 17:06:25 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Apple Computer [2012.05.31 13:33:42 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Avira [2011.10.31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.07 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.DC3Module.AdobeADC [2011.10.31 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.10.03 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Corel [2011.01.21 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Dimension-3 [2012.05.07 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\DiskAid [2012.03.04 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\EasyTax [2012.06.08 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ExpressFiles [2012.05.30 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Google [2010.07.18 17:37:10 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\gtk-2.0 [2010.08.23 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\HP [2010.04.15 18:10:54 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Identities [2011.08.14 18:26:39 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\inkscape [2010.04.26 20:50:52 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Macromedia [2012.01.04 18:57:16 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\MAGIX [2012.06.01 17:39:18 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Media Center Programs [2012.02.13 17:41:52 | 000,000,000 | --SD | M] -- C:\Users\1\AppData\Roaming\Microsoft [2011.12.07 15:13:38 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Mozilla [2012.04.24 22:25:40 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\NetDrive [2010.06.24 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Opera [2012.06.02 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Skype [2011.03.08 23:49:23 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\skypePM [2011.11.01 00:12:00 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.12.08 00:43:21 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2011.10.31 17:10:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\1\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\system64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\system64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.08.08 13:15:48 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.08.08 13:15:48 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2012.02.28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2011.08.08 13:15:48 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.06.2012 18:09:25 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.99 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 48.84% Memory free
7.98 Gb Paging File | 6.25 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200.10 Gb Total Space | 91.21 Gb Free Space | 45.58% Space Free | Partition Type: NTFS
Drive D: | 697.07 Gb Total Space | 666.96 Gb Free Space | 95.68% Space Free | Partition Type: NTFS
Drive E: | 500.00 Gb Total Space | 499.51 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Computer Name: 1-PC | User Name: 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AAD899-5254-4A90-8591-BC323AEDCC1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0F71B78A-2723-4F85-ABE1-76E2ECAB42C6}" = lport=138 | protocol=17 | dir=in | app=system |
"{27165155-F40F-47C2-B344-B63A7D971F31}" = rport=445 | protocol=6 | dir=out | app=system |
"{28656EF2-D3D7-4EB4-A7F5-7369113368CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2BF4A13E-CB90-479F-8E50-05D0E275D5B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FE8443C-32E9-4086-A7C5-8429DDA71475}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BC3EB54-5326-4324-8BBB-F1B49F2952E4}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{5AE9C815-B434-4067-93EE-918E068DA85D}" = lport=139 | protocol=6 | dir=in | app=system |
"{753690EA-7740-454C-9AD7-1345BF189AFB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78466685-6F26-4775-B586-52A07D2808F3}" = rport=138 | protocol=17 | dir=out | app=system |
"{977EAB4B-D475-402F-8A5A-537073C9F555}" = rport=137 | protocol=17 | dir=out | app=system |
"{A04E2DBF-F8DD-432B-BA96-8A53309BB96D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B240258F-5546-4099-88AC-829A42477881}" = lport=137 | protocol=17 | dir=in | app=system |
"{B25AB902-8336-4BBE-AD73-AB07BE5CB294}" = lport=445 | protocol=6 | dir=in | app=system |
"{C084E120-9E8D-4A78-8FBF-6B550738193C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C139951B-D8BB-451B-80B7-F278B8EAFFD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D3F66786-D47F-4563-9BC3-97922180DEB7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E970A6-E78E-4B76-BBAC-845A8BCE14AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{040C6183-39A7-4BB2-BBB0-2987AFD6A5C3}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{0705CFBF-F0D4-496C-B4AE-A051106083DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CD089C9-D6A9-47E2-9C7B-CFFDFC6A7224}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{137341A8-6A71-4CB4-840B-A9BCED7EE9CD}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{1B732DC9-306A-454D-A08B-E44913220881}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{219766EF-9103-41A8-8E85-BC818E790C0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{26EDFC06-EF3A-437D-BC76-3DF06DE5C93D}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{290DC225-6F27-4922-93B5-2EB18ED33A42}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe |
"{2D181D9C-A73D-469C-88BA-BE7D678F2503}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{2DD084D0-AE21-46AD-B9B4-184CE89E2074}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{31A7B851-B754-414B-8EB3-9522989523F2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3654C53B-22FC-43CD-95CB-F4E6AE545ED4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3DC01B96-47CD-4BB5-9544-3FA2DCC38213}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46932D0A-F02D-4CEC-A90E-BD116238CA83}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{4BE6ABC5-A373-49D3-83BD-EF3D1B4E9B81}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4E7D3D73-9391-420E-B5B8-F637E4FC3FF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{528CDFD7-E430-46D8-9F81-E5F25FBCDE47}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{52E0AA66-CB34-4B84-8EF1-218BA35C6E86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{55AD4A7B-09C6-4755-B092-9E01E79E8197}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{5D7BE5C5-4C26-4EF6-8F7B-CD8B0024044C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{6133B781-C99F-4B37-AAF3-99DA741F565E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{643A86FD-E01C-464C-B515-F412135A2462}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{65983E45-FCFF-4652-B413-8EBBF646228B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{67B09C9B-11BB-4772-AABA-0DAEDD14B4EF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{70174208-B44A-425C-8990-25CE06323943}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{7177BDFC-3BF3-44ED-B79A-5C7498D88D43}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{78EE7E73-003F-4B7B-87D3-2588788A579A}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{81B58833-BF34-4794-9F0D-4CE5232E51F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83885FED-FCC1-4FE1-969E-D8D97F731C40}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{84E684BC-3340-472E-9A88-8A8E1728D343}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{883A962D-A849-4E72-BA8B-6FEE5DE41260}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8919D009-DFD4-4B32-B397-A3AEC8335BC4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8AA65831-98F2-4939-B306-2BEBD1F0F1D8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8E76FABC-7426-43D2-9463-D1691AAF10AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96A56CD8-15DD-4D8B-AA9A-864B502F44E8}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\microsoft\windows\temporary internet files\content.ie5\f2qg37z3\sweetimsetup.exe |
"{96F8BB39-7415-42D9-BE20-596DD951B27A}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{A0174283-29A7-4ABE-BF56-8A49CC962706}" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe |
"{A15D09B6-A605-4CE5-9F2B-08A4927B71CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{A233F363-568D-436D-A14C-D895F54B1D37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A6C81D56-1DD9-473C-BC71-79CC0AFB280C}" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe |
"{A88263C1-E744-4EC5-892B-93E244AD0B68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A9614C95-46F3-4522-A2B7-FFE17C67F297}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AB2B6405-8EE0-40FA-A821-8BB6C0E06B18}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{B4E11C8F-954B-4623-A773-5232D5EC9EFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B5C0B9D3-4A8D-442D-9262-EEF22035B92B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8C55DE3-A406-4E8C-B2F6-B73F30A72544}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C420A356-D14C-44A4-95A0-397F6C3E1694}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1154CF0-12DC-4B19-A0AB-37082C2698A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2D28C87-733A-425E-AA8C-3EC34DA3CA4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{E0D5DCA1-502D-4061-8FE9-2731E81173EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{E486AD6A-8D17-4EC9-942C-A52E4D68E5A1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E63FFE49-32D7-479C-A731-0F2B66A2F07F}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{E9D4A348-0D43-4EF2-B340-AD4928304F48}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EDE2BC3C-A346-4418-99E8-093F13E4729D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F3F96CCA-2E09-49EE-9CC7-0B04AE7A238A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{F74C9258-6440-4E4F-86B9-33BBA53186E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{FB601163-587F-495D-923F-524B82FF4DDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"TCP Query User{953CE1AF-0910-4BAD-936D-5A873FE66F01}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A19D75C7-E182-4FDE-85B7-476D848BE867}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=6 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe |
"UDP Query User{0619A1D9-3D96-44FC-A30F-EA8C3D489898}C:\users\1\appdata\roaming\filehunter\pumpa.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\roaming\filehunter\pumpa.exe |
"UDP Query User{52B28C29-2886-468C-AEF6-5547F1208D62}C:\users\1\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\1\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B30EE0A5-4671-40DD-8C75-A88D24CF0A2D}" = WinMaximizer
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinMaximizer" = WinMaximizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"_{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047B9A6A-21E7-45CF-8825-0A061EEF9B23}" = SweetIM Toolbar for Internet Explorer 4.3
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}" = SweetIM for Messenger 3.6
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44864C09-D493-4B07-BAD0-F65557A3C552}" = CorelDRAW Graphics Suite X5 - KPT Collection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{970815E2-B0A8-4EDE-83B6-2689CFE5FB30}" = MAGIX Web Designer 7 Premium Download-Version
"{9825D2D1-4E5D-4F5A-BE7C-22D09A37DA11}" = MAGIX Web Designer 7 Premium Content Pack
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E21D37-B157-4245-9C33-179628C47847}" = CorelDRAW Graphics Suite X5 - Premium Fonts
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA01D751-CE47-4533-BB5D-9BB34514A43B}" = Artcut2009
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ArgusMonitor" = ArgusMonitor
"Artcut2009" = Artcut2009
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chinese Traditional Graphics" = Chinese Traditional Graphics
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DIMENSION-3" = DIMENSION-3 entfernen
"DiskAid_is1" = DiskAid 5.14
"EasyTax 2010 AG 1.01" = EasyTax 2010 AG 1.01
"EasyTax 2011 AG 1.01" = EasyTax 2011 AG 1.01
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 2.3
"Inkscape" = Inkscape 0.48.1
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"MAGIX_MSI_Web_Designer_7_Premium" = MAGIX Web Designer 7 Premium Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SpeedFan" = SpeedFan (remove only)
"SWiSH miniMax2" = SWiSH miniMax2
"Vector Magic" = Vector Magic
"Virtual Garden" = Virtual Garden
"VLC media player" = VLC media player 1.0.1
"WebTemp_is1" = WebTemp 3.30 (kostenlose Version)
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ExpressFiles" = ExpressFiles
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 17
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
Error - 27.02.2012 08:38:54 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
Error - 27.02.2012 08:41:31 | Computer Name = 1-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(28:e0:2c:ca:f9:15@fe80::2ae0:2cff:feca:f915._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 27.02.2012 09:04:05 | Computer Name = 1-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 27.02.2012 13:12:06 | Computer Name = 1-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ OSession Events ]
Error - 02.05.2010 10:35:51 | Computer Name = 1-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 07.06.2012 04:53:53 | Computer Name = 1-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 07.06.2012 04:53:54 | Computer Name = 1-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 07.06.2012 16:54:05 | Computer Name = 1-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 08.06.2012 03:33:55 | Computer Name = 1-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 08.06.2012 03:33:56 | Computer Name = 1-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "EL2000" wurde mit folgendem Fehler beendet: %%2
Error - 08.06.2012 03:33:56 | Computer Name = 1-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 08.06.2012 03:33:56 | Computer Name = 1-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 08.06.2012 03:34:03 | Computer Name = 1-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 08.06.2012 03:40:15 | Computer Name = 1-PC | Source = DCOM | ID = 10016
Description =
Error - 08.06.2012 03:40:15 | Computer Name = 1-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
08.06.2012, 17:53
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0DE28D6F-C79C-4915-B91D-F96FF45C7FDA}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=B0DFD008-3BEB-4FEA-8385-E4A5C4385FE8&apn_sauid=04ED8506-965D-4B45-94C1-545CD3F9E322&
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=B0DFD008-3BEB-4FEA-8385-E4A5C4385FE8&apn_sauid=04ED8506-965D-4B45-94C1-545CD3F9E322&
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes,DefaultScope = {D8BD6DAA-94A1-4202-8991-182C9112FD7D}
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\SearchScopes\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deCH402
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-689879854-2409560159-793564415-1001\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [Akamai NetSession Interface] C:\Users\1\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-689879854-2409560159-793564415-1001..\Run: [Argus Monitor] "C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
:Files
C:\Users\1\AppData\Local\09D2DF1A-D9F0-40ED-AEF7-92598FF613A8.aplzod
C:\Windows\tasks\At*.job
C:\Windows\assembly\temp
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 18:41
| #12 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Gemacht wie mir befohlen. Schreib jetzt von meinem reaktivierten Laptop;-) PC fuhr nach otl Fix herunter. Dann extrem lange schwarzer Bildschirm. Als wieder ein Bild kam, konnte ich das Log speichern: Code:
ATTFilter All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F45CF542-FEA0-4596-A1B0-E023CF751A71}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{F45CF542-FEA0-4596-A1B0-E023CF751A71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F45CF542-FEA0-4596-A1B0-E023CF751A71}\ not found.
HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-689879854-2409560159-793564415-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D8BD6DAA-94A1-4202-8991-182C9112FD7D}\ not found.
HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\1\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-689879854-2409560159-793564415-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Argus Monitor deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
File Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\ deleted successfully.
C:\Program Files (x86)\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
========== FILES ==========
Folder move failed. C:\Users\1\AppData\Local\09D2DF1A-D9F0-40ED-AEF7-92598FF613A8.aplzod scheduled to be moved on reboot.
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At11.job moved successfully.
C:\Windows\tasks\At12.job moved successfully.
C:\Windows\tasks\At13.job moved successfully.
C:\Windows\tasks\At14.job moved successfully.
C:\Windows\tasks\At15.job moved successfully.
C:\Windows\tasks\At16.job moved successfully.
C:\Windows\tasks\At17.job moved successfully.
C:\Windows\tasks\At18.job moved successfully.
C:\Windows\tasks\At19.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At20.job moved successfully.
C:\Windows\tasks\At21.job moved successfully.
C:\Windows\tasks\At22.job moved successfully.
C:\Windows\tasks\At23.job moved successfully.
C:\Windows\tasks\At24.job moved successfully.
C:\Windows\tasks\At25.job moved successfully.
C:\Windows\tasks\At26.job moved successfully.
C:\Windows\tasks\At27.job moved successfully.
C:\Windows\tasks\At28.job moved successfully.
C:\Windows\tasks\At29.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At30.job moved successfully.
C:\Windows\tasks\At31.job moved successfully.
C:\Windows\tasks\At32.job moved successfully.
C:\Windows\tasks\At33.job moved successfully.
C:\Windows\tasks\At34.job moved successfully.
C:\Windows\tasks\At35.job moved successfully.
C:\Windows\tasks\At36.job moved successfully.
C:\Windows\tasks\At37.job moved successfully.
C:\Windows\tasks\At38.job moved successfully.
C:\Windows\tasks\At39.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At40.job moved successfully.
C:\Windows\tasks\At41.job moved successfully.
C:\Windows\tasks\At42.job moved successfully.
C:\Windows\tasks\At43.job moved successfully.
C:\Windows\tasks\At44.job moved successfully.
C:\Windows\tasks\At45.job moved successfully.
C:\Windows\tasks\At46.job moved successfully.
C:\Windows\tasks\At47.job moved successfully.
C:\Windows\tasks\At48.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
C:\Windows\assembly\temp\U folder moved successfully.
C:\Windows\assembly\temp folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: 1
->Temp folder emptied: 315800255 bytes
->Temporary Internet Files folder emptied: 967323515 bytes
->Java cache emptied: 611025 bytes
->Google Chrome cache emptied: 88702856 bytes
->Opera cache emptied: 9517360 bytes
->Flash cache emptied: 57204 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 259025066 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 148992001 bytes
Total Files Cleaned = 1'707.00 mb
[EMPTYFLASH]
User: 1
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.47.0 log created on 06082012_185859
Files\Folders moved on Reboot...
C:\Users\1\AppData\Local\09D2DF1A-D9F0-40ED-AEF7-92598FF613A8.aplzod folder moved successfully.
File\Folder C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z5U8HTS1\candycrush[1].htm not found!
File\Folder C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z5U8HTS1\sound_iframe[1].htm not found!
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WO6QE9PO\11339174623736@x90[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WO6QE9PO\116200-tr-atraps-gen2-mich-hats-erwischt-2[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFSGFVNH\12[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFSGFVNH\@x94[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O117L3WW\ZAPSegments@x96[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRPB7GYD\163150410@x71[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRPB7GYD\163150410@x96[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IX6BS4H2\FacebookServlet[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I4X6XO5D\11366110505@x23[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HPQE92MR\sed[1].htm moved successfully.
File\Folder C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HPQE92MR\xd_arbiter[1].htm not found!
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BVU5KVX\2011Generic@Bottom3[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BVU5KVX\ai[3].htm moved successfully.
File move failed. C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8BVU5KVX\FFJTI1MjZudW0lMjUzRDElMjUyNnNpZyUyNTNEQU9ENjRfMHE0M0I0SFozeUk3bXQzaGRUQ3BoXzhudGlGdyUyNTI2Y2xpZW50JTI1M0RjYS1wdWItMDg3OTkxNDM4NzM2Nzk3NyUyNTI2YWR1cmwlMjUzRAXX[1].htm scheduled to be moved on reboot.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D1KX1YF\ai[5].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D1KX1YF\passback.c.r[1].htm moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...
PC neu gestartet, da ich hoffte, dass dies das Problem löst. Wiederum lange Wartezeit, Benutzerkonto auswählen, schwarzer Bildschirm während mehreren Minuten und dann endlich hochgefahren. Leider immer noch keine Verbindung vorhanden. Sind die Daten noch irgendwo vorhanden? |
|
08.06.2012, 18:53
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 21:01
| #14 |
| | TR/ATRAPS.Gen2 - Auch mich hats erwischt!Code:
ATTFilter 21:58:34.0683 2816 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:58:34.0698 2816 ============================================================
21:58:34.0698 2816 Current date / time: 2012/06/08 21:58:34.0698
21:58:34.0698 2816 SystemInfo:
21:58:34.0698 2816
21:58:34.0698 2816 OS Version: 6.1.7601 ServicePack: 1.0
21:58:34.0698 2816 Product type: Workstation
21:58:34.0698 2816 ComputerName: 1-PC
21:58:34.0698 2816 UserName: 1
21:58:34.0698 2816 Windows directory: C:\Windows
21:58:34.0698 2816 System windows directory: C:\Windows
21:58:34.0698 2816 Running under WOW64
21:58:34.0698 2816 Processor architecture: Intel x64
21:58:34.0698 2816 Number of processors: 4
21:58:34.0698 2816 Page size: 0x1000
21:58:34.0698 2816 Boot type: Normal boot
21:58:34.0698 2816 ============================================================
21:58:35.0931 2816 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:35.0962 2816 Drive \Device\Harddisk6\DR9 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:58:35.0962 2816 ============================================================
21:58:35.0962 2816 \Device\Harddisk0\DR0:
21:58:35.0962 2816 MBR partitions:
21:58:35.0962 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:58:35.0962 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x19032000
21:58:35.0962 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19064800, BlocksNum 0x3E800000
21:58:35.0978 2816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x57865000, BlocksNum 0x57222000
21:58:35.0978 2816 \Device\Harddisk6\DR9:
21:58:35.0978 2816 MBR partitions:
21:58:35.0978 2816 \Device\Harddisk6\DR9\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
21:58:35.0978 2816 ============================================================
21:58:36.0009 2816 C: <-> \Device\Harddisk0\DR0\Partition1
21:58:36.0071 2816 D: <-> \Device\Harddisk0\DR0\Partition3
21:58:36.0102 2816 E: <-> \Device\Harddisk0\DR0\Partition2
21:58:36.0102 2816 ============================================================
21:58:36.0102 2816 Initialize success
21:58:36.0102 2816 ============================================================
21:58:54.0745 3468 ============================================================
21:58:54.0745 3468 Scan started
21:58:54.0745 3468 Mode: Manual; SigCheck; TDLFS;
21:58:54.0745 3468 ============================================================
21:58:55.0727 3468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:58:55.0821 3468 1394ohci - ok
21:58:55.0852 3468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:58:55.0868 3468 ACPI - ok
21:58:55.0899 3468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:58:55.0977 3468 AcpiPmi - ok
21:58:56.0024 3468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:58:56.0055 3468 adp94xx - ok
21:58:56.0071 3468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:58:56.0086 3468 adpahci - ok
21:58:56.0102 3468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:58:56.0117 3468 adpu320 - ok
21:58:56.0133 3468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:58:56.0273 3468 AeLookupSvc - ok
21:58:56.0320 3468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:58:56.0398 3468 AFD - ok
21:58:56.0414 3468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:58:56.0429 3468 agp440 - ok
21:58:56.0445 3468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:58:56.0492 3468 ALG - ok
21:58:56.0507 3468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:58:56.0523 3468 aliide - ok
21:58:56.0539 3468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:58:56.0554 3468 amdide - ok
21:58:56.0585 3468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:58:56.0617 3468 AmdK8 - ok
21:58:56.0648 3468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:58:56.0679 3468 AmdPPM - ok
21:58:56.0695 3468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:58:56.0710 3468 amdsata - ok
21:58:56.0726 3468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:58:56.0726 3468 amdsbs - ok
21:58:56.0788 3468 AmdTools64 (101f7d2e38a53bb3c7121e71f61f8728) C:\Windows\system32\DRIVERS\AmdTools64.sys
21:58:56.0897 3468 AmdTools64 - ok
21:58:56.0913 3468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:58:56.0929 3468 amdxata - ok
21:58:57.0022 3468 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:58:57.0038 3468 AntiVirSchedulerService - ok
21:58:57.0069 3468 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:58:57.0100 3468 AntiVirService - ok
21:58:57.0131 3468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:58:57.0241 3468 AppID - ok
21:58:57.0287 3468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:58:57.0381 3468 AppIDSvc - ok
21:58:57.0553 3468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:58:57.0615 3468 Appinfo - ok
21:58:57.0709 3468 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:58:57.0740 3468 Apple Mobile Device - ok
21:58:57.0755 3468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:58:57.0771 3468 arc - ok
21:58:57.0787 3468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:58:57.0802 3468 arcsas - ok
21:58:57.0880 3468 ArgusMonitor (8945cc9e8431a181b4a4daed780e4f8a) C:\Windows\syswow64\drivers\ArgusMonitor.sys
21:58:57.0911 3468 ArgusMonitor - ok
21:58:57.0927 3468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:57.0989 3468 AsyncMac - ok
21:58:58.0005 3468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:58:58.0021 3468 atapi - ok
21:58:58.0067 3468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:58:58.0130 3468 AudioEndpointBuilder - ok
21:58:58.0145 3468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:58:58.0177 3468 AudioSrv - ok
21:58:58.0223 3468 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:58:58.0239 3468 avgntflt - ok
21:58:58.0255 3468 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:58:58.0270 3468 avipbb - ok
21:58:58.0286 3468 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:58:58.0301 3468 avkmgr - ok
21:58:58.0364 3468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:58:58.0442 3468 AxInstSV - ok
21:58:58.0473 3468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:58:58.0504 3468 b06bdrv - ok
21:58:58.0535 3468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:58.0598 3468 b57nd60a - ok
21:58:58.0645 3468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:58:58.0676 3468 BDESVC - ok
21:58:58.0691 3468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:58:58.0754 3468 Beep - ok
21:58:58.0801 3468 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:58:58.0863 3468 BITS - ok
21:58:58.0879 3468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:58:58.0910 3468 blbdrive - ok
21:58:58.0972 3468 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:58:58.0972 3468 Bonjour Service - ok
21:58:59.0003 3468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:58:59.0050 3468 bowser - ok
21:58:59.0066 3468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:58:59.0144 3468 BrFiltLo - ok
21:58:59.0144 3468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:58:59.0175 3468 BrFiltUp - ok
21:58:59.0206 3468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:58:59.0269 3468 Browser - ok
21:58:59.0300 3468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:58:59.0331 3468 Brserid - ok
21:58:59.0347 3468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:59.0362 3468 BrSerWdm - ok
21:58:59.0378 3468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:59.0393 3468 BrUsbMdm - ok
21:58:59.0393 3468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:59.0409 3468 BrUsbSer - ok
21:58:59.0425 3468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:58:59.0456 3468 BTHMODEM - ok
21:58:59.0471 3468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:58:59.0518 3468 bthserv - ok
21:58:59.0534 3468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:58:59.0565 3468 cdfs - ok
21:58:59.0596 3468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:58:59.0627 3468 cdrom - ok
21:58:59.0659 3468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:58:59.0690 3468 CertPropSvc - ok
21:58:59.0690 3468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:58:59.0721 3468 circlass - ok
21:58:59.0768 3468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:58:59.0768 3468 CLFS - ok
21:58:59.0830 3468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:59.0861 3468 clr_optimization_v2.0.50727_32 - ok
21:58:59.0908 3468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:58:59.0939 3468 clr_optimization_v2.0.50727_64 - ok
21:59:00.0033 3468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:00.0049 3468 clr_optimization_v4.0.30319_32 - ok
21:59:00.0080 3468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:00.0095 3468 clr_optimization_v4.0.30319_64 - ok
21:59:00.0111 3468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:00.0142 3468 CmBatt - ok
21:59:00.0173 3468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:59:00.0189 3468 cmdide - ok
21:59:00.0236 3468 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:59:00.0267 3468 CNG - ok
21:59:00.0283 3468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:59:00.0298 3468 Compbatt - ok
21:59:00.0314 3468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:59:00.0345 3468 CompositeBus - ok
21:59:00.0345 3468 COMSysApp - ok
21:59:00.0376 3468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:59:00.0376 3468 crcdisk - ok
21:59:00.0439 3468 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:59:00.0485 3468 CryptSvc - ok
21:59:00.0532 3468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:59:00.0610 3468 DcomLaunch - ok
21:59:00.0641 3468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:59:00.0688 3468 defragsvc - ok
21:59:00.0719 3468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:59:00.0766 3468 DfsC - ok
21:59:00.0797 3468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:59:00.0844 3468 Dhcp - ok
21:59:00.0844 3468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:59:00.0875 3468 discache - ok
21:59:00.0907 3468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:59:00.0922 3468 Disk - ok
21:59:00.0953 3468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:59:01.0000 3468 Dnscache - ok
21:59:01.0047 3468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:59:01.0109 3468 dot3svc - ok
21:59:01.0125 3468 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
21:59:01.0172 3468 Dot4 - ok
21:59:01.0203 3468 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
21:59:01.0250 3468 Dot4Print - ok
21:59:01.0265 3468 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
21:59:01.0297 3468 dot4usb - ok
21:59:01.0328 3468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:59:01.0375 3468 DPS - ok
21:59:01.0406 3468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:59:01.0421 3468 drmkaud - ok
21:59:01.0484 3468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:59:01.0531 3468 DXGKrnl - ok
21:59:01.0562 3468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:59:01.0593 3468 EapHost - ok
21:59:01.0718 3468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:59:01.0843 3468 ebdrv - ok
21:59:01.0952 3468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:59:01.0983 3468 EFS - ok
21:59:02.0061 3468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:59:02.0108 3468 ehRecvr - ok
21:59:02.0155 3468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:59:02.0201 3468 ehSched - ok
21:59:02.0264 3468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:59:02.0311 3468 elxstor - ok
21:59:02.0357 3468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:59:02.0373 3468 ErrDev - ok
21:59:02.0420 3468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:59:02.0482 3468 EventSystem - ok
21:59:02.0513 3468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:59:02.0545 3468 exfat - ok
21:59:02.0591 3468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:59:02.0654 3468 fastfat - ok
21:59:02.0732 3468 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:59:02.0763 3468 Fax - ok
21:59:02.0779 3468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:59:02.0794 3468 fdc - ok
21:59:02.0810 3468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:59:02.0872 3468 fdPHost - ok
21:59:02.0872 3468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:59:02.0919 3468 FDResPub - ok
21:59:02.0919 3468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:59:02.0935 3468 FileInfo - ok
21:59:02.0950 3468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:59:02.0997 3468 Filetrace - ok
21:59:02.0997 3468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:59:03.0013 3468 flpydisk - ok
21:59:03.0044 3468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:59:03.0075 3468 FltMgr - ok
21:59:03.0153 3468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:59:03.0184 3468 FontCache - ok
21:59:03.0231 3468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:03.0247 3468 FontCache3.0.0.0 - ok
21:59:03.0278 3468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:59:03.0293 3468 FsDepends - ok
21:59:03.0356 3468 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\Windows\system32\DRIVERS\fssfltr.sys
21:59:03.0356 3468 fssfltr - ok
21:59:03.0481 3468 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:59:03.0527 3468 fsssvc - ok
21:59:03.0559 3468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:59:03.0574 3468 Fs_Rec - ok
21:59:03.0637 3468 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
21:59:03.0637 3468 FTDIBUS - ok
21:59:03.0652 3468 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
21:59:03.0668 3468 FTSER2K - ok
21:59:03.0730 3468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:59:03.0746 3468 fvevol - ok
21:59:03.0777 3468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:59:03.0793 3468 gagp30kx - ok
21:59:03.0855 3468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:59:03.0855 3468 GEARAspiWDM - ok
21:59:03.0917 3468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:59:04.0042 3468 gpsvc - ok
21:59:04.0120 3468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:04.0136 3468 gupdate - ok
21:59:04.0167 3468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:59:04.0183 3468 gupdatem - ok
21:59:04.0198 3468 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:04.0229 3468 gusvc - ok
21:59:04.0245 3468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:59:04.0292 3468 hcw85cir - ok
21:59:04.0339 3468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:59:04.0385 3468 HdAudAddService - ok
21:59:04.0432 3468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:59:04.0479 3468 HDAudBus - ok
21:59:04.0479 3468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:59:04.0510 3468 HidBatt - ok
21:59:04.0526 3468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:59:04.0541 3468 HidBth - ok
21:59:04.0573 3468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:59:04.0604 3468 HidIr - ok
21:59:04.0635 3468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:59:04.0682 3468 hidserv - ok
21:59:04.0697 3468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:59:04.0713 3468 HidUsb - ok
21:59:04.0744 3468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:59:04.0791 3468 hkmsvc - ok
21:59:04.0838 3468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:59:04.0853 3468 HomeGroupListener - ok
21:59:04.0885 3468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:59:04.0916 3468 HomeGroupProvider - ok
21:59:05.0025 3468 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:59:05.0025 3468 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:59:05.0025 3468 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:59:05.0056 3468 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:59:05.0056 3468 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:59:05.0056 3468 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:59:05.0103 3468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:59:05.0119 3468 HpSAMD - ok
21:59:05.0197 3468 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:59:05.0212 3468 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:59:05.0212 3468 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:59:05.0306 3468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:59:05.0384 3468 HTTP - ok
21:59:05.0415 3468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:59:05.0431 3468 hwpolicy - ok
21:59:05.0477 3468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:59:05.0493 3468 i8042prt - ok
21:59:05.0524 3468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:59:05.0540 3468 iaStorV - ok
21:59:05.0649 3468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:05.0727 3468 idsvc - ok
21:59:05.0758 3468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:59:05.0774 3468 iirsp - ok
21:59:05.0883 3468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:59:05.0945 3468 IKEEXT - ok
21:59:05.0961 3468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:59:05.0977 3468 intelide - ok
21:59:06.0179 3468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:59:06.0211 3468 intelppm - ok
21:59:06.0320 3468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:59:06.0351 3468 IPBusEnum - ok
21:59:06.0382 3468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:06.0429 3468 IpFilterDriver - ok
21:59:06.0460 3468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:59:06.0476 3468 IPMIDRV - ok
21:59:06.0476 3468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:59:06.0523 3468 IPNAT - ok
21:59:06.0647 3468 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:59:06.0663 3468 iPod Service - ok
21:59:06.0663 3468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:59:06.0710 3468 IRENUM - ok
21:59:06.0725 3468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:59:06.0741 3468 isapnp - ok
21:59:06.0757 3468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:59:06.0772 3468 iScsiPrt - ok
21:59:06.0788 3468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:59:06.0803 3468 kbdclass - ok
21:59:06.0835 3468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:59:06.0850 3468 kbdhid - ok
21:59:06.0897 3468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:59:06.0897 3468 KeyIso - ok
21:59:06.0913 3468 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:59:06.0928 3468 KSecDD - ok
21:59:06.0944 3468 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:59:06.0944 3468 KSecPkg - ok
21:59:06.0959 3468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:59:07.0006 3468 ksthunk - ok
21:59:07.0037 3468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:59:07.0084 3468 KtmRm - ok
21:59:07.0115 3468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:59:07.0147 3468 LanmanServer - ok
21:59:07.0178 3468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:59:07.0225 3468 LanmanWorkstation - ok
21:59:07.0240 3468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:59:07.0287 3468 lltdio - ok
21:59:07.0318 3468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:59:07.0349 3468 lltdsvc - ok
21:59:07.0365 3468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:59:07.0396 3468 lmhosts - ok
21:59:07.0412 3468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:59:07.0427 3468 LSI_FC - ok
21:59:07.0459 3468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:59:07.0459 3468 LSI_SAS - ok
21:59:07.0474 3468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:59:07.0490 3468 LSI_SAS2 - ok
21:59:07.0505 3468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:59:07.0521 3468 LSI_SCSI - ok
21:59:07.0521 3468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:59:07.0568 3468 luafv - ok
21:59:07.0615 3468 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:59:07.0646 3468 MBAMProtector - ok
21:59:07.0724 3468 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:59:07.0739 3468 MBAMService - ok
21:59:07.0771 3468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:59:07.0802 3468 Mcx2Svc - ok
21:59:07.0817 3468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:59:07.0833 3468 megasas - ok
21:59:07.0849 3468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:59:07.0864 3468 MegaSR - ok
21:59:07.0942 3468 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:59:07.0973 3468 Microsoft Office Groove Audit Service - ok
21:59:07.0989 3468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:59:08.0036 3468 MMCSS - ok
21:59:08.0067 3468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:59:08.0098 3468 Modem - ok
21:59:08.0145 3468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:59:08.0176 3468 monitor - ok
21:59:08.0192 3468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:59:08.0207 3468 mouclass - ok
21:59:08.0239 3468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:59:08.0254 3468 mouhid - ok
21:59:08.0301 3468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:59:08.0332 3468 mountmgr - ok
21:59:08.0363 3468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:59:08.0395 3468 mpio - ok
21:59:08.0410 3468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:59:08.0457 3468 mpsdrv - ok
21:59:08.0488 3468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:59:08.0504 3468 MRxDAV - ok
21:59:08.0551 3468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:08.0613 3468 mrxsmb - ok
21:59:08.0660 3468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:08.0707 3468 mrxsmb10 - ok
21:59:08.0722 3468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:08.0753 3468 mrxsmb20 - ok
21:59:08.0769 3468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:59:08.0785 3468 msahci - ok
21:59:08.0941 3468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:59:09.0003 3468 msdsm - ok
21:59:09.0034 3468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:59:09.0065 3468 MSDTC - ok
21:59:09.0081 3468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:59:09.0143 3468 Msfs - ok
21:59:09.0159 3468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:59:09.0190 3468 mshidkmdf - ok
21:59:09.0206 3468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:59:09.0221 3468 msisadrv - ok
21:59:09.0253 3468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:59:09.0284 3468 MSiSCSI - ok
21:59:09.0299 3468 msiserver - ok
21:59:09.0331 3468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:59:09.0377 3468 MSKSSRV - ok
21:59:09.0409 3468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:09.0440 3468 MSPCLOCK - ok
21:59:09.0440 3468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:59:09.0487 3468 MSPQM - ok
21:59:09.0533 3468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:59:09.0565 3468 MsRPC - ok
21:59:09.0580 3468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:59:09.0580 3468 mssmbios - ok
21:59:09.0596 3468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:59:09.0643 3468 MSTEE - ok
21:59:09.0658 3468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:59:09.0674 3468 MTConfig - ok
21:59:09.0705 3468 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
21:59:09.0721 3468 MTsensor - ok
21:59:09.0736 3468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:59:09.0752 3468 Mup - ok
21:59:09.0799 3468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:59:09.0861 3468 napagent - ok
21:59:09.0908 3468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:59:09.0955 3468 NativeWifiP - ok
21:59:10.0033 3468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:59:10.0064 3468 NDIS - ok
21:59:10.0079 3468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:10.0111 3468 NdisCap - ok
21:59:10.0126 3468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:10.0157 3468 NdisTapi - ok
21:59:10.0189 3468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:10.0220 3468 Ndisuio - ok
21:59:10.0251 3468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:10.0298 3468 NdisWan - ok
21:59:10.0329 3468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:59:10.0376 3468 NDProxy - ok
21:59:10.0407 3468 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
21:59:10.0407 3468 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:59:10.0407 3468 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:59:10.0423 3468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:59:10.0469 3468 NetBIOS - ok
21:59:10.0516 3468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:59:10.0563 3468 NetBT - ok
21:59:10.0594 3468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:59:10.0625 3468 Netlogon - ok
21:59:10.0672 3468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:59:10.0750 3468 Netman - ok
21:59:10.0781 3468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:59:10.0828 3468 netprofm - ok
21:59:10.0875 3468 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:10.0891 3468 NetTcpPortSharing - ok
21:59:10.0906 3468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:59:10.0922 3468 nfrd960 - ok
21:59:10.0953 3468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:59:11.0000 3468 NlaSvc - ok
21:59:11.0015 3468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:59:11.0031 3468 Npfs - ok
21:59:11.0047 3468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:59:11.0078 3468 nsi - ok
21:59:11.0093 3468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:59:11.0109 3468 nsiproxy - ok
21:59:11.0203 3468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:59:11.0249 3468 Ntfs - ok
21:59:11.0343 3468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:59:11.0390 3468 Null - ok
21:59:11.0421 3468 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
21:59:11.0421 3468 NVHDA - ok
21:59:11.0842 3468 nvlddmkm (2b9fd17492fbd799726369f2db3e4827) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:59:12.0154 3468 nvlddmkm - ok
21:59:12.0248 3468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:59:12.0263 3468 nvraid - ok
21:59:12.0310 3468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:59:12.0326 3468 nvstor - ok
21:59:12.0357 3468 nvsvc (9d20f4a43b0e0123b1633a05bd1d7113) C:\Windows\system32\nvvsvc.exe
21:59:12.0373 3468 nvsvc - ok
21:59:12.0388 3468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:59:12.0404 3468 nv_agp - ok
21:59:12.0497 3468 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:59:12.0529 3468 odserv - ok
21:59:12.0575 3468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:59:12.0591 3468 ohci1394 - ok
21:59:12.0622 3468 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:12.0638 3468 ose - ok
21:59:12.0669 3468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:59:12.0716 3468 p2pimsvc - ok
21:59:12.0763 3468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:59:12.0778 3468 p2psvc - ok
21:59:12.0809 3468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:59:12.0825 3468 Parport - ok
21:59:12.0856 3468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:59:12.0887 3468 partmgr - ok
21:59:12.0903 3468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:59:12.0919 3468 PcaSvc - ok
21:59:12.0965 3468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:59:12.0981 3468 pci - ok
21:59:12.0997 3468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:59:12.0997 3468 pciide - ok
21:59:13.0028 3468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:59:13.0043 3468 pcmcia - ok
21:59:13.0043 3468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:59:13.0059 3468 pcw - ok
21:59:13.0090 3468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:59:13.0168 3468 PEAUTH - ok
21:59:13.0246 3468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:59:13.0277 3468 PerfHost - ok
21:59:13.0355 3468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:59:13.0402 3468 pla - ok
21:59:13.0465 3468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:59:13.0496 3468 PlugPlay - ok
21:59:13.0558 3468 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
21:59:13.0558 3468 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:59:13.0558 3468 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:59:13.0574 3468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:59:13.0605 3468 PNRPAutoReg - ok
21:59:13.0636 3468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:59:13.0667 3468 PNRPsvc - ok
21:59:13.0714 3468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:59:13.0792 3468 PolicyAgent - ok
21:59:13.0823 3468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:59:13.0870 3468 Power - ok
21:59:13.0948 3468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:59:13.0995 3468 PptpMiniport - ok
21:59:14.0011 3468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:59:14.0026 3468 Processor - ok
21:59:14.0057 3468 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:59:14.0104 3468 ProfSvc - ok
21:59:14.0135 3468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:59:14.0167 3468 ProtectedStorage - ok
21:59:14.0198 3468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:59:14.0245 3468 Psched - ok
21:59:14.0338 3468 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:59:14.0354 3468 PSI_SVC_2 - ok
21:59:14.0432 3468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:59:14.0494 3468 ql2300 - ok
21:59:14.0572 3468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:59:14.0588 3468 ql40xx - ok
21:59:14.0619 3468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:59:14.0635 3468 QWAVE - ok
21:59:14.0650 3468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:59:14.0666 3468 QWAVEdrv - ok
21:59:14.0681 3468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:59:14.0744 3468 RasAcd - ok
21:59:14.0775 3468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:14.0806 3468 RasAgileVpn - ok
21:59:14.0822 3468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:59:14.0853 3468 RasAuto - ok
21:59:14.0853 3468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:14.0900 3468 Rasl2tp - ok
21:59:14.0947 3468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:59:14.0993 3468 RasMan - ok
21:59:15.0009 3468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:15.0040 3468 RasPppoe - ok
21:59:15.0071 3468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:59:15.0087 3468 RasSstp - ok
21:59:15.0118 3468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:59:15.0165 3468 rdbss - ok
21:59:15.0165 3468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:59:15.0181 3468 rdpbus - ok
21:59:15.0212 3468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:15.0243 3468 RDPCDD - ok
21:59:15.0243 3468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:59:15.0274 3468 RDPENCDD - ok
21:59:15.0274 3468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:59:15.0305 3468 RDPREFMP - ok
21:59:15.0337 3468 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:59:15.0352 3468 RDPWD - ok
21:59:15.0383 3468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:59:15.0399 3468 rdyboost - ok
21:59:15.0430 3468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:59:15.0477 3468 RemoteAccess - ok
21:59:15.0493 3468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:59:15.0539 3468 RemoteRegistry - ok
21:59:15.0555 3468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:59:15.0586 3468 RpcEptMapper - ok
21:59:15.0602 3468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:59:15.0633 3468 RpcLocator - ok
21:59:15.0680 3468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:59:15.0727 3468 RpcSs - ok
21:59:15.0758 3468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:59:15.0789 3468 rspndr - ok
21:59:15.0836 3468 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:59:15.0898 3468 RTL8167 - ok
21:59:15.0961 3468 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
21:59:15.0992 3468 RTL8192su - ok
21:59:16.0023 3468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:59:16.0039 3468 SamSs - ok
21:59:16.0085 3468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:59:16.0085 3468 sbp2port - ok
21:59:16.0101 3468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:59:16.0148 3468 SCardSvr - ok
21:59:16.0163 3468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:59:16.0195 3468 scfilter - ok
21:59:16.0273 3468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:59:16.0304 3468 Schedule - ok
21:59:16.0335 3468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:59:16.0366 3468 SCPolicySvc - ok
21:59:16.0397 3468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:59:16.0429 3468 SDRSVC - ok
21:59:16.0444 3468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:59:16.0475 3468 secdrv - ok
21:59:16.0507 3468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:59:16.0553 3468 seclogon - ok
21:59:16.0585 3468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:59:16.0631 3468 SENS - ok
21:59:16.0647 3468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:59:16.0663 3468 SensrSvc - ok
21:59:16.0663 3468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:59:16.0678 3468 Serenum - ok
21:59:16.0709 3468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:59:16.0725 3468 Serial - ok
21:59:16.0756 3468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:59:16.0772 3468 sermouse - ok
21:59:16.0819 3468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:59:16.0865 3468 SessionEnv - ok
21:59:16.0897 3468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:59:16.0928 3468 sffdisk - ok
21:59:16.0959 3468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:59:16.0975 3468 sffp_mmc - ok
21:59:16.0990 3468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:59:17.0021 3468 sffp_sd - ok
21:59:17.0037 3468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:59:17.0053 3468 sfloppy - ok
21:59:17.0084 3468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:59:17.0131 3468 SharedAccess - ok
21:59:17.0193 3468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:59:17.0224 3468 ShellHWDetection - ok
21:59:17.0255 3468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:59:17.0255 3468 SiSRaid2 - ok
21:59:17.0287 3468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:59:17.0287 3468 SiSRaid4 - ok
21:59:17.0318 3468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:59:17.0349 3468 Smb - ok
21:59:17.0349 3468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:59:17.0380 3468 SNMPTRAP - ok
21:59:17.0443 3468 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
21:59:17.0458 3468 speedfan - ok
21:59:17.0458 3468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:59:17.0474 3468 spldr - ok
21:59:17.0521 3468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:59:17.0567 3468 Spooler - ok
21:59:17.0739 3468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:59:17.0864 3468 sppsvc - ok
21:59:17.0957 3468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:59:18.0004 3468 sppuinotify - ok
21:59:18.0051 3468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:59:18.0082 3468 srv - ok
21:59:18.0113 3468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:59:18.0145 3468 srv2 - ok
21:59:18.0176 3468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:59:18.0207 3468 srvnet - ok
21:59:18.0238 3468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:59:18.0269 3468 SSDPSRV - ok
21:59:18.0285 3468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:59:18.0316 3468 SstpSvc - ok
21:59:18.0363 3468 Stereo Service (bad795e567a323481813c88db8bc8fdf) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:59:18.0379 3468 Stereo Service - ok
21:59:18.0394 3468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:59:18.0410 3468 stexstor - ok
21:59:18.0457 3468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:59:18.0488 3468 stisvc - ok
21:59:18.0503 3468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:59:18.0519 3468 swenum - ok
21:59:18.0644 3468 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:59:18.0659 3468 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:59:18.0659 3468 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:59:18.0722 3468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:59:18.0769 3468 swprv - ok
21:59:18.0862 3468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:59:18.0925 3468 SysMain - ok
21:59:18.0987 3468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:59:19.0018 3468 TabletInputService - ok
21:59:19.0268 3468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:59:19.0330 3468 TapiSrv - ok
21:59:19.0346 3468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:59:19.0361 3468 TBS - ok
21:59:19.0471 3468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:59:19.0517 3468 Tcpip - ok
21:59:19.0627 3468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:59:19.0673 3468 TCPIP6 - ok
21:59:19.0720 3468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:59:19.0767 3468 tcpipreg - ok
21:59:19.0767 3468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:59:19.0798 3468 TDPIPE - ok
21:59:19.0829 3468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:59:19.0829 3468 TDTCP - ok
21:59:19.0861 3468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:59:19.0892 3468 tdx - ok
21:59:19.0923 3468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:59:19.0923 3468 TermDD - ok
21:59:19.0985 3468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:59:20.0032 3468 TermService - ok
21:59:20.0048 3468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:59:20.0063 3468 Themes - ok
21:59:20.0079 3468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:59:20.0110 3468 THREADORDER - ok
21:59:20.0126 3468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:59:20.0188 3468 TrkWks - ok
21:59:20.0251 3468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:59:20.0313 3468 TrustedInstaller - ok
21:59:20.0344 3468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:59:20.0375 3468 tssecsrv - ok
21:59:20.0391 3468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:59:20.0407 3468 TsUsbFlt - ok
21:59:20.0438 3468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:59:20.0485 3468 tunnel - ok
21:59:20.0516 3468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:59:20.0516 3468 uagp35 - ok
21:59:20.0563 3468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:59:20.0594 3468 udfs - ok
21:59:20.0609 3468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:59:20.0625 3468 UI0Detect - ok
21:59:20.0641 3468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:59:20.0656 3468 uliagpkx - ok
21:59:20.0703 3468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:59:20.0734 3468 umbus - ok
21:59:20.0750 3468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:59:20.0781 3468 UmPass - ok
21:59:20.0828 3468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:59:20.0875 3468 upnphost - ok
21:59:20.0906 3468 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:59:20.0921 3468 USBAAPL64 - ok
21:59:20.0953 3468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:59:20.0984 3468 usbccgp - ok
21:59:21.0015 3468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:59:21.0046 3468 usbcir - ok
21:59:21.0062 3468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:59:21.0077 3468 usbehci - ok
21:59:21.0109 3468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:59:21.0124 3468 usbhub - ok
21:59:21.0155 3468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:59:21.0171 3468 usbohci - ok
21:59:21.0187 3468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:59:21.0218 3468 usbprint - ok
21:59:21.0265 3468 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:59:21.0280 3468 usbscan - ok
21:59:21.0280 3468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:21.0296 3468 USBSTOR - ok
21:59:21.0311 3468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:59:21.0343 3468 usbuhci - ok
21:59:21.0358 3468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:59:21.0389 3468 UxSms - ok
21:59:21.0421 3468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:59:21.0452 3468 VaultSvc - ok
21:59:21.0452 3468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:59:21.0467 3468 vdrvroot - ok
21:59:21.0499 3468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:59:21.0530 3468 vds - ok
21:59:21.0545 3468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:21.0561 3468 vga - ok
21:59:21.0577 3468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:59:21.0608 3468 VgaSave - ok
21:59:21.0639 3468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:59:21.0655 3468 vhdmp - ok
21:59:21.0748 3468 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
21:59:21.0811 3468 VIAHdAudAddService - ok
21:59:21.0826 3468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:59:21.0842 3468 viaide - ok
21:59:21.0857 3468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:59:21.0873 3468 volmgr - ok
21:59:21.0920 3468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:59:21.0935 3468 volmgrx - ok
21:59:21.0951 3468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:59:21.0967 3468 volsnap - ok
21:59:21.0998 3468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:59:21.0998 3468 vsmraid - ok
21:59:22.0091 3468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:59:22.0154 3468 VSS - ok
21:59:22.0247 3468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:59:22.0279 3468 vwifibus - ok
21:59:22.0294 3468 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:59:22.0310 3468 vwififlt - ok
21:59:22.0341 3468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:59:22.0372 3468 W32Time - ok
21:59:22.0388 3468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:59:22.0403 3468 WacomPen - ok
21:59:22.0435 3468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:22.0481 3468 WANARP - ok
21:59:22.0497 3468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:59:22.0513 3468 Wanarpv6 - ok
21:59:22.0591 3468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:59:22.0637 3468 WatAdminSvc - ok
21:59:22.0715 3468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:59:22.0762 3468 wbengine - ok
21:59:22.0809 3468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:59:22.0825 3468 WbioSrvc - ok
21:59:22.0871 3468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:59:22.0903 3468 wcncsvc - ok
21:59:22.0918 3468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:59:22.0934 3468 WcsPlugInService - ok
21:59:22.0949 3468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:59:22.0965 3468 Wd - ok
21:59:23.0012 3468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:59:23.0043 3468 Wdf01000 - ok
21:59:23.0059 3468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:59:23.0152 3468 WdiServiceHost - ok
21:59:23.0152 3468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:59:23.0183 3468 WdiSystemHost - ok
21:59:23.0230 3468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:59:23.0246 3468 WebClient - ok
21:59:23.0261 3468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:59:23.0308 3468 Wecsvc - ok
21:59:23.0324 3468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:59:23.0371 3468 wercplsupport - ok
21:59:23.0402 3468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:59:23.0433 3468 WerSvc - ok
21:59:23.0433 3468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:23.0464 3468 WfpLwf - ok
21:59:23.0480 3468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:59:23.0495 3468 WIMMount - ok
21:59:23.0495 3468 WinHttpAutoProxySvc - ok
21:59:23.0527 3468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:59:23.0542 3468 Winmgmt - ok
21:59:23.0667 3468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:59:23.0714 3468 WinRM - ok
21:59:23.0807 3468 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:59:23.0839 3468 WinUsb - ok
21:59:23.0901 3468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:59:23.0932 3468 Wlansvc - ok
21:59:23.0963 3468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:59:23.0979 3468 WmiAcpi - ok
21:59:24.0010 3468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:59:24.0057 3468 wmiApSrv - ok
21:59:24.0088 3468 WMPNetworkSvc - ok
21:59:24.0104 3468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:59:24.0135 3468 WPCSvc - ok
21:59:24.0151 3468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:59:24.0166 3468 WPDBusEnum - ok
21:59:24.0182 3468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:59:24.0213 3468 ws2ifsl - ok
21:59:24.0213 3468 WSearch - ok
21:59:24.0353 3468 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:59:24.0447 3468 wuauserv - ok
21:59:24.0509 3468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:59:24.0541 3468 WudfPf - ok
21:59:24.0572 3468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:59:24.0619 3468 WUDFRd - ok
21:59:24.0634 3468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:59:24.0665 3468 wudfsvc - ok
21:59:24.0681 3468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:59:24.0712 3468 WwanSvc - ok
21:59:24.0728 3468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:59:24.0977 3468 \Device\Harddisk0\DR0 - ok
21:59:24.0977 3468 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR9
21:59:25.0149 3468 \Device\Harddisk6\DR9 - ok
21:59:25.0149 3468 Boot (0x1200) (ba7d09f669847def1da2a4e3b21db1ec) \Device\Harddisk0\DR0\Partition0
21:59:25.0165 3468 \Device\Harddisk0\DR0\Partition0 - ok
21:59:25.0180 3468 Boot (0x1200) (df7258979f5a82bafc1df00645982bb2) \Device\Harddisk0\DR0\Partition1
21:59:25.0180 3468 \Device\Harddisk0\DR0\Partition1 - ok
21:59:25.0196 3468 Boot (0x1200) (8f01ba8c770d9ce535e345258eb08edf) \Device\Harddisk0\DR0\Partition2
21:59:25.0196 3468 \Device\Harddisk0\DR0\Partition2 - ok
21:59:25.0196 3468 Boot (0x1200) (d0b28d86966e46ebbf4b61f7e57861b5) \Device\Harddisk0\DR0\Partition3
21:59:25.0196 3468 \Device\Harddisk0\DR0\Partition3 - ok
21:59:25.0196 3468 Boot (0x1200) (03cf84373ad231a6b77e46a00d493d0b) \Device\Harddisk6\DR9\Partition0
21:59:25.0211 3468 \Device\Harddisk6\DR9\Partition0 - ok
21:59:25.0211 3468 ============================================================
21:59:25.0211 3468 Scan finished
21:59:25.0211 3468 ============================================================
21:59:25.0227 3164 Detected object count: 6
21:59:25.0227 3164 Actual detected object count: 6
21:59:53.0681 3164 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0681 3164 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:53.0697 3164 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0697 3164 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:53.0697 3164 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0697 3164 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:53.0697 3164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0697 3164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:53.0697 3164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0697 3164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:53.0697 3164 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:53.0697 3164 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
08.06.2012, 21:08
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2 - Auch mich hats erwischt! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen2 - Auch mich hats erwischt! |
| 7-zip, akamai, antivir, autorun, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, desktop, error, excel, firefox, flash player, format, helper, home, install.exe, langs, logfile, microsoft office word, microsoft security, office 2007, officejet, plug-in, realtek, registry, rundll, scan, searchscopes, security, software, svchost.exe, sweetim, updates, vdeck.exe, version=1.0, visual studio, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
