| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer Bildschirm steht drauf verbindung wird geladen danach schwarzWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.06.2012, 22:12
| #16 |
 |  Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz ja geht wieder alles vielen danke  und nein ich habe keine gefunden |
|
08.06.2012, 22:14
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
08.06.2012, 23:47
| #18 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Ich weiß nich ob ich auch den Extra.Txt posten soll also mach ich es einfach
__________________OTL.Txt Code:
ATTFilter OTL logfile created on: 09.06.2012 00:14:16 - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Babshuhn\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 49,79% Memory free 5,72 Gb Paging File | 3,19 Gb Available in Paging File | 55,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 27,38 Gb Free Space | 28,03% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 149,79 Gb Free Space | 40,69% Space Free | Partition Type: NTFS Computer Name: BABSHUHN-PC | User Name: Babshuhn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.09 00:11:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Babshuhn\Desktop\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- D:\hamachi-2.exe PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.10 05:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.02.10 05:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.01 12:33:56 | 002,531,104 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oaui.exe PRC - [2011.11.01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oasrv.exe PRC - [2011.11.01 12:33:52 | 001,163,800 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oahlp.exe PRC - [2011.11.01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Online Armor\oacat.exe PRC - [2011.05.06 18:00:35 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.03.03 09:58:22 | 000,578,848 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Ralink\Common\ApUI.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Ralink\Common\RaRegistry.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- D:\Sven\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.01 12:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2011.11.01 12:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Online Armor\oacat.exe -- (OAcat) SRV - [2011.05.13 15:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.15 22:49:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.02.10 06:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.11.01 12:34:28 | 000,040,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2011.11.01 12:34:10 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet) DRV - [2011.11.01 12:34:08 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice) DRV - [2011.11.01 12:34:08 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon) DRV - [2011.09.16 14:26:44 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS) DRV - [2011.04.12 11:46:00 | 000,013,824 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPub4DE3.sys -- (HPub4DE3) USB Mouse Low Filter Driver_4DE3 (WDF Version) DRV - [2011.03.09 10:44:52 | 000,020,992 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HPMo4DE3.sys -- (HPMo4DE3) Mouse Suite Driver_4DE3 (WDF Version) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.15 19:46:50 | 000,839,456 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.27 02:07:58 | 000,050,560 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.08.28 23:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem) DRV - [2001.05.07 12:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Babshuhn\Documents\Downloads IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/?kid=A1000000 IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A1 E6 4F 9D ED CA 01 [binary data] IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes,DefaultScope = {11A2F67F-1632-4092-921D-1BA4390DF1BD} IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes\{11A2F67F-1632-4092-921D-1BA4390DF1BD}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes\{1896CE0E-D8EB-4EEC-B0FF-45660A3931B0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=d5964dd1-ea3b-4709-85b4-5d8e1ea23b60&apn_sauid=D25EA717-3534-4A75-A8BF-3CE1C51FF389 IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Babshuhn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Babshuhn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2011.12.10 23:57:20 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Babshuhn\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Babshuhn\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babshuhn\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Babshuhn\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Dragon Age Legends: Remix 01 = C:\Users\Babshuhn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkiinhllammkfejicmjmhnanlbifccfj\3_0\ CHR - Extension: Dive Devil = C:\Users\Babshuhn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkgadkhfjmcbhhpjncpaajbfkmdmfoik\1.1.5_0\ O1 HOSTS File: ([2012.06.07 05:03:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2208606510-85354491-1940852428-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Babshuhn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38088DFA-7D73-446C-A4D6-DDAC57619E91}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E370BD7E-2FE4-453D-9693-B552651E152B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2208606510-85354491-1940852428-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Programme\Online Armor\oaevent.dll (Emsi Software GmbH) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {lXTP0Cq8-0o3i-jGt0-DZTH-UrYlWXzEbjCE} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.09 00:11:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Babshuhn\Desktop\OTL.exe [2012.06.08 18:35:53 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{4D914459-400B-4C1B-8FAB-EE1EDCFB3B48} [2012.06.08 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{A508E5E1-1CBB-42B5-888A-4404695E1071} [2012.06.08 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\Tracing [2012.06.08 13:34:34 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Roaming\Avira [2012.06.08 13:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.08 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\AskToolbar [2012.06.08 13:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.06.08 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\APN [2012.06.08 13:27:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.06.08 13:27:56 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.06.08 13:27:55 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.06.08 13:27:55 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.06.08 13:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.08 13:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.06.07 23:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.07 23:07:31 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Roaming\Malwarebytes [2012.06.07 23:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.07 23:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.07 23:06:51 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.07 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.07 06:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Absolutist [2012.06.07 06:02:20 | 000,401,408 | ---- | C] (Softanics) -- C:\Windows\System32\FlashPlayerControl.dll [2012.06.07 05:02:14 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2012.06.07 05:02:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.02 12:57:46 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{BCCAFFF6-9CF9-43A9-9D7F-86C1A4A666F7} [2012.06.02 12:57:41 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{A4780F43-6FCA-412C-BEB8-391B1920B427} [2012.06.01 15:11:07 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Roaming\default [2012.06.01 14:56:17 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{EF0AB712-089B-456F-B059-61A855A3FC8F} [2012.06.01 14:56:04 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{8EF4611A-C4FD-4F36-9380-885C8292C171} [2012.05.31 12:50:51 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{6D810632-C8EF-4347-B9FC-274697F360E1} [2012.05.31 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{C0983B12-5873-4A8A-99A4-7AAB55950135} [2012.05.30 20:43:21 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{B995F5B9-0310-49F0-8C50-E101D66AED5F} [2012.05.30 20:43:08 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{ED532FE5-809E-42AE-9BA4-664419736B86} [2012.05.29 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{1364AD62-EDCF-470D-A3AC-3A8948FC46BD} [2012.05.29 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{4E291171-B8C8-4C64-B612-449F8BA96DAC} [2012.05.28 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{AD09B6F7-BFCF-4E07-B91D-3F78E99FEC1C} [2012.05.28 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{6ABD3E6C-7FCD-49A3-9056-CEC699D540C5} [2012.05.28 07:01:12 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Roaming\Skype [2012.05.28 07:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.05.27 20:09:36 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{15519562-624E-4D14-892A-295B906CD333} [2012.05.27 20:09:23 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{B6E53676-E61B-430A-A08D-09271253770E} [2012.05.27 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{2E236D8D-2F57-4CD2-9C5F-6DC791A0A64D} [2012.05.27 13:20:54 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{8C1FE9E1-8A8A-43E5-8D7A-BF07C873F951} [2012.05.26 23:55:47 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{94F8234A-55A1-42FC-BEE8-E9234375BC5E} [2012.05.26 23:55:45 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{3163DBF1-8E7D-49B6-A704-8041BB7C4753} [2012.05.26 14:11:35 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{4F167AE3-902D-4B15-B3E8-A51E57943FB6} [2012.05.26 14:11:22 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{692C17F6-9CAE-4337-B573-F95F6EABB0D4} [2012.05.26 00:07:59 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{0394DD1A-662F-4653-971E-E1019A475EF6} [2012.05.26 00:07:44 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{FF805D10-FD66-43DF-BCB5-C032A3C9CE7A} [2012.05.24 16:47:15 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{1B2AA023-2CF1-4096-AE7B-5F1614243D1C} [2012.05.24 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{8BAD346D-FDD4-4AA9-ADE8-05CBA7CA5D52} [2012.05.23 20:50:19 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{371B2FCD-3070-48BC-A781-8E50269BC63D} [2012.05.23 20:50:17 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{18FC7042-C4B0-4593-A1AF-8B970C52FFCB} [2012.05.23 15:01:19 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{0B341903-D0D8-440F-B8FC-4FA092411F94} [2012.05.23 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{E02216DD-4C7A-4AC9-B004-10DD9FF5F9AD} [2012.05.22 14:22:34 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{EE905C5E-3986-4651-81C9-F075B0CEE290} [2012.05.22 14:22:21 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{51917E96-CD6F-4D84-8AE5-9CDBE37A3D9D} [2012.05.21 17:12:25 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{920A164B-4185-47BC-B167-65BC237106E8} [2012.05.21 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{D1AF6502-4C46-4BC1-B083-C8BFB04A0C07} [2012.05.20 12:50:08 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{B9FB16EA-0FE4-4304-A362-B1B7B2BE9DCD} [2012.05.20 12:49:55 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{8F922D8A-C60D-4629-A791-09B85488E940} [2012.05.19 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{1985CB14-B8CA-4007-95C4-5EF12248D375} [2012.05.19 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{97492168-21A6-4D7F-B867-F2AF8FF2BFDF} [2012.05.19 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{3063D913-E739-4D05-9439-981D9A61DCA1} [2012.05.19 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{06463D3B-B56B-4E36-AF7C-4ED2172C1395} [2012.05.18 19:52:26 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{A3EC9C98-F35B-4FFC-860F-BBF79CB15535} [2012.05.18 19:52:12 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{2F530367-9E3C-463A-B7C8-4F8A34C13444} [2012.05.18 01:00:49 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{2A8EC0AA-7A30-4C47-A97C-BC5F0EF00B53} [2012.05.18 01:00:36 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{74CF76FC-E258-4300-915D-54F884FE6FF6} [2012.05.16 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{0945BCFB-188D-44F0-9B48-F843A9A299C2} [2012.05.16 18:36:08 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{F81CAD5D-4BD0-4FAA-856C-E8CA377F057B} [2012.05.15 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{1FD601E8-B20D-4176-9E19-9AC81BD7A47A} [2012.05.15 18:25:10 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{121B87ED-B60F-4F6D-BB8C-9E2606F650A7} [2012.05.15 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{2DC6C098-1F11-4E21-A804-4651CA758DE7} [2012.05.15 15:55:07 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{5FD5657E-9D8A-4486-B3DE-180E10375349} [2012.05.14 17:03:30 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{7FCC66AC-366C-40FA-80E8-632BC4779E27} [2012.05.14 17:03:17 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{E6C5F716-3E44-4AE5-8D29-7A7BD462FEE6} [2012.05.13 19:02:58 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{0F869602-D0A0-4BC1-8FAA-F84AE8DCA348} [2012.05.13 19:02:45 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{987095B2-A660-4B7D-818B-A2785F8025DB} [2012.05.13 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{7FADEF57-F9D4-41BB-A728-5C435D26B061} [2012.05.13 13:16:49 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{FC67C8C6-EF16-4A60-BB2D-88767569C8C0} [2012.05.13 07:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.05.12 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{DD671A9B-6825-4962-894C-881BDED10A6F} [2012.05.12 20:41:20 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{60D2F367-0880-497B-A27A-3DC470B0D6A8} [2012.05.12 14:23:01 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{014A9E1B-0167-45FA-91AD-9144802F0C46} [2012.05.12 14:22:47 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{5A41DB86-4A84-4FA2-89B1-9FA39ED6D042} [2012.05.11 12:36:36 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{6F11FEC7-1D2C-4445-A4AD-0DCF4AB56C57} [2012.05.11 12:36:23 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{83D8367E-96FF-48CE-B7F4-B0C18C3C8A9D} [2012.05.10 23:33:03 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{0E08BB13-CCC8-4AAF-868C-650849745898} [2012.05.10 23:32:50 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{CEDDC7F3-E62C-4820-AD9A-93C24E32CD3F} [2012.05.10 16:41:44 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{601D9B64-BF8E-4273-B9B8-8D6878A3C76F} [2012.05.10 16:41:31 | 000,000,000 | ---D | C] -- C:\Users\Babshuhn\AppData\Local\{33F19A1E-7878-4049-A85D-4F495B6F52EA} [1 C:\Users\Babshuhn\AppData\Roaming\*.tmp files -> C:\Users\Babshuhn\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.09 00:11:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Babshuhn\Desktop\OTL.exe [2012.06.08 23:52:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 23:31:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2208606510-85354491-1940852428-1000UA.job [2012.06.08 22:53:05 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 22:53:05 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 21:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.08 15:43:02 | 000,471,040 | ---- | M] () -- C:\Users\Babshuhn\Desktop\Unleashed Launcher.exe [2012.06.08 14:59:27 | 000,630,648 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.08 14:59:27 | 000,597,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.08 14:59:27 | 000,127,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.08 14:59:27 | 000,104,916 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.08 14:54:05 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.06.08 14:53:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.06.08 14:53:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.08 13:31:02 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2208606510-85354491-1940852428-1000Core.job [2012.06.08 13:29:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.07 23:13:41 | 000,000,104 | ---- | M] () -- C:\Users\Babshuhn\Desktop\Internet - Verknüpfung.lnk [2012.06.07 23:07:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.07 06:02:21 | 000,000,788 | ---- | M] () -- C:\Users\Babshuhn\Desktop\Bubble Shooter.lnk [2012.06.07 05:03:54 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.06.02 18:36:33 | 000,064,512 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2012.05.22 22:27:47 | 000,000,483 | ---- | M] () -- C:\Users\Babshuhn\Desktop\MrFishIt.config.xml [2012.05.13 07:04:42 | 000,000,750 | ---- | M] () -- C:\Users\Babshuhn\Desktop\GameHouse Sudoku.lnk [2012.05.12 08:48:30 | 000,254,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.11 00:23:29 | 000,001,356 | ---- | M] () -- C:\Users\Babshuhn\AppData\Local\d3d9caps.dat [1 C:\Users\Babshuhn\AppData\Roaming\*.tmp files -> C:\Users\Babshuhn\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.08 17:55:34 | 000,471,040 | ---- | C] () -- C:\Users\Babshuhn\Desktop\Unleashed Launcher.exe [2012.06.08 13:29:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.06.07 23:13:41 | 000,000,104 | ---- | C] () -- C:\Users\Babshuhn\Desktop\Internet - Verknüpfung.lnk [2012.06.07 23:07:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.07 06:02:21 | 000,000,788 | ---- | C] () -- C:\Users\Babshuhn\Desktop\Bubble Shooter.lnk [2012.06.07 06:02:20 | 001,552,384 | ---- | C] () -- C:\Windows\System32\bshooter.scr [2012.05.22 22:27:47 | 000,000,483 | ---- | C] () -- C:\Users\Babshuhn\Desktop\MrFishIt.config.xml [2012.05.13 07:04:42 | 000,000,750 | ---- | C] () -- C:\Users\Babshuhn\Desktop\GameHouse Sudoku.lnk [2012.01.27 10:35:36 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys [2012.01.27 10:35:36 | 000,040,296 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys [2011.10.23 13:30:50 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.09.16 13:44:34 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2011.04.09 19:19:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.19 14:41:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.19 14:41:51 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.07.13 17:34:10 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2010.07.13 17:33:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll [2010.07.13 17:33:56 | 000,000,451 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini [2010.07.13 17:33:56 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini [2010.07.13 14:22:17 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2010.06.11 21:23:21 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin ========== LOP Check ========== [2012.03.20 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\.minecraft [2011.05.25 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\1morebee [2012.04.15 08:19:25 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Alawar [2012.02.24 15:05:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Alawar Entertainment [2011.11.17 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\aliasworlds [2011.07.13 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Arkadium [2011.08.21 07:13:12 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Artifex Mundi [2011.07.08 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Babylon [2010.12.29 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Boolat Games [2010.04.09 14:27:44 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Datel [2012.06.07 05:02:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\default [2011.07.14 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\DivoGames [2012.04.26 07:53:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Gamehouse All My Gods [2010.08.14 12:08:29 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\GamesCafe [2010.05.19 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\GOA [2011.06.24 05:46:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Green Clover Games [2010.08.28 07:23:14 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\IBAGroup [2011.06.11 07:18:44 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ICQ [2011.07.03 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\IrfanView [2011.06.25 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands [2011.09.25 07:35:35 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands2 [2012.03.22 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands3 [2011.01.31 11:18:15 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Jane s Hotel 3 [2012.04.28 21:40:18 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\LolClient [2012.04.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Meridian93 [2011.06.16 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\NevoSoft [2011.05.08 08:28:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\NevoSoft Games [2011.05.25 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Nevosoft-Breeze [2012.01.27 10:38:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OnlineArmor [2011.09.11 13:04:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OpenCandy [2010.04.20 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OpenOffice.org [2011.09.02 07:03:08 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PathToSuccess [2010.07.19 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PC Suite [2011.10.01 11:26:05 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PeaceCraft3 [2010.04.04 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PeerNetworking [2012.04.11 23:21:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Petroglyph [2012.06.01 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PlayFirst [2012.01.26 16:22:57 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sahmon Games [2012.01.03 12:40:17 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Samsung [2011.04.10 00:28:45 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Settlement. Colossus [2010.05.14 07:58:42 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ShinyTales [2012.01.03 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sierra [2010.04.28 17:22:42 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sierra Entertainment [2010.06.04 16:18:25 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Skip-Bo [2011.06.23 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Tobit [2012.06.07 05:02:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\toolplugin [2011.08.13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\TS3Client [2011.08.13 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ts3overlay [2011.06.01 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\UAs [2010.06.11 20:23:21 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Ubisoft [2011.08.16 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\UltimateZip [2011.12.21 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ValuSoft [2010.07.27 13:28:10 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Virtual City [2010.12.15 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Windows Live Writer [2011.12.10 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\World-Loom [2011.10.19 23:27:36 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\www.rene-zeidler.de [2011.06.01 14:50:10 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\xmldm [2011.05.04 07:51:56 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\YoudaGames [2011.02.02 16:17:54 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Zylom [2012.06.08 14:20:59 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.20 19:30:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\.minecraft [2011.05.25 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\1morebee [2011.11.28 11:38:05 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Adobe [2012.04.15 08:19:25 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Alawar [2012.02.24 15:05:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Alawar Entertainment [2011.11.17 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\aliasworlds [2011.10.29 20:09:06 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Apple Computer [2011.07.13 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Arkadium [2011.08.21 07:13:12 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Artifex Mundi [2012.06.08 13:34:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Avira [2011.07.08 09:15:39 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Babylon [2010.12.29 08:39:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Boolat Games [2010.04.09 14:27:44 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Datel [2012.06.07 05:02:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\default [2011.07.14 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\DivoGames [2012.04.26 07:53:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Gamehouse All My Gods [2010.08.14 12:08:29 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\GamesCafe [2010.05.19 18:35:22 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\GOA [2011.06.24 05:46:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Green Clover Games [2010.08.28 07:23:14 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\IBAGroup [2011.06.11 07:18:44 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ICQ [2011.02.02 16:17:54 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Identities [2010.04.18 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\InstallShield [2011.07.03 18:25:28 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\IrfanView [2011.06.25 21:53:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands [2011.09.25 07:35:35 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands2 [2012.03.22 13:04:30 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Islands3 [2011.01.31 11:18:15 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Jane s Hotel 3 [2012.04.28 21:40:18 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\LolClient [2010.07.29 15:16:27 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Macromedia [2012.06.07 23:07:31 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Media Center Programs [2012.04.07 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Meridian93 [2011.11.28 11:38:05 | 000,000,000 | --SD | M] -- C:\Users\Babshuhn\AppData\Roaming\Microsoft [2012.04.20 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Mozilla [2011.06.16 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\NevoSoft [2011.05.08 08:28:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\NevoSoft Games [2011.05.25 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Nevosoft-Breeze [2012.02.26 19:43:35 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\NVIDIA [2012.01.27 10:38:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OnlineArmor [2011.09.11 13:04:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OpenCandy [2010.04.20 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\OpenOffice.org [2011.09.02 07:03:08 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PathToSuccess [2010.07.19 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PC Suite [2011.10.01 11:26:05 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PeaceCraft3 [2010.04.04 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PeerNetworking [2012.04.11 23:21:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Petroglyph [2012.06.01 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\PlayFirst [2011.02.20 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Realore_Whiterra Roads Of Rome [2011.03.24 21:17:37 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Realore_Whiterra Roads Of Rome 2 [2011.11.04 14:41:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Realore_Whiterra Roads Of Rome 3 [2012.01.26 16:22:57 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sahmon Games [2012.01.03 12:40:17 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Samsung [2011.04.10 00:28:45 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Settlement. Colossus [2010.05.14 07:58:42 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ShinyTales [2012.01.03 12:20:58 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sierra [2010.04.28 17:22:42 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sierra Entertainment [2010.06.04 16:18:25 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Skip-Bo [2012.05.29 06:18:08 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Skype [2012.06.08 07:17:57 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Sun [2011.06.23 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Tobit [2012.06.07 05:02:13 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\toolplugin [2011.08.13 21:42:00 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\TS3Client [2011.08.13 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ts3overlay [2011.06.01 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\UAs [2010.06.11 20:23:21 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Ubisoft [2011.08.16 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\UltimateZip [2011.12.21 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\ValuSoft [2010.07.27 13:28:10 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Virtual City [2010.04.20 09:36:41 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Winamp [2010.12.15 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Windows Live Writer [2011.08.16 19:24:28 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\WinRAR [2011.12.10 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\World-Loom [2011.10.19 23:27:36 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\www.rene-zeidler.de [2011.06.01 14:50:10 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\xmldm [2011.05.04 07:51:56 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\YoudaGames [2011.02.02 16:17:54 | 000,000,000 | ---D | M] -- C:\Users\Babshuhn\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2012.03.31 13:20:00 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Babshuhn\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe [2010.10.16 23:46:42 | 000,107,008 | R--- | M] () -- C:\Users\Babshuhn\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A1.exe [2010.10.16 23:46:42 | 000,004,608 | R--- | M] () -- C:\Users\Babshuhn\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A2.exe [2010.10.16 23:46:42 | 000,106,496 | R--- | M] () -- C:\Users\Babshuhn\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A3.exe [2010.10.16 23:46:42 | 000,107,008 | R--- | M] () -- C:\Users\Babshuhn\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A4.exe [2010.10.16 23:46:42 | 000,210,432 | R--- | M] () -- C:\Users\Babshuhn\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A5.exe [2011.09.11 13:04:13 | 000,000,000 | ---- | M] () -- C:\Users\Babshuhn\AppData\Roaming\OpenCandy\OpenCandy_AD5C917A06F340D890F968515A411092\LatestDLMgr.exe < %SYSTEMDRIVE%\*.exe > [2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.06 18:00:34 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.05.06 18:00:34 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2012 00:14:16 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Babshuhn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 49,79% Memory free
5,72 Gb Paging File | 3,19 Gb Available in Paging File | 55,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 27,38 Gb Free Space | 28,03% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 149,79 Gb Free Space | 40,69% Space Free | Partition Type: NTFS
Computer Name: BABSHUHN-PC | User Name: Babshuhn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F06D97-547F-4041-9520-0340037C01ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B4E13E1-BF82-4D44-B6FE-BCBC59846D4E}" = rport=5357 | protocol=6 | dir=out | app=system |
"{13C247C6-EF66-4849-92BB-872B7BADED32}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{14949907-8DF3-41EB-8845-F8EA972DE76C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1E0BD018-7022-4051-991D-FCC0849ADA99}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{2C1A270F-B78B-46CF-A8CC-088EA6047209}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2F51BA65-D2C5-4799-BD20-6A4E6F0F48DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31408C91-761C-4BE7-8C60-6960657FF6D1}" = lport=2345 | protocol=6 | dir=in | name=hund |
"{34CA2B13-DAAE-420B-8C27-617AC87D8CE0}" = lport=138 | protocol=17 | dir=in | app=system |
"{36E2FE50-41EB-494E-AFEB-29A530D46D36}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{37F3359D-E50A-4906-84DF-92B9CDC7B083}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{4176FC27-D757-4745-AB2E-E08CF8A18236}" = lport=5357 | protocol=6 | dir=in | app=system |
"{47AF7B91-1D83-4DDF-9AC8-E0F268EC360D}" = rport=139 | protocol=6 | dir=out | app=system |
"{54CC9D89-FD27-41E1-A846-FB43FC43FBC2}" = lport=139 | protocol=6 | dir=in | app=system |
"{629E0DC2-B265-4567-A91A-3B0E25A87DA7}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{66939384-5368-41AD-810F-9000843D6A05}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6AE0EB47-CC8D-4A27-8084-BA549127EB0A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6BADDE29-62A3-4109-BD55-36E5C8472A9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{706F6B2A-F86C-4894-A5A2-A81D86386913}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{70D0FAC0-DD0E-4A22-B145-97AA46D90410}" = lport=445 | protocol=6 | dir=in | app=system |
"{756E2669-EDA7-47DD-A1C2-E5CAC5120DD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{76E2761B-3BC7-4040-A0CD-A3F60D54FA7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79B437F8-0D4A-4343-9F72-37D5A2B78908}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7B85056B-3398-4F0A-9D52-5638C016B6B6}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C49BC08-B0F1-4C67-BEE2-51446FF3E688}" = lport=2345 | protocol=17 | dir=in | name=hund |
"{7E1DF3E4-9A01-4E2D-BB1C-C617954FB7A1}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{7E51C722-2E54-49A4-8828-95DF5B59956A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{7F88D781-A9D1-4F5E-96B6-5272CB451BDE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{81082BE5-7C96-4ED4-AE46-C386AB8F4863}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83CFE03E-5CB0-486B-9EEC-826EEE7DDA64}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{931357F3-A795-4C01-BC27-813F03B4E213}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A06A2930-AFA9-43DA-B49D-47EEFD1AFAE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A71592FB-822B-4693-A0E0-94A1B300E7CD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{A9D49F07-4F1B-4E4E-9E24-13E1F635545B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC000537-DE99-4377-91E9-3B72301E3427}" = lport=5358 | protocol=6 | dir=in | app=system |
"{B0A0752C-0925-41DE-90BC-E0BB5D465B0D}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{B2A1888F-295D-458F-A667-4840F857F229}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE8D4F3F-970C-4D3C-8B02-C6176D861074}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{C64018E9-5FBE-4106-A4CE-C8F6E8C690E3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C80B2A75-F1CE-4B67-B854-2FAE9ED1F3AC}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CEC9C14C-A028-4439-8C16-B1FC5610EF45}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D5A12975-3487-43E5-8A84-94751BE4D699}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{D63BD95A-D7E5-41B6-88C7-8F5A8F0FC142}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DBB5DB82-E107-4C71-811E-163DF8405B77}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{E06F6393-04A5-4F78-B633-32CEADF1CA8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6340EA7-6B59-4744-925C-7FCD890B23A0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{EA211B31-DCC3-4396-AE29-5C8D120D9BED}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F1B832BF-36EB-4FDE-BF49-4971903FE06D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{F89801FB-96B9-4555-BB6C-F6060D89479E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8C14BC1-F59C-40F2-98FD-C4E3BD0A624A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{FADB32BF-20E4-419E-AEFE-3C6887AA6ACB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC92394A-8765-4412-B7F2-941745643BB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FE5090BF-104C-48A1-BE8D-55E4984E3A29}" = rport=5358 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FC0863-2062-4A30-B264-66D443A5AA7B}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{04BF0601-8DD0-4851-8D32-80586A5C9105}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{0614AAC7-A6EB-4B9C-AB79-15324612A357}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{06E597CB-7CA1-4DE7-80FB-9FDBFB9B18AA}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{08AC8C3E-7AA8-476F-9FB6-C31333B01C5E}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{0C33E27E-52A5-4DEC-847B-872846B29F1F}" = protocol=17 | dir=in | app=d:\world of warcraft\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{0C8AAE2F-245A-4FF0-9329-92C71FA9CB0C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{106F76B2-E6ED-49DB-98FD-9E983CDC742F}" = protocol=17 | dir=in | app=d:\sven\world of warcraft\launcher.patch.exe |
"{10C8831C-8A77-472F-8E14-11854BC12DD5}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{13D94804-4372-4519-9EAD-6C87D073A5F7}" = protocol=6 | dir=in | app=d:\sven\sven\spartan.exe |
"{159B8DAC-6A4F-4330-92D1-375180481F61}" = protocol=6 | dir=in | app=c:\zylom games\farm craft\farmcraft.exe |
"{1857DC83-B3A7-4EE5-AF5E-7736F85C05D8}" = protocol=6 | dir=in | app=d:\sven\strongholdlegends.exe |
"{1B46C6D6-EFC0-45C9-89C6-DA60665075AF}" = protocol=6 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 00fdaad4\installer.exe |
"{24B1FDEC-D8BA-4226-8EC5-A4C22570E4FD}" = protocol=17 | dir=in | app=c:\zylom games\farm craft\farmcraft.exe |
"{293A15C1-F1E9-4B5D-93DF-F620F13B1966}" = protocol=17 | dir=in | app=d:\sven\world of warcraft\launcher.exe |
"{2988B52C-4B8D-4307-B100-D4BBC2D9A41F}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{2D00C489-035D-4DDC-98EA-7D5F38DB48ED}" = protocol=6 | dir=in | app=d:\world of warcraft\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{2F9A19A6-FE1B-41CD-8E7E-F4888EBBA44B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{33FAB84D-D866-4751-95BD-DDD32363D7BD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{361A7350-8FB0-44AA-A7B7-D7C0CB444FF1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3B172D46-4048-4FCE-B7B2-2027A16899FB}" = protocol=6 | dir=in | app=d:\sven\world of warcraft\launcher.patch.exe |
"{3C566491-017A-4805-8750-ED20925C8A70}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{3F6871A2-87F7-4C47-96B0-F994C1F58B3F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{440C366C-EC52-4804-AA80-D0010CE9E697}" = protocol=6 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 000e0a7b\installer.exe |
"{44A22047-1F12-426A-AA40-378B20385EC0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45B820D7-7F1F-4154-8B07-6ED6EF105872}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{4A3AB8B4-F549-405F-8B1A-A960A1FFE7BF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4E169933-CCD0-4FC8-9819-B3962B3E54F3}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{4F9795FF-CBA0-4B22-935A-D945D82445E3}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{4FF5F435-0838-4CFD-8FAE-3B595F119541}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{526DF43B-C0D0-4660-94C0-B8DEE649F7F9}" = protocol=17 | dir=in | app=d:\sven\sven\spartan.exe |
"{5BD3DEE9-CF39-4075-85CA-3BE94C951110}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{5EFD9432-2773-4357-B0E1-E4A69B6C5968}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{5F6BC138-47FE-40BF-B51D-FA0EC8037A60}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5FFDAF6C-0911-4A91-AB4D-9727C4A7D8A6}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{61152E7F-D044-4057-A0D3-102DB51E2FF0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{62F68CA6-2EAD-4791-8A1A-2B149DC893E8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{63F87D3C-AF7A-4096-9BE2-DF3E13F09768}" = protocol=17 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 00fdaad4\installer.exe |
"{666269BF-2ABF-4D15-98B3-C6B08935D439}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{68E73738-A748-4EA2-ACFA-EB1469E76EE2}" = protocol=6 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{6B3F4F3D-16CE-4661-BE90-3B1F35345138}" = protocol=17 | dir=in | app=c:\users\babshuhn\documents\downloads\facemoods.exe |
"{6F986592-8E1B-40D7-B972-D7725FB86AA2}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{70E149EC-7928-4662-9F68-AA9FD76263AD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{7498B0D0-96A4-492B-84CD-7445EC3D5FA7}" = protocol=6 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 007deca1\installer.exe |
"{75517B0D-9444-402B-904B-BCEF3D7957D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77E9D8CD-D8AD-4274-8AB9-639566C3FBF8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{77FF7A2E-B1AD-4143-9AF1-790181C57C77}" = protocol=17 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 007deca1\installer.exe |
"{79B1868C-24D6-4E38-AD1F-A2AF9C1016EE}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{7AAAC083-BF97-4EB4-B4D1-4CA3BF21A30B}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8094F2C3-F0E1-40D5-B743-C8C66D1FD9E9}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{833A5FBE-0600-41AA-812D-3BC3FAED316E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{835E4B29-6744-46F3-9224-3ADEB2B370F6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{850F880E-E540-4389-B4EA-62B7141B38FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8A12C8ED-7942-4412-A340-BAEF2C071D42}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{8E360C04-2C41-4966-A080-EDF533AD4D7A}" = protocol=6 | dir=in | app=c:\users\babshuhn\documents\downloads\facemoods.exe |
"{9157542F-5332-4D65-9928-1AD30539603C}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{94494E2A-7B4A-4D04-AC88-4F6BB0361243}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{94E9E39F-730C-4D5E-9639-A6529B78E76B}" = protocol=17 | dir=in | app=c:\users\babshuhn\appdata\local\microsoft\windows\temporary internet files\content.ie5\rqfv8t38\sweetimsetup[1].exe |
"{9622AA7C-3780-4F0D-8D26-93585EFC4772}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{981A94DB-76BD-4FF6-BFE2-08AFAFB00CC7}" = protocol=17 | dir=in | app=c:\users\babshuhn\appdata\local\temp\blizzard installer bootstrap - 000e0a7b\installer.exe |
"{99EE3FD1-42C5-43CD-A75A-DB82B87F1604}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9BF7171B-1684-4E37-AAD0-72132DFEE658}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{9E78385C-0C45-44DE-93BE-ECD791A2A54C}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AB347BE8-7E35-45C6-81D8-2EC0C0EC5B00}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF397F0C-66AD-4B23-B727-4E619F41E0C8}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{AF8E381F-DECE-4CF3-B412-5E0C38ABAEDB}" = protocol=6 | dir=in | app=d:\sven\world of warcraft\launcher.exe |
"{AFB3FA7E-D1B6-4701-897F-8BE5560DB524}" = protocol=17 | dir=in | app=c:\program files\warcraft iii\warcraft iii.exe |
"{B9185D01-4136-4755-82C1-5F4004F22038}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{BF92D9F5-69DB-4230-AED3-5D3A728E5FB9}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{C30514BE-894A-4835-AFAA-1085C80A2FA6}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{C35045FF-A4D8-4C66-8604-C39B30FB6C41}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{C55895BB-0C00-4827-ACAD-D326CE666525}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{C7370D58-C531-4391-B6BD-337BC733C435}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{D42D60A0-40B3-4B79-BF2C-625BED911D2A}" = protocol=17 | dir=in | app=c:\program files\datel\action replay code manager\actionreplaycodemanager.exe |
"{D488E16D-E492-4BA1-AE2E-0A165597D648}" = protocol=17 | dir=in | app=c:\users\babshuhn\downloads\facemoods.exe |
"{D4B667A1-3F85-4408-BF3B-A2E970B2A457}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{D74B1A4D-425C-4E11-A60F-455673233442}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{DBE38421-A173-4FEB-89E5-CC917E0DEE74}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{DE0EA941-4431-43B1-BD0D-5939060CF79F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{DFA0DCFA-5AFE-4749-9DFA-DBA246F9F032}" = protocol=6 | dir=in | app=c:\users\babshuhn\downloads\facemoods.exe |
"{E391A814-8238-4B01-95AC-F17B74DFFB18}" = protocol=6 | dir=in | app=c:\program files\datel\action replay code manager\actionreplaycodemanager.exe |
"{E8ED2ECD-4AD0-4FBB-A09E-50D5930DA6F3}" = protocol=17 | dir=in | app=d:\sven\strongholdlegends.exe |
"{EA06FF01-C568-41B3-BD3B-E9C70AD6A80B}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{EC6025F1-352C-4288-96DE-0864555CF201}" = protocol=6 | dir=in | app=c:\users\babshuhn\appdata\local\microsoft\windows\temporary internet files\content.ie5\rqfv8t38\sweetimsetup[1].exe |
"{ED044D13-1D43-4ED8-9DC4-F811DF97DFF6}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{F24FD6CD-94E9-402A-B742-FC1C2E6F305D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F459D4DC-F7E3-4763-B569-E0CBD0EA62DB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F64B7312-BAFA-4063-996B-A37FEA7F7053}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FD0BF110-F303-4C2D-8330-52278F63D751}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FE861123-530B-4A15-9487-79D253E6A8C1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{11D7AEEB-4345-40AD-A332-6E3E036CDD27}D:\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{174DD8F0-E6F8-4194-9A33-951EDB7D35C5}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{1E3F4DE6-BC21-4CCF-94AB-096CAF9129EB}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{2DC4A815-8E5A-4176-9060-7B62F054C6EC}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{31A00C70-C1FA-4C8D-8584-040F1A688DE7}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{35B2751B-07B0-42F9-9D00-1C487FB37894}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{41D95333-88F0-4AD3-BF03-D8B6FEFA5F73}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
"TCP Query User{75309F62-20DA-4BD3-9ECA-A7F53433154A}D:\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{81678C21-A8AF-4D57-8FAC-76A60A0DB62D}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{85E851F4-1007-4853-A7AB-8174B7D7434F}D:\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{AEAF56E2-3D88-4BDC-84CE-D243286EA0CF}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{B3C70786-5562-4C69-969E-9D2861008FC8}D:\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{BDCC5284-B9E0-48A8-A363-8CC5E1ED248B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D57C7CB1-02CD-48F7-9AB2-EF8BC601FA36}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{DCE9C1DB-CD95-4F66-AE13-3ADD62730140}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"TCP Query User{E09E1425-A5FB-40B1-AF09-0507DE1ADD24}D:\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{ECF45331-D8EC-489F-8A21-8BE457968AB4}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{F6B34C05-C1DB-42B9-BCE3-5E1C51536DC0}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{033D013D-7F16-4702-9C44-FADE38D649EC}D:\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{0CFD9193-89CB-4634-8C8D-8A9378658344}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{42E5163B-B1D8-4F39-9A7C-E7ADF2628F1A}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{63F8CF01-C749-45A9-9ABA-AAE9F5D1B0FE}C:\program files\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{64B2FD00-4545-4B3B-A83A-F613349F491C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{66A659CF-1F85-4BC9-B5DC-BCC2DC43C83A}D:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{760F7712-FBF7-472C-955A-60271A00F3E0}C:\program files\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{8367010C-F2C7-4688-BA3D-743B42E258B7}D:\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{A6EC9105-F42A-4EBB-86C7-A5672D3AAAB3}D:\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{AC006146-25C4-478E-BBAB-60CB8579BC46}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{B88972FD-270A-4555-973A-2EA2270A9A7F}C:\program files\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{B949043B-C9F8-42C9-BDC3-B5BE3883D53A}D:\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{C7CCEC19-A9D8-4344-B498-623811FAF011}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{CA07D310-7FAD-4025-BC78-1F2028C92C14}D:\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{CBFE6B74-1F0A-4D59-983B-7D30B87DDE3B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E7CF3852-C143-4B32-A1F8-413036C4887F}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"UDP Query User{F06578C5-8442-4931-A145-EBD86D9FA5DC}D:\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{FC281614-8FB4-42A1-B8E5-88E66CD824B6}C:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=c:\program files\the games company\empire earth ultimate edition\empire earth i zde\ee-aoc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EE2B017-D82C-4B12-B071-5CF1B23D1A42}" = SweetIM for Messenger 3.4
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{56D18860-C802-4158-A7BC-C8C1CDB84484}}_is1" = Nordschlacht Launcher 1.1
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{949460AD-3C77-44FD-8D78-BF605EF28114}" = EMEA02
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"10d223983c4726c547307e2a1f0a7525" = GameHouse Sudoku
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"cb190d64a8a5519d00c138dd283bc4b5" = Vampires vs. Zombies
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"fbe83e4b6f63f3e850ac3907350adb95" = Bubble Shooter
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"Generic USB 106 Sound" = USB Multi-Channel Audio Device
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"OnlineArmor_is1" = Online Armor 5.1
"Pivot 2.3.0 Deutsch" = Pivot 2.3.0 Deutsch
"PS3Xploder" = PS3 Xploder Cheat System
"StarCraft II" = StarCraft II
"toolplugin" = toolplugin
"UltimateZip_is1" = UltimateZip
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"d8be6c3f847d7d92" = Ghost Recon Online
"Google Chrome" = Google Chrome
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"Pflanzen gegen Zombies Deluxe" = Pflanzen gegen Zombies Deluxe
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2012 15:10:26 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2012 15:24:53 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2012 22:57:29 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.06.2012 03:46:06 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.06.2012 10:15:27 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.06.2012 16:57:58 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2012 06:47:49 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.06.2012 07:12:55 | Computer Name = Babshuhn-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul uzshlex.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x089a20ec, Prozess-ID 0x878,
Anwendungsstartzeit 01cd45641e26d9f1.
Error - 08.06.2012 07:51:46 | Computer Name = Babshuhn-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16421, Zeitstempel
0x4d76255d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00740070, Prozess-ID 0x1078, Anwendungsstartzeit
01cd456478bec6c1.
Error - 08.06.2012 08:53:54 | Computer Name = Babshuhn-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.06.2012 18:25:20 | Computer Name = Babshuhn-PC | Source = bowser | ID = 8003
Description =
Error - 06.06.2012 15:26:56 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.06.2012 22:59:33 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2012 03:48:06 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2012 10:17:28 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2012 10:51:52 | Computer Name = Babshuhn-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 07.06.2012 10:52:01 | Computer Name = Babshuhn-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 07.06.2012 16:59:59 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.06.2012 06:49:49 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.06.2012 08:56:03 | Computer Name = Babshuhn-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
09.06.2012, 00:02
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Babshuhn\Documents\Downloads
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://web.de/?kid=A1000000
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A1 E6 4F 9D ED CA 01 [binary data]
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes,DefaultScope = {11A2F67F-1632-4092-921D-1BA4390DF1BD}
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes\{11A2F67F-1632-4092-921D-1BA4390DF1BD}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\SearchScopes\{1896CE0E-D8EB-4EEC-B0FF-45660A3931B0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=d5964dd1-ea3b-4709-85b4-5d8e1ea23b60&apn_sauid=D25EA717-3534-4A75-A8BF-3CE1C51FF389
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2208606510-85354491-1940852428-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Programme\Ask.com
C:\Users\Babshuhn\AppData\Roaming\Babylon
C:\Users\Babshuhn\AppData\Roaming\xmldm
C:\Users\Babshuhn\AppData\Roaming\UAs
C:\Users\Babshuhn\AppData\Roaming\kock
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2012, 13:13
| #20 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz ich habe das gemacht und als der computer sich neu gestartet hatt waren 2 scrips auf dem desktop gespeichert beide mit dem namen desktop.ini 1. Code:
ATTFilter [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
Code:
ATTFilter [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Live Messenger.lnk=@C:\PROGRA~1\WI1F86~1\MESSEN~1\msgslang.dll,-100
Windows Live Messenger (2).lnk=@C:\PROGRA~1\WI1F86~1\MESSEN~1\msgslang.dll,-100
|
|
10.06.2012, 00:10
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Die desktop.ini interessiert mich nicht, das sind Standarddateien, die immer da sind, nur werden die normalerweise von Windows in den Standardeinstellungen nur nicht angezeigt! Das Log von OTL müsste in C:\_OTL liegen bitte nachsehen und posten
__________________ --> Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz |
|
10.06.2012, 15:32
| #22 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz in _OTL is nur der ordner Movedfiles |
|
10.06.2012, 17:06
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 21:10
| #24 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Das habe ich doch schon ma gemacht O.o? |
|
11.06.2012, 09:16
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Ja und? Beim ersten Fix aber nicht bei dem letzten Fix!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.06.2012, 01:19
| #26 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz ja srx ich weiß nich genau was ich hier mache darum :S habe es aber jetzt gemacht und nochma vielen dank das du mir hilfst |
|
12.06.2012, 11:03
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.06.2012, 10:53
| #28 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarzCode:
ATTFilter 11:49:46.0800 1488 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:49:47.0127 1488 ============================================================
11:49:47.0127 1488 Current date / time: 2012/06/13 11:49:47.0127
11:49:47.0127 1488 SystemInfo:
11:49:47.0127 1488
11:49:47.0127 1488 OS Version: 6.0.6002 ServicePack: 2.0
11:49:47.0127 1488 Product type: Workstation
11:49:47.0127 1488 ComputerName: BABSHUHN-PC
11:49:47.0127 1488 UserName: Babshuhn
11:49:47.0127 1488 Windows directory: C:\Windows
11:49:47.0127 1488 System windows directory: C:\Windows
11:49:47.0127 1488 Processor architecture: Intel x86
11:49:47.0127 1488 Number of processors: 2
11:49:47.0127 1488 Page size: 0x1000
11:49:47.0127 1488 Boot type: Normal boot
11:49:47.0127 1488 ============================================================
11:49:48.0035 1488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:49:48.0051 1488 ============================================================
11:49:48.0051 1488 \Device\Harddisk0\DR0:
11:49:48.0051 1488 MBR partitions:
11:49:48.0051 1488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
11:49:48.0051 1488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
11:49:48.0051 1488 ============================================================
11:49:48.0082 1488 C: <-> \Device\Harddisk0\DR0\Partition0
11:49:48.0129 1488 D: <-> \Device\Harddisk0\DR0\Partition1
11:49:48.0129 1488 ============================================================
11:49:48.0129 1488 Initialize success
11:49:48.0129 1488 ============================================================
11:50:16.0880 5228 ============================================================
11:50:16.0880 5228 Scan started
11:50:16.0880 5228 Mode: Manual; SigCheck; TDLFS;
11:50:16.0880 5228 ============================================================
11:50:17.0332 5228 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:50:17.0535 5228 ACPI - ok
11:50:17.0613 5228 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:50:17.0628 5228 AdobeARMservice - ok
11:50:17.0691 5228 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:50:17.0722 5228 adp94xx - ok
11:50:17.0753 5228 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:50:17.0800 5228 adpahci - ok
11:50:17.0816 5228 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:50:17.0862 5228 adpu160m - ok
11:50:17.0878 5228 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:50:17.0925 5228 adpu320 - ok
11:50:17.0956 5228 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:50:18.0065 5228 AeLookupSvc - ok
11:50:18.0159 5228 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:50:18.0221 5228 AFD - ok
11:50:18.0284 5228 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
11:50:18.0315 5228 AFS ( UnsignedFile.Multi.Generic ) - warning
11:50:18.0315 5228 AFS - detected UnsignedFile.Multi.Generic (1)
11:50:18.0346 5228 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:50:18.0377 5228 agp440 - ok
11:50:18.0408 5228 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:50:18.0424 5228 aic78xx - ok
11:50:18.0471 5228 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:50:18.0580 5228 ALG - ok
11:50:18.0596 5228 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:50:18.0627 5228 aliide - ok
11:50:18.0642 5228 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:50:18.0658 5228 amdagp - ok
11:50:18.0674 5228 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:50:18.0705 5228 amdide - ok
11:50:18.0720 5228 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:50:18.0767 5228 AmdK7 - ok
11:50:18.0798 5228 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:50:18.0830 5228 AmdK8 - ok
11:50:18.0923 5228 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:50:18.0954 5228 AntiVirSchedulerService - ok
11:50:18.0986 5228 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:50:19.0001 5228 AntiVirService - ok
11:50:19.0048 5228 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:50:19.0079 5228 AntiVirWebService - ok
11:50:19.0126 5228 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:50:19.0173 5228 Appinfo - ok
11:50:19.0266 5228 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:50:19.0282 5228 Apple Mobile Device - ok
11:50:19.0313 5228 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:50:19.0344 5228 arc - ok
11:50:19.0360 5228 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:50:19.0391 5228 arcsas - ok
11:50:19.0422 5228 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:19.0469 5228 AsyncMac - ok
11:50:19.0485 5228 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:50:19.0516 5228 atapi - ok
11:50:19.0547 5228 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:50:19.0594 5228 AudioEndpointBuilder - ok
11:50:19.0594 5228 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:50:19.0641 5228 Audiosrv - ok
11:50:19.0672 5228 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
11:50:19.0750 5228 avgntflt - ok
11:50:19.0766 5228 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
11:50:19.0797 5228 avipbb - ok
11:50:19.0812 5228 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
11:50:19.0859 5228 avkmgr - ok
11:50:19.0906 5228 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:50:19.0984 5228 b57nd60x - ok
11:50:20.0015 5228 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:50:20.0062 5228 Beep - ok
11:50:20.0109 5228 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:50:20.0156 5228 BFE - ok
11:50:20.0218 5228 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:50:20.0312 5228 BITS - ok
11:50:20.0327 5228 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:50:20.0390 5228 blbdrive - ok
11:50:20.0452 5228 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:50:20.0499 5228 Bonjour Service - ok
11:50:20.0561 5228 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:50:20.0608 5228 bowser - ok
11:50:20.0639 5228 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:50:20.0686 5228 BrFiltLo - ok
11:50:20.0717 5228 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:50:20.0764 5228 BrFiltUp - ok
11:50:20.0795 5228 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:50:20.0842 5228 Browser - ok
11:50:20.0858 5228 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:50:21.0014 5228 Brserid - ok
11:50:21.0045 5228 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:50:21.0123 5228 BrSerWdm - ok
11:50:21.0154 5228 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:50:21.0216 5228 BrUsbMdm - ok
11:50:21.0248 5228 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:50:21.0372 5228 BrUsbSer - ok
11:50:21.0388 5228 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:50:21.0466 5228 BTHMODEM - ok
11:50:21.0497 5228 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:21.0544 5228 cdfs - ok
11:50:21.0669 5228 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:50:21.0700 5228 cdrom - ok
11:50:21.0731 5228 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:50:21.0778 5228 CertPropSvc - ok
11:50:21.0840 5228 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:50:21.0903 5228 circlass - ok
11:50:21.0981 5228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:50:22.0012 5228 CLFS - ok
11:50:22.0074 5228 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:22.0106 5228 clr_optimization_v2.0.50727_32 - ok
11:50:22.0152 5228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:22.0168 5228 clr_optimization_v4.0.30319_32 - ok
11:50:22.0199 5228 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:50:22.0230 5228 cmdide - ok
11:50:22.0246 5228 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
11:50:22.0262 5228 Compbatt - ok
11:50:22.0277 5228 COMSysApp - ok
11:50:22.0308 5228 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:50:22.0324 5228 crcdisk - ok
11:50:22.0355 5228 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:50:22.0402 5228 Crusoe - ok
11:50:22.0433 5228 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
11:50:22.0496 5228 CryptSvc - ok
11:50:22.0574 5228 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:50:22.0636 5228 DcomLaunch - ok
11:50:22.0683 5228 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:50:22.0745 5228 DfsC - ok
11:50:22.0886 5228 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:50:22.0995 5228 DFSR - ok
11:50:23.0120 5228 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:50:23.0182 5228 Dhcp - ok
11:50:23.0229 5228 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:50:23.0260 5228 disk - ok
11:50:23.0291 5228 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:50:23.0354 5228 Dnscache - ok
11:50:23.0400 5228 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:50:23.0463 5228 dot3svc - ok
11:50:23.0494 5228 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:50:23.0556 5228 DPS - ok
11:50:23.0588 5228 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:50:23.0619 5228 drmkaud - ok
11:50:23.0681 5228 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:23.0728 5228 DXGKrnl - ok
11:50:23.0759 5228 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:50:23.0837 5228 E1G60 - ok
11:50:23.0853 5228 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:50:23.0915 5228 EapHost - ok
11:50:23.0978 5228 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:50:24.0009 5228 Ecache - ok
11:50:24.0087 5228 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:50:24.0134 5228 ehRecvr - ok
11:50:24.0149 5228 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:50:24.0196 5228 ehSched - ok
11:50:24.0196 5228 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:50:24.0243 5228 ehstart - ok
11:50:24.0290 5228 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:50:24.0321 5228 elxstor - ok
11:50:24.0383 5228 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:50:24.0477 5228 EMDMgmt - ok
11:50:24.0508 5228 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:50:24.0539 5228 ErrDev - ok
11:50:24.0586 5228 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:50:24.0648 5228 EventSystem - ok
11:50:24.0695 5228 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:50:24.0742 5228 exfat - ok
11:50:24.0758 5228 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:50:24.0804 5228 fastfat - ok
11:50:24.0851 5228 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:50:24.0882 5228 fdc - ok
11:50:24.0914 5228 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:50:24.0960 5228 fdPHost - ok
11:50:24.0960 5228 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:50:25.0038 5228 FDResPub - ok
11:50:25.0070 5228 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:50:25.0101 5228 FileInfo - ok
11:50:25.0132 5228 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:50:25.0194 5228 Filetrace - ok
11:50:25.0210 5228 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:25.0257 5228 flpydisk - ok
11:50:25.0304 5228 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:50:25.0335 5228 FltMgr - ok
11:50:25.0397 5228 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:50:25.0460 5228 FontCache - ok
11:50:25.0538 5228 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:50:25.0553 5228 FontCache3.0.0.0 - ok
11:50:25.0584 5228 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
11:50:25.0616 5228 fssfltr - ok
11:50:25.0740 5228 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:50:25.0834 5228 fsssvc - ok
11:50:25.0928 5228 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
11:50:25.0943 5228 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
11:50:25.0943 5228 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
11:50:26.0006 5228 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:26.0037 5228 Fs_Rec - ok
11:50:26.0068 5228 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:50:26.0099 5228 gagp30kx - ok
11:50:26.0130 5228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:26.0146 5228 GEARAspiWDM - ok
11:50:26.0193 5228 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:50:26.0271 5228 gpsvc - ok
11:50:26.0318 5228 gupdate - ok
11:50:26.0349 5228 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
11:50:26.0380 5228 hamachi - ok
11:50:26.0380 5228 Hamachi2Svc - ok
11:50:26.0442 5228 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\Windows\system32\DRIVERS\gan_adapter.sys
11:50:26.0474 5228 hamachi_oem ( UnsignedFile.Multi.Generic ) - warning
11:50:26.0474 5228 hamachi_oem - detected UnsignedFile.Multi.Generic (1)
11:50:26.0505 5228 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:50:26.0567 5228 HdAudAddService - ok
11:50:26.0614 5228 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:50:26.0676 5228 HDAudBus - ok
11:50:26.0723 5228 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:50:26.0801 5228 HidBth - ok
11:50:26.0817 5228 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:50:26.0895 5228 HidIr - ok
11:50:26.0957 5228 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
11:50:26.0973 5228 hidserv - ok
11:50:27.0004 5228 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:50:27.0051 5228 HidUsb - ok
11:50:27.0098 5228 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:50:27.0160 5228 hkmsvc - ok
11:50:27.0191 5228 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:50:27.0207 5228 HpCISSs - ok
11:50:27.0254 5228 HPMo4DE3 (65b08c3a705e61e46f1b0da06112ea3b) C:\Windows\system32\DRIVERS\HPMo4DE3.sys
11:50:27.0300 5228 HPMo4DE3 - ok
11:50:27.0332 5228 HPub4DE3 (c8be79ab92f1032b3f30a1198825702f) C:\Windows\system32\Drivers\HPub4DE3.sys
11:50:27.0378 5228 HPub4DE3 - ok
11:50:27.0425 5228 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:50:27.0519 5228 HTTP - ok
11:50:27.0534 5228 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:50:27.0550 5228 i2omp - ok
11:50:27.0581 5228 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:50:27.0644 5228 i8042prt - ok
11:50:27.0722 5228 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
11:50:27.0846 5228 ialm - ok
11:50:27.0862 5228 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:50:27.0909 5228 iaStorV - ok
11:50:28.0002 5228 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:50:28.0065 5228 idsvc - ok
11:50:28.0080 5228 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:50:28.0112 5228 iirsp - ok
11:50:28.0174 5228 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:50:28.0221 5228 IKEEXT - ok
11:50:28.0236 5228 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:50:28.0268 5228 intelide - ok
11:50:28.0283 5228 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:28.0330 5228 intelppm - ok
11:50:28.0377 5228 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:50:28.0424 5228 IPBusEnum - ok
11:50:28.0439 5228 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:28.0470 5228 IpFilterDriver - ok
11:50:28.0517 5228 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:50:28.0564 5228 iphlpsvc - ok
11:50:28.0580 5228 IpInIp - ok
11:50:28.0611 5228 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:50:28.0658 5228 IPMIDRV - ok
11:50:28.0689 5228 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:50:28.0736 5228 IPNAT - ok
11:50:28.0814 5228 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
11:50:28.0860 5228 iPod Service - ok
11:50:28.0876 5228 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:50:28.0923 5228 IRENUM - ok
11:50:28.0938 5228 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:50:28.0954 5228 isapnp - ok
11:50:28.0985 5228 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:50:29.0016 5228 iScsiPrt - ok
11:50:29.0032 5228 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:50:29.0063 5228 iteatapi - ok
11:50:29.0094 5228 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:50:29.0110 5228 iteraid - ok
11:50:29.0126 5228 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:29.0157 5228 kbdclass - ok
11:50:29.0188 5228 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:50:29.0235 5228 kbdhid - ok
11:50:29.0266 5228 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:29.0297 5228 KeyIso - ok
11:50:29.0360 5228 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:50:29.0391 5228 KSecDD - ok
11:50:29.0438 5228 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:50:29.0516 5228 KtmRm - ok
11:50:29.0578 5228 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
11:50:29.0640 5228 LanmanServer - ok
11:50:29.0672 5228 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:50:29.0734 5228 LanmanWorkstation - ok
11:50:29.0765 5228 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:29.0828 5228 lltdio - ok
11:50:29.0874 5228 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:50:29.0921 5228 lltdsvc - ok
11:50:29.0952 5228 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:50:30.0030 5228 lmhosts - ok
11:50:30.0062 5228 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:50:30.0093 5228 LSI_FC - ok
11:50:30.0108 5228 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:50:30.0140 5228 LSI_SAS - ok
11:50:30.0155 5228 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:50:30.0186 5228 LSI_SCSI - ok
11:50:30.0202 5228 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:50:30.0249 5228 luafv - ok
11:50:30.0327 5228 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
11:50:30.0358 5228 McComponentHostService - ok
11:50:30.0389 5228 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:50:30.0420 5228 Mcx2Svc - ok
11:50:30.0452 5228 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:50:30.0467 5228 megasas - ok
11:50:30.0498 5228 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:50:30.0545 5228 MegaSR - ok
11:50:30.0576 5228 MHIKEY10 (3412a454fdf9f68341ab80f3ee79edab) C:\Windows\system32\Drivers\MHIKEY10.sys
11:50:30.0623 5228 MHIKEY10 - ok
11:50:30.0654 5228 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:50:30.0717 5228 MMCSS - ok
11:50:30.0748 5228 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:50:30.0795 5228 Modem - ok
11:50:30.0826 5228 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:50:30.0857 5228 monitor - ok
11:50:30.0904 5228 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:50:30.0920 5228 mouclass - ok
11:50:30.0935 5228 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:30.0982 5228 mouhid - ok
11:50:30.0998 5228 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:50:31.0029 5228 MountMgr - ok
11:50:31.0060 5228 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
11:50:31.0091 5228 MpFilter - ok
11:50:31.0122 5228 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:50:31.0154 5228 mpio - ok
11:50:31.0169 5228 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:50:31.0232 5228 mpsdrv - ok
11:50:31.0278 5228 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:50:31.0341 5228 MpsSvc - ok
11:50:31.0372 5228 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:50:31.0403 5228 Mraid35x - ok
11:50:31.0434 5228 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:50:31.0497 5228 MRxDAV - ok
11:50:31.0559 5228 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:31.0606 5228 mrxsmb - ok
11:50:31.0637 5228 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:31.0684 5228 mrxsmb10 - ok
11:50:31.0715 5228 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:31.0762 5228 mrxsmb20 - ok
11:50:31.0793 5228 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:50:31.0824 5228 msahci - ok
11:50:31.0840 5228 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:50:31.0871 5228 msdsm - ok
11:50:31.0918 5228 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:50:31.0980 5228 MSDTC - ok
11:50:32.0012 5228 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:50:32.0090 5228 Msfs - ok
11:50:32.0105 5228 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:50:32.0136 5228 msisadrv - ok
11:50:32.0168 5228 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:50:32.0230 5228 MSiSCSI - ok
11:50:32.0230 5228 msiserver - ok
11:50:32.0261 5228 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:32.0308 5228 MSKSSRV - ok
11:50:32.0370 5228 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:50:32.0402 5228 MsMpSvc - ok
11:50:32.0417 5228 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:32.0464 5228 MSPCLOCK - ok
11:50:32.0495 5228 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:50:32.0542 5228 MSPQM - ok
11:50:32.0589 5228 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:50:32.0620 5228 MsRPC - ok
11:50:32.0636 5228 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:50:32.0651 5228 mssmbios - ok
11:50:32.0698 5228 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:50:32.0729 5228 MSTEE - ok
11:50:32.0760 5228 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:50:32.0792 5228 Mup - ok
11:50:32.0854 5228 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:50:32.0885 5228 napagent - ok
11:50:32.0932 5228 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:32.0979 5228 NativeWifiP - ok
11:50:33.0026 5228 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:50:33.0072 5228 NDIS - ok
11:50:33.0104 5228 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:33.0150 5228 NdisTapi - ok
11:50:33.0182 5228 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:33.0228 5228 Ndisuio - ok
11:50:33.0244 5228 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:33.0291 5228 NdisWan - ok
11:50:33.0291 5228 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:50:33.0338 5228 NDProxy - ok
11:50:33.0338 5228 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:50:33.0400 5228 NetBIOS - ok
11:50:33.0478 5228 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:50:33.0509 5228 netbt - ok
11:50:33.0540 5228 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:33.0572 5228 Netlogon - ok
11:50:33.0618 5228 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:50:33.0681 5228 Netman - ok
11:50:33.0728 5228 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:50:33.0774 5228 netprofm - ok
11:50:33.0837 5228 netr28u (82023b2f0a5c0654d62ad0f1758a34b2) C:\Windows\system32\DRIVERS\netr28u.sys
11:50:33.0899 5228 netr28u - ok
11:50:33.0962 5228 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:50:33.0993 5228 NetTcpPortSharing - ok
11:50:34.0040 5228 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:50:34.0071 5228 nfrd960 - ok
11:50:34.0102 5228 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:50:34.0133 5228 NisDrv - ok
11:50:34.0211 5228 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
11:50:34.0242 5228 NisSrv - ok
11:50:34.0289 5228 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:50:34.0336 5228 NlaSvc - ok
11:50:34.0352 5228 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:50:34.0398 5228 Npfs - ok
11:50:34.0414 5228 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:50:34.0476 5228 nsi - ok
11:50:34.0508 5228 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:50:34.0554 5228 nsiproxy - ok
11:50:34.0617 5228 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:50:34.0679 5228 Ntfs - ok
11:50:34.0695 5228 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:50:34.0757 5228 ntrigdigi - ok
11:50:34.0788 5228 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:50:34.0820 5228 Null - ok
11:50:34.0898 5228 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
11:50:34.0944 5228 NVENETFD - ok
11:50:35.0397 5228 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:50:35.0849 5228 nvlddmkm - ok
11:50:35.0990 5228 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:50:36.0021 5228 nvraid - ok
11:50:36.0052 5228 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:50:36.0099 5228 nvstor - ok
11:50:36.0146 5228 nvsvc (70145ade9efe2ce296dd5fc761b4969b) C:\Windows\system32\nvvsvc.exe
11:50:36.0192 5228 nvsvc - ok
11:50:36.0348 5228 nvUpdatusService (d3acc38a963b71bd4d2dfdc1050219b9) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:50:36.0442 5228 nvUpdatusService - ok
11:50:36.0660 5228 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:50:36.0692 5228 nv_agp - ok
11:50:36.0692 5228 NwlnkFlt - ok
11:50:36.0707 5228 NwlnkFwd - ok
11:50:36.0785 5228 OAcat (7e78fdc006a530985ec64ae90a4fef44) C:\Program Files\Online Armor\OAcat.exe
11:50:36.0816 5228 OAcat - ok
11:50:36.0848 5228 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\Windows\system32\drivers\OADriver.sys
11:50:36.0863 5228 OADevice - ok
11:50:36.0879 5228 oahlpXX (f030e19809a764cae883050d2de42805) C:\Windows\system32\drivers\oahlp32.sys
11:50:36.0910 5228 oahlpXX - ok
11:50:36.0926 5228 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\Windows\system32\drivers\OAmon.sys
11:50:36.0941 5228 OAmon - ok
11:50:36.0988 5228 OAnet (caad419a9b9c1c1896071da1f1613e7e) C:\Windows\system32\DRIVERS\oanet.sys
11:50:37.0004 5228 OAnet - ok
11:50:37.0019 5228 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:50:37.0082 5228 ohci1394 - ok
11:50:37.0144 5228 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:37.0222 5228 p2pimsvc - ok
11:50:37.0238 5228 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:37.0269 5228 p2psvc - ok
11:50:37.0316 5228 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
11:50:37.0347 5228 Parport - ok
11:50:37.0378 5228 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:50:37.0394 5228 partmgr - ok
11:50:37.0409 5228 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
11:50:37.0472 5228 Parvdm - ok
11:50:37.0503 5228 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:50:37.0565 5228 PcaSvc - ok
11:50:37.0612 5228 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:50:37.0628 5228 pci - ok
11:50:37.0643 5228 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
11:50:37.0674 5228 pciide - ok
11:50:37.0706 5228 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:50:37.0737 5228 pcmcia - ok
11:50:37.0799 5228 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:50:37.0908 5228 PEAUTH - ok
11:50:38.0033 5228 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:50:38.0142 5228 pla - ok
11:50:38.0267 5228 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:50:38.0314 5228 PlugPlay - ok
11:50:38.0361 5228 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:38.0423 5228 PNRPAutoReg - ok
11:50:38.0439 5228 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:38.0486 5228 PNRPsvc - ok
11:50:38.0548 5228 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:50:38.0626 5228 PolicyAgent - ok
11:50:38.0704 5228 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:50:38.0735 5228 PptpMiniport - ok
11:50:38.0766 5228 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:50:38.0798 5228 Processor - ok
11:50:38.0829 5228 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:50:38.0876 5228 ProfSvc - ok
11:50:38.0891 5228 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:38.0922 5228 ProtectedStorage - ok
11:50:38.0938 5228 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:50:39.0000 5228 PSched - ok
11:50:39.0063 5228 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:50:39.0125 5228 ql2300 - ok
11:50:39.0141 5228 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:50:39.0172 5228 ql40xx - ok
11:50:39.0219 5228 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:50:39.0266 5228 QWAVE - ok
11:50:39.0297 5228 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:50:39.0312 5228 QWAVEdrv - ok
11:50:39.0406 5228 RalinkRegistryWriter (720fea3aaa15fe7e0beab10ac2e6d2b0) C:\Program Files\Ralink\Common\RaRegistry.exe
11:50:39.0437 5228 RalinkRegistryWriter - ok
11:50:39.0453 5228 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:50:39.0500 5228 RasAcd - ok
11:50:39.0531 5228 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:50:39.0578 5228 RasAuto - ok
11:50:39.0609 5228 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:50:39.0656 5228 Rasl2tp - ok
11:50:39.0702 5228 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:50:39.0749 5228 RasMan - ok
11:50:39.0796 5228 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:50:39.0827 5228 RasPppoe - ok
11:50:39.0843 5228 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:50:39.0874 5228 RasSstp - ok
11:50:39.0890 5228 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:50:39.0952 5228 rdbss - ok
11:50:39.0983 5228 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:50:40.0046 5228 RDPCDD - ok
11:50:40.0108 5228 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:50:40.0155 5228 rdpdr - ok
11:50:40.0170 5228 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:50:40.0217 5228 RDPENCDD - ok
11:50:40.0264 5228 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
11:50:40.0326 5228 RDPWD - ok
11:50:40.0373 5228 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:50:40.0404 5228 RemoteAccess - ok
11:50:40.0451 5228 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:50:40.0498 5228 RemoteRegistry - ok
11:50:40.0529 5228 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:50:40.0576 5228 RpcLocator - ok
11:50:40.0623 5228 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:50:40.0670 5228 RpcSs - ok
11:50:40.0701 5228 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:50:40.0763 5228 rspndr - ok
11:50:40.0794 5228 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
11:50:40.0872 5228 RTL8023xp - ok
11:50:40.0904 5228 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:40.0919 5228 SamSs - ok
11:50:40.0950 5228 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:50:40.0982 5228 sbp2port - ok
11:50:41.0013 5228 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:50:41.0044 5228 SCardSvr - ok
11:50:41.0106 5228 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:50:41.0169 5228 Schedule - ok
11:50:41.0200 5228 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:50:41.0231 5228 SCPolicySvc - ok
11:50:41.0262 5228 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:50:41.0325 5228 SDRSVC - ok
11:50:41.0340 5228 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:50:41.0418 5228 secdrv - ok
11:50:41.0450 5228 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:50:41.0481 5228 seclogon - ok
11:50:41.0512 5228 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:50:41.0543 5228 SENS - ok
11:50:41.0590 5228 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
11:50:41.0621 5228 Serenum - ok
11:50:41.0637 5228 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
11:50:41.0684 5228 Serial - ok
11:50:41.0715 5228 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:50:41.0762 5228 sermouse - ok
11:50:41.0824 5228 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:50:41.0871 5228 SessionEnv - ok
11:50:41.0886 5228 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:50:41.0933 5228 sffdisk - ok
11:50:41.0949 5228 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:50:41.0996 5228 sffp_mmc - ok
11:50:42.0027 5228 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:50:42.0089 5228 sffp_sd - ok
11:50:42.0120 5228 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:50:42.0198 5228 sfloppy - ok
11:50:42.0245 5228 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:50:42.0292 5228 SharedAccess - ok
11:50:42.0354 5228 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:50:42.0386 5228 ShellHWDetection - ok
11:50:42.0432 5228 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:50:42.0448 5228 sisagp - ok
11:50:42.0464 5228 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:50:42.0495 5228 SiSRaid2 - ok
11:50:42.0526 5228 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:50:42.0557 5228 SiSRaid4 - ok
11:50:42.0713 5228 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:50:42.0822 5228 slsvc - ok
11:50:42.0947 5228 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:50:42.0978 5228 SLUINotify - ok
11:50:43.0041 5228 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:50:43.0088 5228 Smb - ok
11:50:43.0134 5228 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:50:43.0166 5228 SNMPTRAP - ok
11:50:43.0181 5228 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:50:43.0212 5228 spldr - ok
11:50:43.0244 5228 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:50:43.0322 5228 Spooler - ok
11:50:43.0368 5228 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:50:43.0431 5228 srv - ok
11:50:43.0462 5228 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:50:43.0509 5228 srv2 - ok
11:50:43.0524 5228 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:50:43.0571 5228 srvnet - ok
11:50:43.0634 5228 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:50:43.0680 5228 SSDPSRV - ok
11:50:43.0712 5228 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:50:43.0727 5228 ssmdrv - ok
11:50:43.0758 5228 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:50:43.0790 5228 SstpSvc - ok
11:50:43.0852 5228 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:50:43.0883 5228 stisvc - ok
11:50:44.0117 5228 SvcOnlineArmor (c77af946a744c36277b9109884ecb3d8) C:\Program Files\Online Armor\oasrv.exe
11:50:44.0273 5228 SvcOnlineArmor - ok
11:50:44.0445 5228 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:50:44.0476 5228 swenum - ok
11:50:44.0523 5228 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:50:44.0585 5228 swprv - ok
11:50:44.0616 5228 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:50:44.0648 5228 Symc8xx - ok
11:50:44.0648 5228 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:50:44.0682 5228 Sym_hi - ok
11:50:44.0697 5228 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:50:44.0729 5228 Sym_u3 - ok
11:50:44.0791 5228 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:50:44.0869 5228 SysMain - ok
11:50:44.0900 5228 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:50:44.0931 5228 TabletInputService - ok
11:50:44.0978 5228 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:50:45.0041 5228 TapiSrv - ok
11:50:45.0072 5228 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:50:45.0119 5228 TBS - ok
11:50:45.0181 5228 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
11:50:45.0228 5228 Tcpip - ok
11:50:45.0259 5228 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
11:50:45.0321 5228 Tcpip6 - ok
11:50:45.0368 5228 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
11:50:45.0431 5228 tcpipreg - ok
11:50:45.0462 5228 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:50:45.0493 5228 TDPIPE - ok
11:50:45.0524 5228 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:50:45.0555 5228 TDTCP - ok
11:50:45.0602 5228 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:50:45.0649 5228 tdx - ok
11:50:45.0680 5228 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:50:45.0696 5228 TermDD - ok
11:50:45.0743 5228 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:50:45.0836 5228 TermService - ok
11:50:45.0883 5228 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:50:45.0914 5228 Themes - ok
11:50:45.0945 5228 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:50:45.0992 5228 THREADORDER - ok
11:50:46.0039 5228 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:50:46.0101 5228 TrkWks - ok
11:50:46.0164 5228 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:50:46.0211 5228 TrustedInstaller - ok
11:50:46.0257 5228 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:46.0304 5228 tssecsrv - ok
11:50:46.0335 5228 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:50:46.0382 5228 tunmp - ok
11:50:46.0398 5228 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:50:46.0429 5228 tunnel - ok
11:50:46.0445 5228 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:50:46.0476 5228 uagp35 - ok
11:50:46.0523 5228 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:50:46.0554 5228 udfs - ok
11:50:46.0601 5228 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:50:46.0647 5228 UI0Detect - ok
11:50:46.0741 5228 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:50:46.0772 5228 uliagpkx - ok
11:50:46.0803 5228 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:50:46.0835 5228 uliahci - ok
11:50:46.0866 5228 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:50:46.0881 5228 UlSata - ok
11:50:46.0928 5228 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:50:46.0944 5228 ulsata2 - ok
11:50:46.0975 5228 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:50:47.0037 5228 umbus - ok
11:50:47.0084 5228 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:50:47.0147 5228 upnphost - ok
11:50:47.0193 5228 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:50:47.0225 5228 USBAAPL - ok
11:50:47.0256 5228 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
11:50:47.0303 5228 usbaudio - ok
11:50:47.0349 5228 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:47.0412 5228 usbccgp - ok
11:50:47.0443 5228 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:50:47.0521 5228 usbcir - ok
11:50:47.0552 5228 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:50:47.0583 5228 usbehci - ok
11:50:47.0599 5228 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:50:47.0661 5228 usbhub - ok
11:50:47.0693 5228 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
11:50:47.0708 5228 USBIO ( UnsignedFile.Multi.Generic ) - warning
11:50:47.0708 5228 USBIO - detected UnsignedFile.Multi.Generic (1)
11:50:47.0724 5228 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
11:50:47.0771 5228 usbohci - ok
11:50:47.0817 5228 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:50:47.0864 5228 usbprint - ok
11:50:47.0895 5228 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:50:47.0927 5228 usbscan - ok
11:50:47.0958 5228 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:48.0020 5228 USBSTOR - ok
11:50:48.0067 5228 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:48.0129 5228 usbuhci - ok
11:50:48.0176 5228 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:50:48.0239 5228 usbvideo - ok
11:50:48.0270 5228 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:50:48.0317 5228 UxSms - ok
11:50:48.0363 5228 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:50:48.0410 5228 vds - ok
11:50:48.0426 5228 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:48.0473 5228 vga - ok
11:50:48.0504 5228 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:50:48.0566 5228 VgaSave - ok
11:50:48.0597 5228 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:50:48.0613 5228 viaagp - ok
11:50:48.0644 5228 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:50:48.0691 5228 ViaC7 - ok
11:50:48.0707 5228 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:50:48.0738 5228 viaide - ok
11:50:48.0753 5228 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:50:48.0785 5228 volmgr - ok
11:50:48.0816 5228 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:50:48.0847 5228 volmgrx - ok
11:50:48.0878 5228 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:50:48.0909 5228 volsnap - ok
11:50:48.0941 5228 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:50:48.0972 5228 vsmraid - ok
11:50:49.0050 5228 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:50:49.0128 5228 VSS - ok
11:50:49.0159 5228 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:50:49.0206 5228 W32Time - ok
11:50:49.0284 5228 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:50:49.0346 5228 WacomPen - ok
11:50:49.0362 5228 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:49.0393 5228 Wanarp - ok
11:50:49.0409 5228 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:50:49.0440 5228 Wanarpv6 - ok
11:50:49.0487 5228 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:50:49.0518 5228 wcncsvc - ok
11:50:49.0549 5228 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:50:49.0580 5228 WcsPlugInService - ok
11:50:49.0611 5228 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:50:49.0627 5228 Wd - ok
11:50:49.0674 5228 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:50:49.0721 5228 Wdf01000 - ok
11:50:49.0752 5228 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:50:49.0783 5228 WdiServiceHost - ok
11:50:49.0799 5228 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:50:49.0845 5228 WdiSystemHost - ok
11:50:49.0892 5228 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:50:49.0939 5228 WebClient - ok
11:50:49.0986 5228 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:50:50.0064 5228 Wecsvc - ok
11:50:50.0111 5228 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:50:50.0173 5228 wercplsupport - ok
11:50:50.0220 5228 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:50:50.0251 5228 WerSvc - ok
11:50:50.0329 5228 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:50:50.0360 5228 WinDefend - ok
11:50:50.0376 5228 WinHttpAutoProxySvc - ok
11:50:50.0423 5228 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:50:50.0454 5228 Winmgmt - ok
11:50:50.0532 5228 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:50:50.0610 5228 WinRM - ok
11:50:50.0703 5228 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:50:50.0781 5228 Wlansvc - ok
11:50:50.0844 5228 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:50:50.0875 5228 wlcrasvc - ok
11:50:50.0984 5228 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:50:51.0062 5228 wlidsvc - ok
11:50:51.0218 5228 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:50:51.0249 5228 WmiAcpi - ok
11:50:51.0312 5228 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:50:51.0359 5228 wmiApSrv - ok
11:50:51.0452 5228 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:51.0530 5228 WMPNetworkSvc - ok
11:50:51.0561 5228 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:50:51.0608 5228 WPCSvc - ok
11:50:51.0639 5228 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:50:51.0686 5228 WPDBusEnum - ok
11:50:51.0749 5228 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:50:51.0795 5228 WpdUsb - ok
11:50:51.0905 5228 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:50:51.0951 5228 WPFFontCache_v0400 - ok
11:50:51.0998 5228 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:50:52.0045 5228 ws2ifsl - ok
11:50:52.0092 5228 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
11:50:52.0123 5228 wscsvc - ok
11:50:52.0154 5228 WSearch - ok
11:50:52.0279 5228 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:50:52.0357 5228 wuauserv - ok
11:50:52.0482 5228 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:52.0544 5228 WUDFRd - ok
11:50:52.0575 5228 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:50:52.0622 5228 wudfsvc - ok
11:50:52.0700 5228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:50:52.0919 5228 \Device\Harddisk0\DR0 - ok
11:50:52.0919 5228 Boot (0x1200) (f402dbd6223d80294d40e5e386a65a35) \Device\Harddisk0\DR0\Partition0
11:50:52.0934 5228 \Device\Harddisk0\DR0\Partition0 - ok
11:50:52.0965 5228 Boot (0x1200) (646a42ca53145efd869b23b64ff7c1e6) \Device\Harddisk0\DR0\Partition1
11:50:52.0965 5228 \Device\Harddisk0\DR0\Partition1 - ok
11:50:52.0965 5228 ============================================================
11:50:52.0965 5228 Scan finished
11:50:52.0965 5228 ============================================================
11:50:52.0981 5812 Detected object count: 4
11:50:52.0981 5812 Actual detected object count: 4
11:54:02.0672 5812 AFS ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:02.0672 5812 AFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:02.0672 5812 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:02.0672 5812 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:02.0672 5812 hamachi_oem ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:02.0672 5812 hamachi_oem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:02.0688 5812 USBIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:02.0688 5812 USBIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.06.2012, 15:49
| #29 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.06.2012, 14:24
| #30 |
| | Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz Entschuldige ich war vereist habe das jetzt gemacht es lief alles ohne probleme ab hier is der Log Code:
ATTFilter ComboFix 12-06-16.02 - Babshuhn 17.06.2012 15:07:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2815.1918 [GMT 2:00]
ausgeführt von:: C:\Users\Babshuhn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
|
|
| Themen zu Weißer Bildschirm steht drauf verbindung wird geladen danach schwarz |
| abgesicherte, abgesicherten, anmelden, bildschirm, brenner, computer, computern, eingefangen, experte, experten, forum, gefangen, geladen, gen, großes, klasse, melde, melden, modus, problem, schwarz, starte, verbindung, virus, vista, weißer, weißer bildschirm trojaner verbindung wird hergestellt |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
