| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Befall vom VerschluesselungstrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.06.2012, 20:49
| #1 |
 |  Befall vom Verschluesselungstrojaner Hallo, Gestern habe ich mir den Verschluesselungstrojaer eingefangen. Ich erhielt eine email mit dem Betreff "Konto Einzug für den Benutzer -nik84-" von dem Absender "patrick_kenney@cox.net" und folgendem Inhalt: Lieber Kunde -nik84-, wir müssten leider feststellen, dass unsere Rechnung Nummer: 57472019 für den Nutzer -nik84- immer noch nicht ausgeglichen wurde. Dies bedeutet einen rechtskräftigen Schuldnerverzug Ihrerseits. Nach deutschen Recht könnten wir die offenen Rechnungen bereits jetzt durch Rechtsanwalt fordern. Wir geben Ihnen trotzdem noch eine letzte Möglichkeit, Ihre Verpflichtung zu erfüllen, indem Sie innerhalb von 3 Tagen die ausstehende Rechnung in Grösse von 682.00 EURO an uns zahlen. Die Dienste und die Rechnung können Sie im Zusatzordner sehen. Bitte beachten Sie, die Folgen des Verzugs bestehen vor allem in der Regresspflicht des Schuldners sowie in einer verschärften Haftung. www.flirt-fever.de AG mit Sitz in München Geschäftsführer: Manfred Baumgartner, Elisabeth Huber Gericht: Keiserslautern ------------------------------------------------------ Anmkerung zu dieser E-mail: -nik84- ist ein Benuzternamen den ich mir vor ca 6Jahren auf einem unentgeldlichen Chatting- oder Datingportal gegeben hatte. Ich habe diesen Account nie aktiv genutzt. Im Anhang dieser E-mail war eine 68KB große ZIP Datei mit dem Namen "Mahnbescheid" die ich entpackte und deren Inhalt (eine Datei die irgend etwas mit Mahnung hiess und eine MS-DOS Anwendung war) ich ausführte. Es erschien eine Sanduhr fuer vll. 2 Sekunden. Daraufhin verschwan die Datei und der Ordner blieb leer. Ich entpackte daraufhin erneut die ZIP-Datei und fuehrte die MS-DOS Anwendung erneut aus. Sie verschwand erneut nach ca 2 Sekunden. Ich verliess den Raum und als ich wenig später wieder in der Nähe meines Computers war sah ich das er sich neu gestartet hatte. Ich logte mich über mein Fingerprint-Scan ein und erhielt die oben abgebildete Meldung und hatte kein Zugang mehr auf mein Desktop. Nach sporadischer Recherche im Internet(anderer Rechner) wollte ich schauen ob ich mich über einen Anderen Benutzer anmelden konnte und benutzte Strg/Alt/Entf um in den Taskmanager zu gelangen. Nun wählte ich Benutzer Abmeldet, der Bildschirm mit der Trojanermeldung wurde geschlossen und ich landete auf meinem Desktop, wo ich entscheiden musste ob ich die Beendigung eines Programmes erzwingen wollte oder eben nicht. Da ich zu diesem Zeitpunkt zumindest wieder auf meinem Desktop angelangt war verneinte ich und führte eine Systemwiederherstellung vom Vortag aus, in der Hoffnung dadurch permanent von dieser Scamsoftware befreit zu sein. Nachdem der Rechner neu gestartet wurde konnte ich tatsächlich wieder wie gewohnt auf mein Computer zugreifen und habe keine Trojaner-Meldung mehr erhalten. Da ich den Computer beruflich nutze und Angst vor einem keylogger habe, hatte ich den Rechner zwar noch einige Stunden an gehabt(mit aktiver Internetleitung), mich jedoch weder in mein email-Account oder Skype-Account eingeloggt, noch wichtige passwörter verwendet. Zu dem Zeitpunkt des Ausfürhens der MS-DOS Anwendung war jedoch ein Passwort-Verwaltungsprogramm geöffnet, das alle wichtigen Passwörter von mir auf dem Desktop angezeigt hat. Ebenso war ich zu diesem Zeutpunkt noch in mein Email-Account eingeloggt. Nachdem ein Freund mich auf dieses Forum aufmerksam gemacht hat habe ich den Rechner nach ca 15 Minuetiger Benutzung beendet und erst nach Trennung unseres Routers wieder gestartet. Ich habe ihm offline Modus "defogger" und "OTL" ausgefuehrt. Da ich ein 64Bit Windows benutze habe ich den GMER scan nicht ausgefuehrt. Ergebnisse von defogger und OTL: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:28 on 02/06/2012 (User) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL.txt: OTL logfile created on: 02.06.2012 19:29:14 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free 31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon) SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV) SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422 IE - HKCU\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M] [2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions [2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml [2012.06.01 00:24:10 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml [2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml [2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml [2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml [2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml [2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml [2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml [2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml [2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml [2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml [2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI [2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F0A312B-EF89-4A51-A9AA-2C243587594D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition [2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition [2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker [2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.06.02 19:16:05 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.02 19:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.02 18:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 18:46:49 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 18:39:26 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys [2012.06.02 18:36:56 | 000,149,694 | ---- | M] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe [2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.02 03:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 21:10:41 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk [2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.20 21:06:31 | 001,165,937 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3 [2012.05.20 21:06:31 | 001,132,865 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3 [2012.05.20 21:06:31 | 000,915,765 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3 [2012.05.20 21:06:30 | 000,810,517 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3 [2012.05.20 21:06:30 | 000,675,707 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3 [2012.05.20 21:06:29 | 000,756,489 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3 [2012.05.20 21:06:29 | 000,647,055 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3 [2012.05.20 21:06:29 | 000,585,643 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3 [2012.05.20 21:06:29 | 000,340,931 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3 [2012.05.20 21:06:28 | 000,427,225 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3 [2012.05.20 21:06:27 | 000,389,629 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3 [2012.05.20 21:06:26 | 000,319,117 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3 [2012.05.20 21:06:26 | 000,287,137 | ---- | M] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3 [2012.05.20 20:59:10 | 000,445,555 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3 [2012.05.20 20:59:08 | 000,554,651 | ---- | M] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3 [2012.05.20 20:59:07 | 000,510,035 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3 [2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 21:54:38 | 001,061,625 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3 [2012.05.15 21:54:37 | 002,391,629 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3 [2012.05.15 21:54:34 | 000,761,585 | ---- | M] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3 [2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.13 07:03:28 | 004,299,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.13 07:03:28 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.05.13 07:03:28 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.05.13 07:03:28 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.05.13 07:03:28 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.13 07:03:28 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.13 07:03:28 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.05.13 07:03:28 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.05.13 07:03:28 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.13 07:03:28 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.05.13 07:03:28 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.13 06:55:46 | 1018,430,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.06.02 19:24:54 | 000,149,694 | ---- | C] () -- C:\Users\User\Desktop\DecryptHelper-0.5.3.exe [2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.20 21:06:21 | 001,165,937 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 04.mp3 [2012.05.20 21:06:21 | 001,132,865 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 03.mp3 [2012.05.20 21:06:21 | 000,915,765 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 09.mp3 [2012.05.20 21:06:21 | 000,810,517 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 05.mp3 [2012.05.20 21:06:21 | 000,756,489 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 04.mp3 [2012.05.20 21:06:21 | 000,675,707 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 06.mp3 [2012.05.20 21:06:21 | 000,647,055 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 01.mp3 [2012.05.20 21:06:21 | 000,585,643 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 03.mp3 [2012.05.20 21:06:21 | 000,427,225 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 11.mp3 [2012.05.20 21:06:21 | 000,389,629 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 10.mp3 [2012.05.20 21:06:21 | 000,340,931 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 08.mp3 [2012.05.20 21:06:21 | 000,319,117 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 07.mp3 [2012.05.20 21:06:21 | 000,287,137 | ---- | C] () -- C:\Users\User\Desktop\CD 4 - Track 02.mp3 [2012.05.20 20:59:08 | 000,445,555 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 02.mp3 [2012.05.20 20:59:06 | 000,554,651 | ---- | C] () -- C:\Users\User\Desktop\CD 3 - Track 01.mp3 [2012.05.20 20:59:03 | 000,510,035 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 05.mp3 [2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa [2012.05.15 21:54:35 | 001,061,625 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 03.mp3 [2012.05.15 21:54:33 | 000,761,585 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 02.mp3 [2012.05.15 21:54:31 | 002,391,629 | ---- | C] () -- C:\Users\User\Desktop\CD 2 - Track 01.mp3 [2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat [2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3} [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe [2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign ========== LOP Check ========== [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID < End of report > Extas.txt: OTL Extras logfile created on: 02.06.2012 19:29:14 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,90 Gb Available Physical Memory | 87,25% Memory free 31,86 Gb Paging File | 29,57 Gb Available in Paging File | 92,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 163,34 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,31 Mb Free Space | 98,92% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05AF378E-58DA-4C1D-AABC-E01331FDCBC4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{086F6C41-78B5-4829-9699-344B0056F02D}" = lport=5432 | protocol=6 | dir=in | name=postgres | "{08EE115C-4673-46E3-850D-1D6C9C3D5C9E}" = lport=139 | protocol=6 | dir=in | app=system | "{1813A6EE-2B15-41D9-B851-936D684F9C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2027F87A-D083-46FC-938F-7BC73BFECF8D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{20F01804-3606-452C-83F6-95441A329209}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2CE2DD8B-6BC0-4D6C-B049-76B8750B1EC8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3694FC4B-6838-4C54-8538-0B041E6A6ADB}" = lport=137 | protocol=17 | dir=in | app=system | "{36BB01D4-AFF9-4434-ABCB-2025E85B145D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AF0AE3B-DD91-4958-86FD-87E5BEAF90F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3D29DAF9-9B46-48F9-BCB3-22C78D5541CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{481CDD78-669E-4847-953A-A580F4538655}" = lport=57650 | protocol=6 | dir=in | name=pando media booster | "{559D407D-0356-4748-A8E3-5A4760601087}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{616BFA03-8A6C-4AA4-87E7-02FB451F02C1}" = lport=445 | protocol=6 | dir=in | app=system | "{660D153B-7E42-40CB-830F-DE200534D0C3}" = rport=139 | protocol=6 | dir=out | app=system | "{691ED685-B255-4769-BE60-2A33258F2343}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6B86E04B-BCDB-41BA-924B-4AC46E56D300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{71F9ADA8-8147-47A2-A298-BD5DC0D02E53}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{732AC519-B451-40CC-864D-DC21C5ADADB0}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | "{744E38AB-F1BE-4716-840D-601E4A74BAD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{763C9631-F514-44F5-80D4-1658C6EBBA84}" = lport=57650 | protocol=17 | dir=in | name=pando media booster | "{7B1FF991-4893-48AA-8DB8-9FA77A93122B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B64A13B-7B06-414D-AFB0-0BF786F8CE7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E6387CA-1298-42F6-9ABF-B60D865DC1A9}" = lport=57650 | protocol=6 | dir=in | name=pando media booster | "{8426EAEA-DECA-4742-835D-C2C78D0E0696}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | "{935CFF0E-BBCF-4EB3-8FA7-3719D7B603E4}" = rport=137 | protocol=17 | dir=out | app=system | "{943BDF35-4272-4052-999C-006BBB172401}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94CE8610-71A2-4662-B847-E25100718209}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97181B7B-B290-4596-B458-5156D42EB7D3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9882F307-8EF6-4C5E-96B9-01905683F354}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{991C81D9-9912-4828-84F6-C4B94BDA53E6}" = lport=57650 | protocol=17 | dir=in | name=pando media booster | "{9C9A6DB3-DFD2-44B3-A476-A208FEC11D85}" = rport=138 | protocol=17 | dir=out | app=system | "{A2E7F08B-7E12-424F-9694-6A8145EAC548}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A4AD938C-E152-421B-9187-465EB42C530A}" = lport=2869 | protocol=6 | dir=in | app=system | "{AFDE1E94-08B0-4B7D-8F48-16B5CAE10959}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CBB6F7CA-9AB1-440A-8CC2-785CCFE1F2B8}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | "{D14C4A09-95E2-434A-88E6-34CA07E4B08F}" = lport=138 | protocol=17 | dir=in | app=system | "{EECBE44C-0950-4364-9BEC-B32961C98DCF}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | "{F47417AF-6467-494C-A9E9-9275DB4F9E8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5609390-DC8B-47E8-BBC5-61E4DABE576E}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002AE74B-95DA-4E33-9FBA-21E6EBAE1A24}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{041B46B0-6687-479E-91E0-96D03F025573}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{055ADDF2-3AD7-44FE-8E78-FCF913182568}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{05E34EB4-3E9F-4A20-9CD4-1D28C1ADD069}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe | "{0C8F0003-0840-4100-A431-4CE783382E94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{0D7C608F-4BDF-4AC4-B85B-C2240583E6A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{0D8A7159-CBA8-4EF3-8543-8A402BD2AD59}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{0E3E9CC9-17CA-48B9-AAD8-33C41157DDF1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0EA201EF-6C8F-4AC3-9337-51D858AD6BC3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{0F8E1313-CDD3-4412-9B00-8D64D5250036}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{11351A9B-2E98-40BA-B3D4-8C63444AC999}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{127384A4-61E0-4BD0-8C2A-7A96ED0CE886}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{1485E5BB-A00A-4EF7-B3F2-3898F54D04AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{155F2E5D-AE87-4E9B-B5EA-E5C2AC47AB59}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{17539821-7B27-423F-889A-CBFA4E568797}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{1774B384-DCDC-4C99-A25F-8085271E377A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{1F6BE095-ABC4-4DD7-80F4-1B0975BC4A36}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{1F98B8BE-62B6-41EC-B569-E92109193306}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | "{202CFA8B-005C-4134-83F4-A9F12AB5B2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{21A48DDF-D534-4B86-8FED-52F533F6523E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{22006BC6-A84F-4292-9509-EC2116AC7C7D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23A3B85F-BAB9-44C8-B999-E789C97D4AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{26804569-FAE1-4954-80C9-B8E6BDC20AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{296A504D-CF9E-4A43-AEA8-B63173134BFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2A402D4A-ED68-4B44-A562-A83272033A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{2AA40DBF-D739-4AB5-A341-BAAD2176B3EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{2AB5E87F-3322-4A91-ABD2-2548947BC44E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{2CDA3A20-FB85-482C-A456-80506FF49E46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{300F073B-1037-436D-B77F-DCFF5B0EBDC8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{3128A5C1-027E-42D6-9A9B-7F92435507F5}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | "{31839750-813B-4A16-90D4-8C9090800821}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{333608A6-4998-4757-9C4B-8B1CE51F6642}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe | "{36F5972C-7A02-4893-94B4-A00CCE4C7CB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{380321B4-FA5D-4E96-96F8-7B7288B00262}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{38EF4908-3FF7-4492-BDD1-C511F3B9D0C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{3ACFF160-A210-4D17-87D1-1745BA6F2A44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{3BAA2035-BF2C-4620-9A64-D64197B872EA}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "{3FCE8DD7-CBD6-4946-8E51-72ED035ECB73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{401C243C-BBB9-4A66-9BB7-BCA55ED770F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "{40A57FB8-3683-4ADD-AFC3-6066E1D84053}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{45A90FB3-20B9-4048-AC90-642750E53785}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{47255028-E7CA-42B9-A5FC-782A00DCD4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{4C96129C-8F4E-438C-A602-B108260F8361}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "{54373459-0BE6-45D0-BEDA-DB32BC0985B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{549F1601-2363-4987-8AF2-DEA9191ECACF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{575B3BDC-D995-4BA8-8989-315E2062B1F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5904CD96-BC7A-4844-9B1E-3B67B18E395F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "{596BBAFB-4FB5-49BD-9BD0-11EC8B821E09}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe | "{5A21C336-4A27-402B-B596-2389E1B2A80E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | "{5DC1BD7B-0DA6-4F5D-85A9-7941966C5F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{5DDF8EB3-08F4-477E-8543-320C080C2998}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5F57AE70-1022-415F-8E7C-874C22348622}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{61898376-5E9F-49DD-AC4C-32444DB6DCAD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{63508F75-3332-4396-9603-096CA049205C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{6B38F23F-17D5-491D-97DC-93663816F9A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BBF4ADA-295B-46B7-A5F8-E6840EE1EFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{6CA39B31-4A28-4681-BA63-98F80EDDFCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{6F117D7E-66F5-4C16-8A90-EAD040D63F62}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{718D3EAC-3D33-4089-A023-650A52366BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "{71A7673E-DC79-4DD1-AB74-D497EEAE66C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{71BEF318-E98B-46C5-9CDE-F40D69EC3A54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{7368B78E-B35E-421E-95EA-6ACEDDCE2FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{7435C04B-5F8F-4745-BF07-88722802F189}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | "{7541E88C-083C-478A-A15F-E7CE2222C06C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{786CD85D-5AAF-4526-BA0F-58122762B0C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{79D2FB5D-5749-4A74-BC09-82E63B8A0FC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{7AB7680D-8D3E-4FDB-ABC8-ED3856ABB302}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7E69F7EB-3A2F-4F94-BD95-9ACECCC42D35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{7E7EC802-986B-4E46-AD31-73EEBDC747E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7FD68369-6491-4388-9519-450D4B6E17D7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{80C540B1-C1A4-41C7-B942-F8240F073539}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{814D5585-14AA-4BF2-BCD8-B9BD361434AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{821198EB-EB4E-470D-A6A9-5B0E7CA5BA4B}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe | "{86241B6D-E93A-4515-8444-D6FFB5294747}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{86FDD8DD-C790-426C-AA50-7166C1052918}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{8708EE70-2F9D-4025-BB00-26923467F0CE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{874D108C-24E8-46AC-BFB7-A3023EE9084A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{887C0542-95DF-4128-B450-1ABAECE3AA9F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{8917EFF4-4F8E-4F5E-B4CB-C2BB177BC157}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{8A5A24B5-EB07-4FA3-A1FC-6C93100AA47B}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe | "{8ABB38AC-7607-479E-A81A-5A1973D92871}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{8B8C71FB-97DC-413E-B8C2-779387A85A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8CAFA1E3-5581-4B7A-AA3D-44D36D4D7668}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{903374FF-56D5-406D-8908-149BC2E02AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{9368C4FD-5063-4D36-9887-DA50017AE506}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{94FC4389-6093-471D-851D-C440598A4405}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv\civilization4.exe | "{9A2EB4DC-4F47-4E66-B166-D3CDBA3A15EF}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{9D31BDA9-BBF2-41E2-8E3B-AE917D814C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9EEA38F8-1106-42B7-8FC6-03594FE4554D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{A189866B-2DED-4FF8-95F7-C659A7388005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A2FF59B7-5F5D-4E37-ACD9-C4419B629E66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{A330685D-B34D-426F-B314-DBC5D6DDDA57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{A425DE0D-F62B-45CA-B37B-F7841DE45B7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{A6561FC7-0C13-4831-8C7A-537B5E6A2F46}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{A6A79BB4-E2FF-4551-889E-FD6ED1CA983E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A7C70E8B-3F81-41C0-9BAB-3993B35B363A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A8EEE20D-D6EB-4F62-8252-BDB3C3E090A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AB27D25B-22FA-48FF-94C2-05AC91F077C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{AC2D269F-31FC-42AA-A151-F2E6C7C7F9DB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{ACE9E015-4409-401A-BD2F-BEE0640D525C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\addon.exe | "{AF94144B-89F1-4493-92EB-E5A76FCCD09F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{AFEC0135-76E5-4E95-8EB7-711FDF8805AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B2621A31-2EB0-400C-820B-D08169CF0742}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{B3D97759-BB7E-4A30-8CD7-D0FEE4F0EE3A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{B461C89F-7C64-46FE-B56D-C2ACC88CFC0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B8F7935D-58D9-4A39-9CB7-73A381325DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\anno4.exe | "{BBABD334-96DA-4A77-8592-C42182EA30BC}" = protocol=6 | dir=out | app=system | "{BC45E590-ED82-4E2C-B3E3-2A6AE2E06F5F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | "{BE730B1E-A7C5-4D29-A414-FCFBF6A1DF6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{BFD1B1AA-66C2-440D-BD86-1FE9A317A598}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "{C489C08D-3253-4C22-928A-D3895A1E78FB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | "{C973167C-85E3-4141-BFFD-31FC39330B58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{CA4E3DC3-0002-4005-97E8-935A910729E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{CCB1D667-8312-4ECE-A06B-1FCBD7953931}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm | "{D0DE7BDF-941F-4753-84E9-6FE4A8053893}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iv beyond the sword\beyond the sword\civ4beyondsword.exe | "{D18A3FA1-B89E-43CB-BD9A-FCC5D8AF314D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{D26DFDA4-4697-4900-AA6F-6CB00458DB7D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\docs\ea help\electronic_arts_technical_support.htm | "{D2DF29B9-5B93-4270-87ED-2D3B531CDD0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{D46804ED-2CB0-4489-8937-61D2D81ECEE2}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{D5EB984F-92F9-4C59-96D9-9C4609E98998}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe | "{D8824366-7460-42EC-9796-C2D4D3B6C5C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D9DBFA53-382D-4F3F-B3B6-6232A4DD127C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DB2AF529-A4A7-4FB2-B763-DD9CEE64DBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe | "{DC403AFE-E855-44D1-ABE0-F248B0698C3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | "{E111B8CE-054F-42F3-ADE4-C0B176B43389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{E11566CF-84C9-45CA-836E-7D11008A8968}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{E248F161-04C0-43B8-A0DF-013EB06FD80F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E53AADDB-3B5B-4EAB-A1D3-927B9984A10D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{E5D88093-3116-4D8C-9C06-B58C612E99FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{E6630ADD-A8DA-47EB-9D1E-B23F076AAA88}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | "{E6E8794A-DC2E-4A21-BE35-649227B69F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "{E82D6E7A-1A1E-4299-9BFC-7C1DC88FB464}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E92E33C1-98E6-43E3-A669-8E07935B2EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | "{EC7472C6-8EE0-4C68-A5B6-49FE588443AC}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe | "{ECA1E7F2-C466-47BA-962B-370419AD23ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe | "{ECD12CC1-AF56-4448-B10F-2DFAB9049E68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "{F2EA84C8-E953-4E95-80B2-C36273823846}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F88E448E-4E9C-42F8-ADE5-569E7D3F5536}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB41C12A-D860-4BF2-A9E9-55B63B20D9A0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | "{FC02B129-7458-426F-A755-D34778ECD029}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FC4A5F15-D4CC-4C08-B55C-62B60B922CE7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe | "{FE44C7C6-5877-468C-BA0A-F430BAB33139}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | "{FEEBE1BD-6369-422B-851F-F89995E5D702}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{FF3FEBCB-9D24-4649-9A44-A69B7F66F1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe | "TCP Query User{1BAB75B7-1BD6-47BD-A9DA-AA827A5C5300}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{2792FE74-2B56-49AC-8593-63A0FB23D8E8}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "TCP Query User{2A12BA20-F81D-4117-900E-7166B6772572}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{2F217471-DC3A-44C1-832E-09F573547333}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "TCP Query User{2F3AF7B1-B928-4DA8-84CB-E017C1BEDB85}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{43E1FB80-2BA3-4598-B2DE-F79BECB87E3B}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "TCP Query User{4E81203E-A5FB-4612-95A6-AD51978F41E6}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "TCP Query User{5AD88A56-957A-4533-BC7A-BC92FAD32BFD}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe | "TCP Query User{7C940D05-EFDB-4D5F-AB91-981C3AF70E7D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{C3D0E571-CC2D-4F85-ADAB-B1E74688185B}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{D441ECB9-5A58-4109-ADEA-EA6F4ADF35EC}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "TCP Query User{D92E2BBA-64F0-4B04-97CE-9F5C034F6FF0}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "TCP Query User{E93E28B5-2903-4F30-B3FB-EFDDC367BA51}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "TCP Query User{F720B683-61A5-4102-9B6E-5D138987D955}C:\users\user\downloads\rapget141\rapget.exe" = protocol=6 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe | "UDP Query User{0715BA33-6385-4163-9442-36F9C7FE2E09}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{0901B92D-2AD1-4F46-A2CA-BBC6F85304A2}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{09B80726-095D-4319-A097-F04AAC455ED7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{1A3E9F89-C1EC-4A1C-BA5A-1A547D42982F}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe | "UDP Query User{2A0E6C06-D04E-40B5-8E93-F303450DF540}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "UDP Query User{57D76075-BBD3-40C1-A509-7D9755DDECE2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{61833A4B-05C3-45D6-B335-B2BA2F3C7120}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{75E1500F-8786-43E4-AE8F-E6792FC79580}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | "UDP Query User{8721760A-90CE-4545-8E1D-D950DFFC1BA0}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe | "UDP Query User{A956CC8C-E626-4C17-A097-C23FCFA91A31}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe | "UDP Query User{C9A3DED1-F34E-4E01-92B6-FA393C1A5A9A}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{CEB6BC7E-E7F7-4C5E-A017-DE3F7E13FA30}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe | "UDP Query User{D37300E8-FE97-45A0-8674-3ACA889AC962}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | "UDP Query User{D7419ED2-3820-4238-BC4F-CDE5EBD9B832}C:\users\user\downloads\rapget141\rapget.exe" = protocol=17 | dir=in | app=c:\users\user\downloads\rapget141\rapget.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences "{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75126DE9-C8EC-46B2-949F-EFA770AAFD9B}" = HP ProtectTools Security Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8F258628-2E18-4C2E-8127-EF4EFAF5F75C}" = HP 3D DriveGuard "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{938C9D51-4233-4DCE-A650-96918ACDBF3E}" = HP Power Data "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR "{B4867F47-1E4E-4EA2-8FE7-1153BD5B121E}" = Validity Fingerprint Driver "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}" = HP Wireless Assistant "{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook "{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}" = HP Power Assistant "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "HoldemManager" = Holdem Manager "HPProtectTools" = HP ProtectTools Security Manager "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PROSet" = Intel(R) Network Connections Drivers "sp6" = Logitech SetPoint 6.32 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0E9389C0-0E8A-4174-A430-CFAFF29CC3A7}" = PokerStrategy.com Equilab "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1CE213F8-D2A4-4069-B918-589EEFB1DB2C}" = HP Mobile Display Assistant "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{251A498D-2109-4BD2-AA12-797EE9C348DE}" = TableNinjaPP "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager "{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{448672D7-7607-4026-A8F2-E4D4B214E704}" = HP Documentation "{4728FCB1-5155-41CD-AF34-1E92DDE6556D}" = TableNinja "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform "{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}" = NoteCaddy 2 "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{7861911B-4270-498A-8F7A-FCF0570F4862}" = HP QuickWeb "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}" = TableNinja "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5CBB488-6850-4C67-86D5-542A07A7A4DE}" = HP Setup "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AF6EB833-D48A-49AC-9394-4C57489FDFF2}" = HP Software Framework "{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}" = HP ESU for Microsoft Windows 7 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver "{FD8234FF-A70D-4632-B146-F41AB37C0B24}" = HP Business Card Reader "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFF186B6-4D02-4D8D-A776-C43E062E01A9}" = Rosetta Stone Ltd Services "5050poker (Poker)" = 5050 Poker "5992-1726-3179-3433" = ProPokerTools Odds Oracle 1.6.0 "888poker" = 888poker "Adobe AIR" = Adobe AIR "Betfair Poker_is1" = Betfair Poker "BSW" = BrettspielWelt "Cake Poker 2.0" = Cake Poker 2.0 "Diablo III" = Diablo III "Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition "Drive Encryption" = Drive Encryption for HP ProtectTools "EVE" = EVE Online (remove only) "Fences" = Fences "FileZilla Client" = FileZilla Client 3.5.1 "Google Chrome" = Google Chrome "HMA! Pro VPN" = HMA! Pro VPN 2.6.8 "HoldemManager2" = Holdem Manager 2 "hon" = Heroes of Newerth "ICQToolbar" = ICQ Toolbar "InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "JDownloader" = JDownloader "LogMeIn Hamachi" = LogMeIn Hamachi "Mermaid Poker" = Mermaid Poker "mIRC" = mIRC "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ParadisePoker" = ParadisePoker "PartyPoker" = PartyPoker "PokerStars" = PokerStars "PokerTracker3" = PokerTracker 3 (remove only) "PostgreSQL 8.4" = PostgreSQL 8.4 "Steam App 104700" = Super Monday Night Combat "Steam App 10500" = Empire: Total War "Steam App 17460" = Mass Effect "Steam App 24980" = Mass Effect 2 "Steam App 32460" = Monkey Island 2: Special Edition "Steam App 33350" = Anno 1404: Venice "Steam App 34330" = Total War: SHOGUN 2 "Steam App 3900" = Sid Meier's Civilization IV "Steam App 42910" = Magicka "Steam App 4760" = Rome: Total War Gold Edition "Steam App 48220" = Might & Magic ® Heroes ® VI "Steam App 48240" = Anno 2070 "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 65800" = Dungeon Defenders "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8800" = Sid Meier's Civilization IV: Beyond the Sword "Steam App 8930" = Sid Meier's Civilization V "TeamViewer 6" = TeamViewer 6 "TeamViewer 7" = TeamViewer 7 "VLC media player" = VLC media player 1.1.7 "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.00 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Absolute Poker" = Absolute Poker "Betfred Poker" = Betfred Poker "CarbonPoker" = CarbonPoker "CelebPoker" = CelebPoker "Game Organizer" = EasyBits GO "Green Joker Poker" = Green Joker Poker "myBet Poker" = myBet Poker "Paddy Power Poker" = Paddy Power Poker "Poker 770" = Poker 770 "Titan Poker" = Titan Poker "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich habe Malwarebytes Anti-Malware heruntergeladen und auf dem befallenen Rechner gezogen, allerdings noch nicht ausgefuehrt. Vielen Dank wenn Ihr euch meinem Problem annehmen solltet. |
|
05.06.2012, 13:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Befall vom Verschluesselungstrojaner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
06.06.2012, 02:56
| #3 |
| | Befall vom Verschluesselungstrojaner Hey,
__________________danke. Hier das Ergebnis vom Malware-Scan: Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 User :: USER-HP [Administrator] Schutz: Aktiviert 06.06.2012 02:26:59 mbam-log-2012-06-06 (02-26-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 655541 Laufzeit: 25 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5050poker (Poker) (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Betfred Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CelebPoker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Green Joker Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\myBet Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paddy Power Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 21 C:\Microgaming\Poker\5050pokerMPP\install.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Betfred Poker\_SetupPoker_d7a3c9[1].exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\CelebPoker\_SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Chilipoker\_SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Green Joker Poker\_SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\myBet Poker\_SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Paddy Power Poker\_SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Poker 770\_SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Poker\Titan Poker\_TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\Temp\smfplyxsnw.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\Temp\Poker 770\SetupPoker.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Desktop\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\5050poker.exe (PUP.Casino.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_4a50(1).exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_4a50.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_a21255.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupCasino_a81bab.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupPoker.exe_3b5c79.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\SetupPoker_e69dd.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\Downloads\TitanPSetup_126130.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ESET - Scanergebniss Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=78c47951dd15074bbe8d5f7ea3a7fd9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-06 04:17:38
# local_time=2012-06-06 05:17:38 (+0000, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 91413469 0 0
# compatibility_mode=8192 67108863 100 0 2007 2007 0 0
# scanned=446323
# found=2
# cleaned=0
# scan_time=7839
C:\$Recycle.Bin\S-1-5-21-1234291694-453656751-21271432-1000\$RL0I72K.zip Win32/Trustezeb.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\$Recycle.Bin\S-1-5-21-1234291694-453656751-21271432-1000\$RRKLUHV.zip Win32/Trustezeb.B trojan (unable to clean) 00000000000000000000000000000000 I
|
|
06.06.2012, 12:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung) 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.06.2012, 18:11
| #5 |
| | Befall vom Verschluesselungstrojaner Hey, Danke fuer deine Antowrt. Nein,das ist das erste mal das ich Malwarebytes in Benutzung hatte. Zu den beiden anderen Fragen: 1.) Ja, laeuft uneingeschraenkt. 2.) Nein, alle da. |
|
07.06.2012, 12:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Befall vom Verschluesselungstrojaner |
|
08.06.2012, 15:35
| #7 |
| | Befall vom Verschluesselungstrojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2012 12:06:08 - Run 2 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,32 Gb Available Physical Memory | 83,62% Memory free 31,86 Gb Paging File | 28,88 Gb Available in Paging File | 90,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 160,73 Gb Free Space | 36,70% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,20 Mb Free Space | 98,90% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.04.26 12:38:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe PRC - [2011.03.13 19:28:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 14:49:32 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.04.26 12:38:02 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon) SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV) SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M] [2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions [2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml [2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml [2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml [2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml [2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml [2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml [2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml [2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml [2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml [2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml [2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml [2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI [2012.06.01 00:22:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 03:14:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dc [2012.06.06 02:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.06 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.06 02:24:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.06 02:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition [2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition [2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker [2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 12:02:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.08 11:50:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 11:49:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.08 11:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.07 08:39:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.06.06 18:07:46 | 1530,976,720 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.06 18:07:44 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 03:05:19 | 004,260,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.06 03:05:19 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.06.06 03:05:19 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.06.06 03:05:19 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.06.06 03:05:19 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.06 03:05:19 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.06 03:05:19 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.06.06 03:05:19 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.06.06 03:05:19 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.06 03:05:19 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.06.06 03:05:19 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.06 02:24:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk [2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 02:24:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa [2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat [2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3} [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe [2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign ========== LOP Check ========== [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.04.16 01:25:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe [2011.12.31 00:53:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.06.16 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dvdcss [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.03.13 15:03:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2011.07.15 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hewlett-Packard [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2011.10.06 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hpqLog [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2011.02.18 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities [2011.10.27 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2012.01.11 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd [2012.01.11 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2011.03.13 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia [2012.06.06 02:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2011.10.11 04:15:44 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.10.16 04:51:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mIRC [2011.03.13 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla [2011.03.21 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla-Cache [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.06.08 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype [2011.05.29 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc [2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Winamp [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2011.03.14 00:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.13 15:15:39 | 000,151,552 | ---- | M] (ABSOLUTE POKER) -- C:\Users\User\AppData\Roaming\Absolute Poker\DownLoadInst\liveupdate.exe [2012.04.04 17:18:58 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.08.22 16:30:41 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_2320BA6B4FD0E77DBA50BD.exe [2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_27F58524F6C4BEE7845CF2.exe [2012.01.11 19:58:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_6D3AC9EA95E45EA1603B4B.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_853F67D554F05449430E7E.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_B6FC864924B85821C04CB9.exe [2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_853F67D554F05449430E7E.exe [2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_E08F725C08A3AB3AAD9C0C.exe [2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_91504D44843E411F525CA5.exe [2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_D776FA2A4A7B775E66843F.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\Drivers\32\HDD\IaStor.sys [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\Drivers\64\HDD\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_f60e9f88cda1872e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.01.09 12:25:21 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.01.09 12:25:21 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.01.09 12:25:21 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.01.09 12:25:20 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID < End of report > Danke! |
|
08.06.2012, 17:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - user.js - File not found
[2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml
[2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml
[2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml
[2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml
[2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml
[2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml
[2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml
[2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml
[2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml
[2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml
[2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
[2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 18:03
| #9 |
| | Befall vom Verschluesselungstrojaner OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2012 12:06:08 - Run 2 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,93 Gb Total Physical Memory | 13,32 Gb Available Physical Memory | 83,62% Memory free 31,86 Gb Paging File | 28,88 Gb Available in Paging File | 90,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 437,97 Gb Total Space | 160,73 Gb Free Space | 36,70% Space Free | Partition Type: NTFS Drive D: | 959,72 Mb Total Space | 949,20 Mb Free Space | 98,90% Space Free | Partition Type: FAT Drive F: | 13,69 Gb Total Space | 0,01 Gb Free Space | 0,05% Space Free | Partition Type: FAT32 Computer Name: USER-HP | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.04.26 12:38:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.08.15 16:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe PRC - [2011.03.13 19:28:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\javaw.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.06 23:02:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.07.16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe PRC - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010.04.05 18:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.12.29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.21 04:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.11 22:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe PRC - [2009.09.08 08:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe ========== Modules (No Company Name) ========== MOD - [2012.05.09 14:49:32 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.04.26 12:38:02 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.04.04 08:46:43 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010.11.20 14:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.07.16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010.06.14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.02.12 03:25:58 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.01.27 22:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.30 08:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.12.29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009.12.16 22:48:12 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2009.12.16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2009.12.16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.08.03 21:32:20 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) SRV - [2012.05.30 22:20:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.27 00:23:57 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.26 12:38:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.19 12:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.09.01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.15 14:18:06 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon) SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.10.19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.20 21:08:46 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010.05.07 17:21:38 | 000,080,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2010.04.16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.04.05 18:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.21 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe -- (STacSV) SRV - [2009.12.30 07:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.04 22:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.11.04 22:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.08 08:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4) SRV - [2009.07.14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.03.16 01:29:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.03.16 01:29:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 10:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 10:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.08.20 21:08:46 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.06.04 00:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV:64bit: - [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.12 04:01:36 | 006,180,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.01.21 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.07 18:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.12.16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2009.12.16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2009.12.16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009.12.11 22:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.21 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.21 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.29 01:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2009.10.26 22:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.03 21:32:22 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.07.20 23:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.14 00:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.26 01:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.26 00:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.26 00:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.29 15:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.12.16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\Windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.12.16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.12.16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deGB422 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\SearchScopes\{8DC519B8-319D-44B3-BF7D-78FBA47609B8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKU\S-1-5-21-1234291694-453656751-21271432-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "spiegelonline.de" FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4218 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.08.27 06:18:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.08.27 06:18:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.08.27 06:18:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011.12.08 16:53:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 13:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.19 13:56:05 | 000,000,000 | ---D | M] [2011.03.13 20:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 14:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions [2012.03.28 17:00:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.01.15 18:48:23 | 000,001,635 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml [2012.06.08 11:56:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml [2011.05.15 16:35:54 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml [2011.07.28 23:24:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml [2011.08.18 13:33:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml [2011.09.03 17:07:14 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml [2011.09.18 20:47:57 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml [2011.09.27 21:36:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml [2011.10.07 00:16:08 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml [2011.10.13 18:32:04 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml [2011.05.03 05:55:57 | 000,001,056 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml [2011.11.09 15:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.02 01:43:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.15 18:51:30 | 000,042,737 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI [2012.06.01 00:22:09 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9JQU4F4O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.26 12:38:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.03.13 19:28:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:04:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 16:04:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.15 16:04:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 16:04:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 16:04:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 16:04:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-1234291694-453656751-21271432-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Windows\SysNative\nwiz.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DT HM2] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1234291694-453656751-21271432-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\User\Desktop\PartyPoker.lnk File not found O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08E48B58-C541-493B-B384-742D0A2040F3}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.06 03:14:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\dc [2012.06.06 02:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.06 02:24:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.06 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.06 02:24:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.06 02:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.02 19:24:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 19:24:53 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.05.31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.05.31 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2012.05.31 22:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2012.05.31 22:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.05.31 22:26:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.05.31 22:26:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.05.31 05:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Gold Edition [2012.05.31 05:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Die Gilde 2 - Gold Edition [2012.05.30 22:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.30 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\Microgaming [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2012.05.30 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5050 Poker [2012.05.24 17:41:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.05.19 13:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.05.19 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.05.15 20:34:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.05.15 00:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.05.15 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.05.10 13:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 12:05:13 | 000,026,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 12:02:10 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.08 11:50:09 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 11:49:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.08 11:49:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.07 08:39:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.06.06 18:07:46 | 1530,976,720 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.06 18:07:44 | 4237,852,670 | -HS- | M] () -- C:\hiberfil.sys [2012.06.06 03:05:19 | 004,260,060 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.06 03:05:19 | 000,735,912 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.06.06 03:05:19 | 000,733,626 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.06.06 03:05:19 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.06.06 03:05:19 | 000,697,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.06 03:05:19 | 000,652,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.06 03:05:19 | 000,152,200 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.06.06 03:05:19 | 000,148,576 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.06.06 03:05:19 | 000,148,532 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.06 03:05:19 | 000,146,072 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.06.06 03:05:19 | 000,121,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.06 02:24:37 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.02 19:28:11 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.06.02 18:33:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.02 18:27:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.06.02 18:25:40 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:40:16 | 001,691,424 | ---- | M] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:54 | 000,267,624 | ---- | M] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:06:32 | 000,324,793 | ---- | M] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.31 00:42:09 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:18:41 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 20:00:24 | 733,218,816 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:28 | 000,092,511 | ---- | M] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.29 20:56:29 | 000,003,025 | ---- | M] () -- C:\Users\User\Desktop\TableNinja.lnk [2012.05.28 16:02:18 | 007,033,254 | ---- | M] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.20 17:18:28 | 001,114,344 | ---- | M] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:21:55 | 013,608,820 | ---- | M] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 00:13:00 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.13 15:05:55 | 000,293,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.10 16:51:49 | 000,018,519 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | M] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 02:24:37 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.02 19:28:11 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.06.02 19:24:54 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.06.01 22:38:50 | 001,691,424 | ---- | C] () -- C:\Users\User\Desktop\manila 048.jpg [2012.06.01 22:02:40 | 000,267,624 | ---- | C] () -- C:\Users\User\Desktop\jw.jpg [2012.06.01 11:05:43 | 000,324,793 | ---- | C] () -- C:\Users\User\Desktop\photo_007.JPG [2012.05.31 05:54:02 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Die Gilde 2 - Gold Edition.lnk [2012.05.30 22:21:10 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.30 22:17:09 | 000,001,777 | ---- | C] () -- C:\Users\Public\Desktop\5050 Poker.lnk [2012.05.30 09:58:25 | 733,218,816 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.avi [2012.05.30 09:58:23 | 000,092,511 | ---- | C] () -- C:\Users\User\Desktop\the.spirit.molecule.2010.dvdrip.xvid-unveil.srt [2012.05.28 15:56:13 | 007,033,254 | ---- | C] () -- C:\Users\User\Desktop\gartendusche.pdf [2012.05.27 14:48:59 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job [2012.05.20 17:17:28 | 001,114,344 | ---- | C] () -- C:\Users\User\Desktop\libelle1.jpg [2012.05.19 14:19:35 | 013,608,820 | ---- | C] () -- C:\Users\User\Desktop\minimal.mp3 [2012.05.19 13:56:01 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.18 14:10:36 | 014,748,447 | ---- | C] () -- C:\Users\User\Desktop\PokerStars 1.3.1.ipa [2012.05.15 00:12:34 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.10 16:51:48 | 000,018,519 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2011.ods [2012.05.10 16:24:21 | 000,013,466 | ---- | C] () -- C:\Users\User\Desktop\Shares Cashgame 2012.ods [2011.11.22 06:39:41 | 000,004,876 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.10.11 04:16:05 | 000,000,045 | ---- | C] () -- C:\Users\User\AppData\Local\machpro.dat [2011.05.20 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{783A11D7-BDAA-4C02-B0A3-4255724E3CD3} [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 09:50:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.05.07 14:47:47 | 004,183,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.17 00:05:02 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.03.13 13:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.18 15:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.09 12:32:43 | 000,255,360 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2011.01.09 12:32:43 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2011.01.09 12:32:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011.01.09 12:27:54 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll [2011.01.09 12:27:54 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll [2011.01.09 12:27:54 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe [2010.08.27 06:18:13 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini [2010.08.27 06:10:27 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\HPPA.ini [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2010.07.16 15:54:06 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2010.07.15 17:01:46 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign ========== LOP Check ========== [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2012.05.31 21:11:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.13 15:14:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Absolute Poker [2011.04.16 01:25:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe [2011.12.31 00:53:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer [2011.06.14 19:18:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BSW [2011.02.18 15:00:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DigitalPersona [2011.06.16 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dvdcss [2011.10.19 22:06:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2011.07.14 20:59:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go [2011.03.13 15:03:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Google [2011.05.28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HEM Data [2011.07.15 21:01:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hewlett-Packard [2012.01.22 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HoldemManager [2011.10.06 15:39:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\hpqLog [2012.01.12 10:56:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2011.02.18 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities [2011.10.27 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield [2012.01.11 19:58:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2012.01.11 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logishrd [2012.01.11 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Logitech [2011.03.17 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 17:41:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2011.03.13 13:32:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia [2012.06.06 02:24:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.06.01 03:13:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Microgaming [2011.10.11 04:15:44 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft [2012.01.19 04:35:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Might & Magic Heroes VI [2011.10.16 04:51:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mIRC [2011.03.13 20:38:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla [2011.03.21 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla-Cache [2011.04.04 08:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.11.22 06:06:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PacificPoker [2011.03.21 20:51:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2012.06.08 12:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype [2011.05.29 15:05:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM [2012.05.14 15:07:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2011.03.13 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Stardock [2012.01.19 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.01.30 07:27:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2011.05.07 14:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.31 22:26:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.03.15 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc [2012.06.02 01:13:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Winamp [2012.04.04 18:23:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WindSolutions [2011.03.14 00:52:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.03.13 15:15:39 | 000,151,552 | ---- | M] (ABSOLUTE POKER) -- C:\Users\User\AppData\Roaming\Absolute Poker\DownLoadInst\liveupdate.exe [2012.04.04 17:18:58 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.08.22 16:30:41 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_2320BA6B4FD0E77DBA50BD.exe [2012.04.29 22:05:15 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{251A498D-2109-4BD2-AA12-797EE9C348DE}\_27F58524F6C4BEE7845CF2.exe [2012.01.11 19:58:42 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_6D3AC9EA95E45EA1603B4B.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_853F67D554F05449430E7E.exe [2012.05.29 20:56:29 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{4728FCB1-5155-41CD-AF34-1E92DDE6556D}\_B6FC864924B85821C04CB9.exe [2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_853F67D554F05449430E7E.exe [2011.10.20 06:38:11 | 000,134,520 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6A008E45-DFE2-4D8E-9245-2ACF53EEA19B}\_E08F725C08A3AB3AAD9C0C.exe [2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_91504D44843E411F525CA5.exe [2012.05.13 19:58:26 | 000,013,406 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{88A6A61E-52B3-4B89-BDBE-D7F9A04510D3}\_D776FA2A4A7B775E66843F.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\Drivers\32\HDD\IaStor.sys [2010.04.05 18:21:50 | 000,331,288 | ---- | M] (Intel Corporation) MD5=592A0B130FF567A1725F96AD1510D551 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\Drivers\64\HDD\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_75016077b0145423\iaStor.sys [2010.04.05 18:31:54 | 000,409,624 | ---- | M] (Intel Corporation) MD5=C50107C730C9A955F6FD7376733F2D68 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_f60e9f88cda1872e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.01.09 12:25:21 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.01.09 12:25:21 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.01.09 12:25:21 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.01.09 12:25:20 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.08.27 06:20:52 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID < End of report > [/code] Danke! |
|
08.06.2012, 18:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner   Das ist aber jetzt ein OTL-log und nicht das Log vom Fix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 18:34
| #11 |
| | Befall vom Verschluesselungstrojaner Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken. Anyway, hier der Log vom Fix: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
C:\ProgramData\bltofzsb.qlf moved successfully.
ADS C:\Program Files (x86)\Cake Poker 2.0:MID deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: User
->Temp folder emptied: 744071148 bytes
->Temporary Internet Files folder emptied: 68191859 bytes
->Java cache emptied: 792158 bytes
->FireFox cache emptied: 85742719 bytes
->Google Chrome cache emptied: 6437323 bytes
->Flash cache emptied: 11938727 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 948576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 154278 bytes
RecycleBin emptied: 18845889 bytes
Total Files Cleaned = 894,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: postgres
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_182249
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
08.06.2012, 18:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner Der Haken ist nur beim Log-Erstellen relevant, nicht beim Fixen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 18:58
| #13 |
| | Befall vom Verschluesselungstrojaner Ja, ganz komisch, ich wunder mich auch schon grade ueber den Doppelpost, kann mich garnicht daran erinnern. War ich wohl Gedankenversunken. Anyway, hier der Log vom Fix: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
C:\ProgramData\bltofzsb.qlf moved successfully.
ADS C:\Program Files (x86)\Cake Poker 2.0:MID deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: User
->Temp folder emptied: 744071148 bytes
->Temporary Internet Files folder emptied: 68191859 bytes
->Java cache emptied: 792158 bytes
->FireFox cache emptied: 85742719 bytes
->Google Chrome cache emptied: 6437323 bytes
->Flash cache emptied: 11938727 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 948576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 154278 bytes
RecycleBin emptied: 18845889 bytes
Total Files Cleaned = 894,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: postgres
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_182249
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Darum hab ichs einfach nochmal mit Haekchen gemacht: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\9jqu4f4o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\firefox-add-ons.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\9jqu4f4o.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-1234291694-453656751-21271432-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
File C:\ProgramData\bltofzsb.qlf not found.
Unable to delete ADS C:\Program Files (x86)\Cake Poker 2.0:MID .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User
->Temp folder emptied: 1075 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6510944 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: postgres
User: Public
User: User
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.45.0 log created on 06082012_183505
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
08.06.2012, 19:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Befall vom Verschluesselungstrojaner Na,,  der Haken ist beim Fixen egal weil es nur skriptabhängig ist  Aber ist net schlimm Nur wunder ich mich was das jetzt nochmal soll, du solltest doch den TDSS Dingsbums machen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 22:37
| #15 |
| | Befall vom Verschluesselungstrojaner Ok hier der TDSS Report: Code:
ATTFilter 22:32:07.0808 7076 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:32:08.0089 7076 ============================================================
22:32:08.0089 7076 Current date / time: 2012/06/08 22:32:08.0089
22:32:08.0089 7076 SystemInfo:
22:32:08.0089 7076
22:32:08.0089 7076 OS Version: 6.1.7601 ServicePack: 1.0
22:32:08.0089 7076 Product type: Workstation
22:32:08.0089 7076 ComputerName: USER-HP
22:32:08.0089 7076 UserName: User
22:32:08.0089 7076 Windows directory: C:\Windows
22:32:08.0089 7076 System windows directory: C:\Windows
22:32:08.0089 7076 Running under WOW64
22:32:08.0089 7076 Processor architecture: Intel x64
22:32:08.0089 7076 Number of processors: 8
22:32:08.0089 7076 Page size: 0x1000
22:32:08.0089 7076 Boot type: Normal boot
22:32:08.0089 7076 ============================================================
22:32:08.0385 7076 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:32:08.0385 7076 Drive \Device\Harddisk1\DR1 - Size: 0x3C000000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:32:08.0385 7076 ============================================================
22:32:08.0385 7076 \Device\Harddisk0\DR0:
22:32:08.0385 7076 MBR partitions:
22:32:08.0385 7076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x98767
22:32:08.0385 7076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x98F67, BlocksNum 0x36BEF515
22:32:08.0385 7076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36C8847C, BlocksNum 0x31EA43A
22:32:08.0385 7076 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39E728B6, BlocksNum 0x1B6E9FA
22:32:08.0385 7076 \Device\Harddisk1\DR1:
22:32:08.0385 7076 MBR partitions:
22:32:08.0385 7076 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DFFE0
22:32:08.0385 7076 ============================================================
22:32:08.0401 7076 C: <-> \Device\Harddisk0\DR0\Partition1
22:32:08.0401 7076 F: <-> \Device\Harddisk0\DR0\Partition3
22:32:08.0401 7076 ============================================================
22:32:08.0401 7076 Initialize success
22:32:08.0401 7076 ============================================================
22:33:18.0019 3276 ============================================================
22:33:18.0019 3276 Scan started
22:33:18.0019 3276 Mode: Manual; SigCheck; TDLFS;
22:33:18.0019 3276 ============================================================
22:33:18.0222 3276 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:33:18.0300 3276 1394ohci - ok
22:33:18.0300 3276 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:33:18.0331 3276 Accelerometer - ok
22:33:18.0362 3276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:33:18.0362 3276 ACPI - ok
22:33:18.0378 3276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:33:18.0393 3276 AcpiPmi - ok
22:33:18.0409 3276 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:33:18.0424 3276 AdobeARMservice - ok
22:33:18.0471 3276 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:33:18.0502 3276 AdobeFlashPlayerUpdateSvc - ok
22:33:18.0534 3276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:33:18.0549 3276 adp94xx - ok
22:33:18.0565 3276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:33:18.0580 3276 adpahci - ok
22:33:18.0596 3276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:33:18.0612 3276 adpu320 - ok
22:33:18.0612 3276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:33:18.0705 3276 AeLookupSvc - ok
22:33:18.0736 3276 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\AESTSr64.exe
22:33:18.0752 3276 AESTFilters - ok
22:33:18.0783 3276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:33:18.0799 3276 AFD - ok
22:33:18.0799 3276 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
22:33:18.0814 3276 AgereModemAudio - ok
22:33:18.0908 3276 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
22:33:18.0955 3276 AgereSoftModem - ok
22:33:18.0955 3276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:33:18.0970 3276 agp440 - ok
22:33:18.0970 3276 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:33:18.0986 3276 ALG - ok
22:33:19.0002 3276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:33:19.0002 3276 aliide - ok
22:33:19.0017 3276 AMD External Events Utility (af932d0e9ace1522ee4cda050c14dcad) C:\Windows\system32\atiesrxx.exe
22:33:19.0033 3276 AMD External Events Utility - ok
22:33:19.0033 3276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:33:19.0048 3276 amdide - ok
22:33:19.0048 3276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:33:19.0064 3276 AmdK8 - ok
22:33:19.0080 3276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:33:19.0080 3276 AmdPPM - ok
22:33:19.0095 3276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:33:19.0111 3276 amdsata - ok
22:33:19.0126 3276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:33:19.0126 3276 amdsbs - ok
22:33:19.0142 3276 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:33:19.0142 3276 amdxata - ok
22:33:19.0158 3276 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:33:19.0236 3276 AppID - ok
22:33:19.0251 3276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:33:19.0267 3276 AppIDSvc - ok
22:33:19.0282 3276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:33:19.0298 3276 Appinfo - ok
22:33:19.0314 3276 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:33:19.0329 3276 Apple Mobile Device - ok
22:33:19.0329 3276 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:33:19.0345 3276 AppMgmt - ok
22:33:19.0360 3276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:33:19.0360 3276 arc - ok
22:33:19.0376 3276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:33:19.0392 3276 arcsas - ok
22:33:19.0407 3276 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:33:19.0423 3276 aspnet_state - ok
22:33:19.0423 3276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:19.0454 3276 AsyncMac - ok
22:33:19.0454 3276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:33:19.0470 3276 atapi - ok
22:33:19.0906 3276 atikmdag (c7f3af81f7fba52d89754da28c0fea12) C:\Windows\system32\DRIVERS\atikmdag.sys
22:33:20.0016 3276 atikmdag - ok
22:33:20.0062 3276 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:33:20.0094 3276 atksgt - ok
22:33:20.0140 3276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:33:20.0187 3276 AudioEndpointBuilder - ok
22:33:20.0187 3276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:33:20.0218 3276 AudioSrv - ok
22:33:20.0234 3276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:33:20.0265 3276 AxInstSV - ok
22:33:20.0296 3276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:33:20.0312 3276 b06bdrv - ok
22:33:20.0343 3276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:33:20.0343 3276 b57nd60a - ok
22:33:20.0359 3276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:33:20.0374 3276 BDESVC - ok
22:33:20.0374 3276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:33:20.0406 3276 Beep - ok
22:33:20.0452 3276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:33:20.0499 3276 BFE - ok
22:33:20.0562 3276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:33:20.0608 3276 BITS - ok
22:33:20.0624 3276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:33:20.0640 3276 blbdrive - ok
22:33:20.0671 3276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:33:20.0671 3276 Bonjour Service - ok
22:33:20.0686 3276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:33:20.0702 3276 bowser - ok
22:33:20.0702 3276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:33:20.0733 3276 BrFiltLo - ok
22:33:20.0733 3276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:33:20.0749 3276 BrFiltUp - ok
22:33:20.0764 3276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:33:20.0780 3276 Browser - ok
22:33:20.0811 3276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:33:20.0842 3276 Brserid - ok
22:33:20.0842 3276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:33:20.0874 3276 BrSerWdm - ok
22:33:20.0874 3276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:33:20.0889 3276 BrUsbMdm - ok
22:33:20.0889 3276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:33:20.0905 3276 BrUsbSer - ok
22:33:20.0905 3276 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:33:20.0920 3276 BthEnum - ok
22:33:20.0936 3276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:33:20.0952 3276 BTHMODEM - ok
22:33:20.0952 3276 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:33:20.0967 3276 BthPan - ok
22:33:20.0998 3276 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
22:33:21.0030 3276 BTHPORT - ok
22:33:21.0045 3276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:33:21.0061 3276 bthserv - ok
22:33:21.0076 3276 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
22:33:21.0092 3276 BTHUSB - ok
22:33:21.0092 3276 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
22:33:21.0108 3276 btwaudio - ok
22:33:21.0108 3276 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
22:33:21.0123 3276 btwavdt - ok
22:33:21.0170 3276 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:33:21.0186 3276 btwdins - ok
22:33:21.0201 3276 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:33:21.0201 3276 btwl2cap - ok
22:33:21.0201 3276 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
22:33:21.0217 3276 btwrchid - ok
22:33:21.0217 3276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:33:21.0248 3276 cdfs - ok
22:33:21.0248 3276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:33:21.0264 3276 cdrom - ok
22:33:21.0279 3276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:33:21.0295 3276 CertPropSvc - ok
22:33:21.0310 3276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:33:21.0310 3276 circlass - ok
22:33:21.0342 3276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:33:21.0357 3276 CLFS - ok
22:33:21.0373 3276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:33:21.0388 3276 clr_optimization_v2.0.50727_32 - ok
22:33:21.0388 3276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:33:21.0404 3276 clr_optimization_v2.0.50727_64 - ok
22:33:21.0435 3276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:33:21.0435 3276 clr_optimization_v4.0.30319_32 - ok
22:33:21.0451 3276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:33:21.0466 3276 clr_optimization_v4.0.30319_64 - ok
22:33:21.0466 3276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:21.0482 3276 CmBatt - ok
22:33:21.0482 3276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:33:21.0498 3276 cmdide - ok
22:33:21.0529 3276 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:33:21.0576 3276 CNG - ok
22:33:21.0591 3276 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:33:21.0607 3276 Com4QLBEx - ok
22:33:21.0607 3276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:33:21.0622 3276 Compbatt - ok
22:33:21.0622 3276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:33:21.0638 3276 CompositeBus - ok
22:33:21.0638 3276 COMSysApp - ok
22:33:21.0638 3276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:33:21.0654 3276 crcdisk - ok
22:33:21.0669 3276 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:33:21.0700 3276 CryptSvc - ok
22:33:21.0732 3276 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:33:21.0747 3276 CSC - ok
22:33:21.0794 3276 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:33:21.0810 3276 CscService - ok
22:33:21.0888 3276 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:33:21.0903 3276 cvhsvc - ok
22:33:21.0981 3276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:33:22.0044 3276 DcomLaunch - ok
22:33:22.0075 3276 DEBridge (0fd1090009949c58c86b40dd705d0f5d) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
22:33:22.0090 3276 DEBridge ( UnsignedFile.Multi.Generic ) - warning
22:33:22.0090 3276 DEBridge - detected UnsignedFile.Multi.Generic (1)
22:33:22.0122 3276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:33:22.0137 3276 defragsvc - ok
22:33:22.0153 3276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:33:22.0184 3276 DfsC - ok
22:33:22.0200 3276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:33:22.0231 3276 Dhcp - ok
22:33:22.0246 3276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:33:22.0262 3276 discache - ok
22:33:22.0278 3276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:33:22.0293 3276 Disk - ok
22:33:22.0293 3276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:33:22.0309 3276 Dnscache - ok
22:33:22.0340 3276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:33:22.0356 3276 dot3svc - ok
22:33:22.0402 3276 DpHost (e0e65ed0985a28fb18128d6099e985c4) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
22:33:22.0418 3276 DpHost - ok
22:33:22.0434 3276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:33:22.0465 3276 DPS - ok
22:33:22.0465 3276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:33:22.0480 3276 drmkaud - ok
22:33:22.0496 3276 DTSRVC (3ae67690c73eada053231ae8142fa6be) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
22:33:22.0512 3276 DTSRVC - ok
22:33:22.0574 3276 DXGKrnl (209f1a92cb507b2c2eb9e28a1416590e) C:\Windows\System32\drivers\dxgkrnl.sys
22:33:22.0621 3276 DXGKrnl - ok
22:33:22.0636 3276 e1kexpress (e6bdb3c7ef35d82ff987576b9cf07a57) C:\Windows\system32\DRIVERS\e1k62x64.sys
22:33:22.0636 3276 e1kexpress - ok
22:33:22.0652 3276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:33:22.0683 3276 EapHost - ok
22:33:22.0917 3276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:33:22.0980 3276 ebdrv - ok
22:33:23.0026 3276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:33:23.0042 3276 EFS - ok
22:33:23.0104 3276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:33:23.0136 3276 ehRecvr - ok
22:33:23.0151 3276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:33:23.0167 3276 ehSched - ok
22:33:23.0198 3276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:33:23.0229 3276 elxstor - ok
22:33:23.0245 3276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:33:23.0245 3276 ErrDev - ok
22:33:23.0292 3276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:33:23.0323 3276 EventSystem - ok
22:33:23.0338 3276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:33:23.0354 3276 exfat - ok
22:33:23.0370 3276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:33:23.0401 3276 fastfat - ok
22:33:23.0432 3276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:33:23.0463 3276 Fax - ok
22:33:23.0463 3276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:33:23.0479 3276 fdc - ok
22:33:23.0479 3276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:33:23.0510 3276 fdPHost - ok
22:33:23.0510 3276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:33:23.0541 3276 FDResPub - ok
22:33:23.0541 3276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:33:23.0557 3276 FileInfo - ok
22:33:23.0557 3276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:33:23.0588 3276 Filetrace - ok
22:33:23.0588 3276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:23.0604 3276 flpydisk - ok
22:33:23.0619 3276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:33:23.0635 3276 FltMgr - ok
22:33:23.0713 3276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:33:23.0760 3276 FontCache - ok
22:33:23.0760 3276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:33:23.0775 3276 FontCache3.0.0.0 - ok
22:33:23.0775 3276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:33:23.0791 3276 FsDepends - ok
22:33:23.0791 3276 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:33:23.0806 3276 Fs_Rec - ok
22:33:23.0822 3276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:33:23.0838 3276 fvevol - ok
22:33:23.0838 3276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:33:23.0853 3276 gagp30kx - ok
22:33:23.0853 3276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:23.0869 3276 GEARAspiWDM - ok
22:33:23.0931 3276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:33:23.0978 3276 gpsvc - ok
22:33:23.0994 3276 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:23.0994 3276 gupdate - ok
22:33:24.0009 3276 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:33:24.0009 3276 gupdatem - ok
22:33:24.0025 3276 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:33:24.0040 3276 gusvc - ok
22:33:24.0040 3276 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:33:24.0056 3276 hamachi - ok
22:33:24.0243 3276 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:33:24.0274 3276 Hamachi2Svc - ok
22:33:24.0321 3276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:33:24.0337 3276 hcw85cir - ok
22:33:24.0368 3276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:33:24.0399 3276 HdAudAddService - ok
22:33:24.0415 3276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:33:24.0430 3276 HDAudBus - ok
22:33:24.0430 3276 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:33:24.0430 3276 HECIx64 - ok
22:33:24.0446 3276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:33:24.0446 3276 HidBatt - ok
22:33:24.0462 3276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:33:24.0477 3276 HidBth - ok
22:33:24.0477 3276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:33:24.0493 3276 HidIr - ok
22:33:24.0493 3276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:33:24.0524 3276 hidserv - ok
22:33:24.0524 3276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:33:24.0540 3276 HidUsb - ok
22:33:24.0555 3276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:33:24.0571 3276 hkmsvc - ok
22:33:24.0602 3276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:33:24.0618 3276 HomeGroupListener - ok
22:33:24.0633 3276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:33:24.0649 3276 HomeGroupProvider - ok
22:33:24.0649 3276 HP Power Assistant Service (cf3ae4aeab7e3ab87122dc4ddd3a6947) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
22:33:24.0664 3276 HP Power Assistant Service - ok
22:33:24.0680 3276 HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
22:33:24.0680 3276 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
22:33:24.0680 3276 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
22:33:24.0696 3276 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:33:24.0696 3276 HP Support Assistant Service - ok
22:33:24.0711 3276 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
22:33:24.0727 3276 HP Wireless Assistant Service - ok
22:33:24.0727 3276 HPDayStarterService (a4a0e006a1826ea2629e59de2008bb9d) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
22:33:24.0742 3276 HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
22:33:24.0742 3276 HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
22:33:24.0758 3276 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:33:24.0758 3276 HPDrvMntSvc.exe - ok
22:33:24.0774 3276 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:33:24.0789 3276 hpdskflt - ok
22:33:24.0805 3276 HpFkCryptService (393383fe7f577b4a111b44445716fcb3) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
22:33:24.0820 3276 HpFkCryptService - ok
22:33:24.0820 3276 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:33:24.0836 3276 HpqKbFiltr - ok
22:33:24.0898 3276 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:33:24.0930 3276 hpqwmiex - ok
22:33:24.0930 3276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:33:24.0945 3276 HpSAMD - ok
22:33:24.0945 3276 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
22:33:24.0961 3276 hpsrv - ok
22:33:25.0008 3276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:33:25.0070 3276 HTTP - ok
22:33:25.0070 3276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:33:25.0070 3276 hwpolicy - ok
22:33:25.0086 3276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:33:25.0101 3276 i8042prt - ok
22:33:25.0132 3276 IAANTMON (593ef9f904c8497f6d794dc6fcc59dca) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
22:33:25.0148 3276 IAANTMON - ok
22:33:25.0179 3276 iaStor (c50107c730c9a955f6fd7376733f2d68) C:\Windows\system32\DRIVERS\iaStor.sys
22:33:25.0179 3276 iaStor - ok
22:33:25.0210 3276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:33:25.0226 3276 iaStorV - ok
22:33:25.0257 3276 ICQ Service (b1a28fa1afde10b95ff9354b15701d70) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
22:33:25.0257 3276 ICQ Service - ok
22:33:25.0304 3276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:33:25.0335 3276 idsvc - ok
22:33:25.0398 3276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:33:25.0413 3276 iirsp - ok
22:33:25.0491 3276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:33:25.0538 3276 IKEEXT - ok
22:33:25.0538 3276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:33:25.0538 3276 intelide - ok
22:33:25.0554 3276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:33:25.0569 3276 intelppm - ok
22:33:25.0569 3276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:33:25.0600 3276 IPBusEnum - ok
22:33:25.0616 3276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:25.0632 3276 IpFilterDriver - ok
22:33:25.0678 3276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:33:25.0741 3276 iphlpsvc - ok
22:33:25.0756 3276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:33:25.0756 3276 IPMIDRV - ok
22:33:25.0772 3276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:33:25.0803 3276 IPNAT - ok
22:33:25.0881 3276 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:33:25.0912 3276 iPod Service - ok
22:33:25.0912 3276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:33:25.0928 3276 IRENUM - ok
22:33:25.0928 3276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:33:25.0944 3276 isapnp - ok
22:33:25.0959 3276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:33:25.0975 3276 iScsiPrt - ok
22:33:25.0975 3276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:25.0990 3276 kbdclass - ok
22:33:25.0990 3276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:33:25.0990 3276 kbdhid - ok
22:33:26.0006 3276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:26.0006 3276 KeyIso - ok
22:33:26.0022 3276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:33:26.0022 3276 KSecDD - ok
22:33:26.0037 3276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:33:26.0053 3276 KSecPkg - ok
22:33:26.0053 3276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:33:26.0084 3276 ksthunk - ok
22:33:26.0115 3276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:33:26.0146 3276 KtmRm - ok
22:33:26.0162 3276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:33:26.0193 3276 LanmanServer - ok
22:33:26.0193 3276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:33:26.0224 3276 LanmanWorkstation - ok
22:33:26.0271 3276 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:33:26.0287 3276 LBTServ - ok
22:33:26.0302 3276 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
22:33:26.0302 3276 LEqdUsb - ok
22:33:26.0318 3276 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
22:33:26.0318 3276 LHidEqd - ok
22:33:26.0334 3276 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:33:26.0334 3276 LHidFilt - ok
22:33:26.0349 3276 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:33:26.0349 3276 lirsgt - ok
22:33:26.0349 3276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:33:26.0380 3276 lltdio - ok
22:33:26.0396 3276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:33:26.0427 3276 lltdsvc - ok
22:33:26.0427 3276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:33:26.0458 3276 lmhosts - ok
22:33:26.0458 3276 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:33:26.0474 3276 LMouFilt - ok
22:33:26.0490 3276 LMS (17a9c5ffa241aaab275ee5cacef77686) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:33:26.0490 3276 LMS - ok
22:33:26.0505 3276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:33:26.0521 3276 LSI_FC - ok
22:33:26.0536 3276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:33:26.0536 3276 LSI_SAS - ok
22:33:26.0552 3276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:33:26.0568 3276 LSI_SAS2 - ok
22:33:26.0568 3276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:33:26.0583 3276 LSI_SCSI - ok
22:33:26.0599 3276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:33:26.0614 3276 luafv - ok
22:33:26.0630 3276 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:33:26.0646 3276 MBAMProtector - ok
22:33:26.0692 3276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:33:26.0724 3276 MBAMService - ok
22:33:26.0724 3276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:33:26.0739 3276 Mcx2Svc - ok
22:33:26.0739 3276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:33:26.0755 3276 megasas - ok
22:33:26.0770 3276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:33:26.0786 3276 MegaSR - ok
22:33:26.0802 3276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:26.0833 3276 MMCSS - ok
22:33:26.0833 3276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:33:26.0864 3276 Modem - ok
22:33:26.0864 3276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:33:26.0880 3276 monitor - ok
22:33:26.0880 3276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:33:26.0895 3276 mouclass - ok
22:33:26.0895 3276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:33:26.0911 3276 mouhid - ok
22:33:26.0911 3276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:33:26.0926 3276 mountmgr - ok
22:33:26.0942 3276 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:33:26.0942 3276 MozillaMaintenance - ok
22:33:26.0958 3276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:33:26.0973 3276 mpio - ok
22:33:26.0973 3276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:33:27.0004 3276 mpsdrv - ok
22:33:27.0067 3276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:33:27.0129 3276 MpsSvc - ok
22:33:27.0145 3276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:33:27.0160 3276 MRxDAV - ok
22:33:27.0160 3276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:27.0176 3276 mrxsmb - ok
22:33:27.0207 3276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:27.0223 3276 mrxsmb10 - ok
22:33:27.0223 3276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:27.0238 3276 mrxsmb20 - ok
22:33:27.0238 3276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:33:27.0254 3276 msahci - ok
22:33:27.0270 3276 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:33:27.0270 3276 msdsm - ok
22:33:27.0285 3276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:33:27.0301 3276 MSDTC - ok
22:33:27.0301 3276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:33:27.0332 3276 Msfs - ok
22:33:27.0332 3276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:33:27.0363 3276 mshidkmdf - ok
22:33:27.0363 3276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:33:27.0379 3276 msisadrv - ok
22:33:27.0394 3276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:33:27.0426 3276 MSiSCSI - ok
22:33:27.0426 3276 msiserver - ok
22:33:27.0426 3276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:33:27.0457 3276 MSKSSRV - ok
22:33:27.0457 3276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:27.0488 3276 MSPCLOCK - ok
22:33:27.0488 3276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:33:27.0519 3276 MSPQM - ok
22:33:27.0535 3276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:33:27.0550 3276 MsRPC - ok
22:33:27.0566 3276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:33:27.0566 3276 mssmbios - ok
22:33:27.0582 3276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:33:27.0597 3276 MSTEE - ok
22:33:27.0613 3276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:33:27.0613 3276 MTConfig - ok
22:33:27.0628 3276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:33:27.0628 3276 Mup - ok
22:33:27.0675 3276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:33:27.0706 3276 napagent - ok
22:33:27.0722 3276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:33:27.0753 3276 NativeWifiP - ok
22:33:27.0816 3276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:33:27.0847 3276 NDIS - ok
22:33:27.0847 3276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:33:27.0878 3276 NdisCap - ok
22:33:27.0878 3276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:27.0909 3276 NdisTapi - ok
22:33:27.0909 3276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:27.0940 3276 Ndisuio - ok
22:33:27.0956 3276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:27.0987 3276 NdisWan - ok
22:33:28.0003 3276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:33:28.0018 3276 NDProxy - ok
22:33:28.0034 3276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:33:28.0065 3276 NetBIOS - ok
22:33:28.0081 3276 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:33:28.0112 3276 NetBT - ok
22:33:28.0112 3276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:28.0128 3276 Netlogon - ok
22:33:28.0159 3276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:33:28.0190 3276 Netman - ok
22:33:28.0206 3276 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0221 3276 NetMsmqActivator - ok
22:33:28.0221 3276 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0237 3276 NetPipeActivator - ok
22:33:28.0268 3276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:33:28.0299 3276 netprofm - ok
22:33:28.0315 3276 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0315 3276 NetTcpActivator - ok
22:33:28.0315 3276 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:33:28.0330 3276 NetTcpPortSharing - ok
22:33:28.0845 3276 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
22:33:28.0970 3276 NETw5s64 - ok
22:33:29.0017 3276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:33:29.0032 3276 nfrd960 - ok
22:33:29.0048 3276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:33:29.0095 3276 NlaSvc - ok
22:33:29.0095 3276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:33:29.0126 3276 Npfs - ok
22:33:29.0126 3276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:33:29.0157 3276 nsi - ok
22:33:29.0173 3276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:33:29.0188 3276 nsiproxy - ok
22:33:29.0329 3276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:33:29.0376 3276 Ntfs - ok
22:33:29.0438 3276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:33:29.0485 3276 Null - ok
22:33:29.0485 3276 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:33:29.0500 3276 nusb3hub - ok
22:33:29.0516 3276 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:33:29.0516 3276 nusb3xhc - ok
22:33:30.0280 3276 nvlddmkm (aac0cdb1d5f4d4decac7945b1436ca3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:33:30.0499 3276 nvlddmkm - ok
22:33:30.0561 3276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:33:30.0592 3276 nvraid - ok
22:33:30.0608 3276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:33:30.0608 3276 nvstor - ok
22:33:30.0639 3276 nvsvc (035b3e892ffb369506736bb8103321df) C:\windows\system32\nvvsvc.exe
22:33:30.0655 3276 nvsvc - ok
22:33:30.0655 3276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:33:30.0670 3276 nv_agp - ok
22:33:30.0670 3276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:33:30.0686 3276 ohci1394 - ok
22:33:30.0702 3276 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
22:33:30.0702 3276 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
22:33:30.0702 3276 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
22:33:30.0717 3276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:33:30.0717 3276 ose - ok
22:33:31.0076 3276 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:33:31.0170 3276 osppsvc - ok
22:33:31.0232 3276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:31.0263 3276 p2pimsvc - ok
22:33:31.0294 3276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:33:31.0310 3276 p2psvc - ok
22:33:31.0326 3276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:33:31.0341 3276 Parport - ok
22:33:31.0341 3276 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:33:31.0357 3276 partmgr - ok
22:33:31.0372 3276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:33:31.0388 3276 PcaSvc - ok
22:33:31.0404 3276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:33:31.0419 3276 pci - ok
22:33:31.0419 3276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:33:31.0419 3276 pciide - ok
22:33:31.0450 3276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:33:31.0450 3276 pcmcia - ok
22:33:31.0466 3276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:33:31.0466 3276 pcw - ok
22:33:31.0482 3276 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
22:33:31.0497 3276 PdiService - ok
22:33:31.0544 3276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:33:31.0591 3276 PEAUTH - ok
22:33:31.0684 3276 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:33:31.0716 3276 PeerDistSvc - ok
22:33:31.0778 3276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:33:31.0794 3276 PerfHost - ok
22:33:31.0950 3276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:33:32.0012 3276 pla - ok
22:33:32.0028 3276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:33:32.0043 3276 PlugPlay - ok
22:33:32.0043 3276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:33:32.0059 3276 PNRPAutoReg - ok
22:33:32.0074 3276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:33:32.0090 3276 PNRPsvc - ok
22:33:32.0121 3276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:33:32.0184 3276 PolicyAgent - ok
22:33:32.0184 3276 postgresql-8.4 - ok
22:33:32.0199 3276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:33:32.0230 3276 Power - ok
22:33:32.0246 3276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:33:32.0277 3276 PptpMiniport - ok
22:33:32.0277 3276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:33:32.0293 3276 Processor - ok
22:33:32.0308 3276 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:33:32.0340 3276 ProfSvc - ok
22:33:32.0340 3276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:32.0355 3276 ProtectedStorage - ok
22:33:32.0355 3276 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:33:32.0386 3276 Psched - ok
22:33:32.0511 3276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:33:32.0558 3276 ql2300 - ok
22:33:32.0636 3276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:33:32.0652 3276 ql40xx - ok
22:33:32.0683 3276 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:33:32.0698 3276 QWAVE - ok
22:33:32.0698 3276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:33:32.0714 3276 QWAVEdrv - ok
22:33:32.0714 3276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:33:32.0745 3276 RasAcd - ok
22:33:32.0745 3276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:33:32.0776 3276 RasAgileVpn - ok
22:33:32.0792 3276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:33:32.0823 3276 RasAuto - ok
22:33:32.0823 3276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:32.0854 3276 Rasl2tp - ok
22:33:32.0870 3276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:33:32.0901 3276 RasMan - ok
22:33:32.0917 3276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:32.0948 3276 RasPppoe - ok
22:33:32.0948 3276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:33:32.0979 3276 RasSstp - ok
22:33:33.0010 3276 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:33:33.0057 3276 rdbss - ok
22:33:33.0057 3276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:33:33.0073 3276 rdpbus - ok
22:33:33.0073 3276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:33.0104 3276 RDPCDD - ok
22:33:33.0120 3276 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:33:33.0135 3276 RDPDR - ok
22:33:33.0135 3276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:33:33.0166 3276 RDPENCDD - ok
22:33:33.0166 3276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:33:33.0182 3276 RDPREFMP - ok
22:33:33.0198 3276 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:33:33.0198 3276 RdpVideoMiniport - ok
22:33:33.0213 3276 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:33:33.0229 3276 RDPWD - ok
22:33:33.0244 3276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:33:33.0260 3276 rdyboost - ok
22:33:33.0260 3276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:33:33.0291 3276 RemoteAccess - ok
22:33:33.0307 3276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:33:33.0338 3276 RemoteRegistry - ok
22:33:33.0338 3276 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:33:33.0354 3276 RFCOMM - ok
22:33:33.0369 3276 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:33:33.0369 3276 rimmptsk - ok
22:33:33.0369 3276 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
22:33:33.0385 3276 rimspci - ok
22:33:33.0400 3276 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
22:33:33.0400 3276 rimsptsk - ok
22:33:33.0416 3276 risdpcie (c4581f04aa130892555b821f1fbaa151) C:\Windows\system32\DRIVERS\risdpe64.sys
22:33:33.0416 3276 risdpcie - ok
22:33:33.0432 3276 rismcx64 (d018844dc53d8428410a2feeeee9373e) C:\Windows\system32\DRIVERS\rismcx64.sys
22:33:33.0432 3276 rismcx64 - ok
22:33:33.0447 3276 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:33:33.0463 3276 rismxdp - ok
22:33:33.0463 3276 rixdpcie (a4579105a3c5b6290701ead0c153e07a) C:\Windows\system32\DRIVERS\rixdpe64.sys
22:33:33.0478 3276 rixdpcie - ok
22:33:33.0603 3276 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
22:33:33.0634 3276 RosettaStoneDaemon - ok
22:33:33.0681 3276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:33:33.0712 3276 RpcEptMapper - ok
22:33:33.0728 3276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:33:33.0728 3276 RpcLocator - ok
22:33:33.0775 3276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:33:33.0822 3276 RpcSs - ok
22:33:33.0837 3276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:33:33.0853 3276 rspndr - ok
22:33:33.0868 3276 RsvLock (ecbab4cd65cbedbe26ec6838e4fb7c1c) C:\Windows\system32\drivers\RsvLock.sys
22:33:33.0868 3276 RsvLock - ok
22:33:33.0884 3276 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:33:33.0884 3276 s3cap - ok
22:33:33.0884 3276 SafeBoot (317a99735c3a26c5cd60ab59e5e7e4e2) C:\Windows\system32\drivers\SafeBoot.sys
22:33:33.0900 3276 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 317a99735c3a26c5cd60ab59e5e7e4e2
22:33:33.0900 3276 SafeBoot ( LockedFile.Multi.Generic ) - warning
22:33:33.0900 3276 SafeBoot - detected LockedFile.Multi.Generic (1)
22:33:33.0900 3276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:33.0900 3276 SamSs - ok
22:33:33.0915 3276 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\Windows\system32\drivers\SbAlg.sys
22:33:33.0915 3276 SbAlg - ok
22:33:33.0915 3276 SbFsLock (fcaa034231e58b0de64d0a7904015535) C:\Windows\system32\drivers\SbFsLock.sys
22:33:33.0931 3276 SbFsLock - ok
22:33:33.0931 3276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:33:33.0946 3276 sbp2port - ok
22:33:33.0962 3276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:33:33.0978 3276 SCardSvr - ok
22:33:33.0993 3276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:33:34.0009 3276 scfilter - ok
22:33:34.0071 3276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:33:34.0118 3276 Schedule - ok
22:33:34.0134 3276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:33:34.0165 3276 SCPolicySvc - ok
22:33:34.0165 3276 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:33:34.0180 3276 sdbus - ok
22:33:34.0196 3276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:33:34.0212 3276 SDRSVC - ok
22:33:34.0227 3276 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:33:34.0243 3276 SeaPort - ok
22:33:34.0258 3276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:33:34.0274 3276 secdrv - ok
22:33:34.0274 3276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:33:34.0305 3276 seclogon - ok
22:33:34.0305 3276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:33:34.0336 3276 SENS - ok
22:33:34.0352 3276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:33:34.0352 3276 SensrSvc - ok
22:33:34.0368 3276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:33:34.0368 3276 Serenum - ok
22:33:34.0383 3276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:33:34.0399 3276 Serial - ok
22:33:34.0399 3276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:33:34.0414 3276 sermouse - ok
22:33:34.0430 3276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:33:34.0446 3276 SessionEnv - ok
22:33:34.0461 3276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:33:34.0461 3276 sffdisk - ok
22:33:34.0477 3276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:33:34.0477 3276 sffp_mmc - ok
22:33:34.0492 3276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:33:34.0492 3276 sffp_sd - ok
22:33:34.0492 3276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:33:34.0508 3276 sfloppy - ok
22:33:34.0570 3276 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:33:34.0586 3276 Sftfs - ok
22:33:34.0617 3276 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:33:34.0633 3276 sftlist - ok
22:33:34.0648 3276 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:33:34.0664 3276 Sftplay - ok
22:33:34.0664 3276 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:33:34.0680 3276 Sftredir - ok
22:33:34.0680 3276 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:33:34.0680 3276 Sftvol - ok
22:33:34.0695 3276 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:33:34.0711 3276 sftvsa - ok
22:33:34.0742 3276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:33:34.0773 3276 SharedAccess - ok
22:33:34.0804 3276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:33:34.0836 3276 ShellHWDetection - ok
22:33:34.0836 3276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:33:34.0851 3276 SiSRaid2 - ok
22:33:34.0851 3276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:33:34.0867 3276 SiSRaid4 - ok
22:33:34.0882 3276 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:33:34.0898 3276 SkypeUpdate - ok
22:33:34.0898 3276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:33:34.0929 3276 Smb - ok
22:33:34.0929 3276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:33:34.0945 3276 SNMPTRAP - ok
22:33:35.0070 3276 SNP2UVC (84e347359a28e9e544ff169fbdea5f59) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:33:35.0132 3276 SNP2UVC - ok
22:33:35.0194 3276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:33:35.0226 3276 spldr - ok
22:33:35.0257 3276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:33:35.0304 3276 Spooler - ok
22:33:35.0569 3276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:33:35.0647 3276 sppsvc - ok
22:33:35.0709 3276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:33:35.0756 3276 sppuinotify - ok
22:33:35.0803 3276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:33:35.0818 3276 srv - ok
22:33:35.0850 3276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:33:35.0881 3276 srv2 - ok
22:33:35.0896 3276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:33:35.0896 3276 srvnet - ok
22:33:35.0928 3276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:33:35.0959 3276 SSDPSRV - ok
22:33:35.0959 3276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:33:35.0990 3276 SstpSvc - ok
22:33:36.0037 3276 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_2223a6b19a4f4233\STacSV64.exe
22:33:36.0068 3276 STacSV - ok
22:33:36.0068 3276 Steam Client Service - ok
22:33:36.0084 3276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:33:36.0099 3276 stexstor - ok
22:33:36.0130 3276 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
22:33:36.0162 3276 STHDA - ok
22:33:36.0208 3276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:33:36.0240 3276 stisvc - ok
22:33:36.0255 3276 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:33:36.0255 3276 storflt - ok
22:33:36.0271 3276 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:33:36.0271 3276 storvsc - ok
22:33:36.0271 3276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:33:36.0286 3276 swenum - ok
22:33:36.0318 3276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:33:36.0364 3276 swprv - ok
22:33:36.0364 3276 Synth3dVsc - ok
22:33:36.0489 3276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:33:36.0536 3276 SysMain - ok
22:33:36.0583 3276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:33:36.0598 3276 TabletInputService - ok
22:33:36.0614 3276 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
22:33:36.0614 3276 tap0901 - ok
22:33:36.0645 3276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:33:36.0676 3276 TapiSrv - ok
22:33:36.0676 3276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:33:36.0708 3276 TBS - ok
22:33:36.0848 3276 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:33:36.0895 3276 Tcpip - ok
22:33:37.0082 3276 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:33:37.0129 3276 TCPIP6 - ok
22:33:37.0191 3276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:33:37.0254 3276 tcpipreg - ok
22:33:37.0254 3276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:33:37.0269 3276 TDPIPE - ok
22:33:37.0269 3276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:33:37.0285 3276 TDTCP - ok
22:33:37.0300 3276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:33:37.0316 3276 tdx - ok
22:33:37.0503 3276 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
22:33:37.0550 3276 TeamViewer6 - ok
22:33:37.0737 3276 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:33:37.0784 3276 TeamViewer7 - ok
22:33:37.0846 3276 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
22:33:37.0862 3276 teamviewervpn - ok
22:33:37.0862 3276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:33:37.0893 3276 TermDD - ok
22:33:37.0940 3276 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:33:37.0987 3276 TermService - ok
22:33:37.0987 3276 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:33:38.0002 3276 Themes - ok
22:33:38.0018 3276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:33:38.0034 3276 THREADORDER - ok
22:33:38.0049 3276 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
22:33:38.0049 3276 TPM - ok
22:33:38.0065 3276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:33:38.0096 3276 TrkWks - ok
22:33:38.0112 3276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:33:38.0143 3276 TrustedInstaller - ok
22:33:38.0143 3276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:38.0174 3276 tssecsrv - ok
22:33:38.0190 3276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:33:38.0190 3276 TsUsbFlt - ok
22:33:38.0205 3276 tsusbhub - ok
22:33:38.0221 3276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:33:38.0236 3276 tunnel - ok
22:33:38.0252 3276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:33:38.0252 3276 uagp35 - ok
22:33:38.0299 3276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:33:38.0330 3276 udfs - ok
22:33:38.0330 3276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:33:38.0346 3276 UI0Detect - ok
22:33:38.0346 3276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:33:38.0361 3276 uliagpkx - ok
22:33:38.0377 3276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:33:38.0377 3276 umbus - ok
22:33:38.0377 3276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:33:38.0392 3276 UmPass - ok
22:33:38.0408 3276 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:33:38.0424 3276 UmRdpService - ok
22:33:38.0595 3276 UNS (7953d636309b7f505c70667a7a2437cf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:33:38.0642 3276 UNS - ok
22:33:38.0720 3276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:33:38.0767 3276 upnphost - ok
22:33:38.0767 3276 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:33:38.0782 3276 USBAAPL64 - ok
22:33:38.0782 3276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:38.0798 3276 usbccgp - ok
22:33:38.0814 3276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:33:38.0814 3276 usbcir - ok
22:33:38.0829 3276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:33:38.0845 3276 usbehci - ok
22:33:38.0860 3276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:33:38.0876 3276 usbhub - ok
22:33:38.0876 3276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:33:38.0892 3276 usbohci - ok
22:33:38.0892 3276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:33:38.0907 3276 usbprint - ok
22:33:38.0923 3276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:38.0938 3276 USBSTOR - ok
22:33:38.0938 3276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:33:38.0954 3276 usbuhci - ok
22:33:38.0970 3276 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:33:38.0985 3276 usbvideo - ok
22:33:38.0985 3276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:33:39.0016 3276 UxSms - ok
22:33:39.0016 3276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:33:39.0032 3276 VaultSvc - ok
22:33:39.0172 3276 vcsFPService (790f7f11d4cf4e9b9e3ad7a181092e4b) C:\windows\system32\vcsFPService.exe
22:33:39.0219 3276 vcsFPService - ok
22:33:39.0266 3276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:33:39.0282 3276 vdrvroot - ok
22:33:39.0328 3276 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:33:39.0391 3276 vds - ok
22:33:39.0391 3276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:39.0406 3276 vga - ok
22:33:39.0422 3276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:33:39.0438 3276 VgaSave - ok
22:33:39.0453 3276 VGPU - ok
22:33:39.0453 3276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:33:39.0469 3276 vhdmp - ok
22:33:39.0469 3276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:33:39.0484 3276 viaide - ok
22:33:39.0500 3276 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:33:39.0500 3276 vmbus - ok
22:33:39.0516 3276 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:33:39.0516 3276 VMBusHID - ok
22:33:39.0531 3276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:33:39.0531 3276 volmgr - ok
22:33:39.0562 3276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:33:39.0578 3276 volmgrx - ok
22:33:39.0594 3276 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
22:33:39.0609 3276 volsnap - ok
22:33:39.0625 3276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:33:39.0640 3276 vsmraid - ok
22:33:39.0750 3276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:33:39.0812 3276 VSS - ok
22:33:39.0843 3276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:33:39.0859 3276 vwifibus - ok
22:33:39.0874 3276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:33:39.0874 3276 vwififlt - ok
22:33:39.0906 3276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:33:39.0952 3276 W32Time - ok
22:33:39.0968 3276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:33:39.0968 3276 WacomPen - ok
22:33:39.0984 3276 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:40.0015 3276 WANARP - ok
22:33:40.0015 3276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:40.0046 3276 Wanarpv6 - ok
22:33:40.0140 3276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:33:40.0171 3276 WatAdminSvc - ok
22:33:40.0296 3276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:33:40.0327 3276 wbengine - ok
22:33:40.0405 3276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:33:40.0436 3276 WbioSrvc - ok
22:33:40.0467 3276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:33:40.0483 3276 wcncsvc - ok
22:33:40.0483 3276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:33:40.0498 3276 WcsPlugInService - ok
22:33:40.0514 3276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:33:40.0514 3276 Wd - ok
22:33:40.0576 3276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:33:40.0608 3276 Wdf01000 - ok
22:33:40.0623 3276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:40.0654 3276 WdiServiceHost - ok
22:33:40.0654 3276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:33:40.0670 3276 WdiSystemHost - ok
22:33:40.0686 3276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:33:40.0701 3276 WebClient - ok
22:33:40.0732 3276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:33:40.0748 3276 Wecsvc - ok
22:33:40.0764 3276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:33:40.0795 3276 wercplsupport - ok
22:33:40.0795 3276 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:33:40.0826 3276 WerSvc - ok
22:33:40.0842 3276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:33:40.0857 3276 WfpLwf - ok
22:33:40.0873 3276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:33:40.0873 3276 WIMMount - ok
22:33:40.0888 3276 WinDefend - ok
22:33:40.0888 3276 WinHttpAutoProxySvc - ok
22:33:40.0904 3276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:33:40.0935 3276 Winmgmt - ok
22:33:41.0076 3276 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:33:41.0138 3276 WinRM - ok
22:33:41.0185 3276 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
22:33:41.0216 3276 WinUSB - ok
22:33:41.0278 3276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:33:41.0325 3276 Wlansvc - ok
22:33:41.0481 3276 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:33:41.0512 3276 wlidsvc - ok
22:33:41.0575 3276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:33:41.0590 3276 WmiAcpi - ok
22:33:41.0622 3276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:33:41.0637 3276 wmiApSrv - ok
22:33:41.0653 3276 WMPNetworkSvc - ok
22:33:41.0653 3276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:33:41.0668 3276 WPCSvc - ok
22:33:41.0684 3276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:33:41.0700 3276 WPDBusEnum - ok
22:33:41.0700 3276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:41.0731 3276 ws2ifsl - ok
22:33:41.0731 3276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:33:41.0746 3276 wscsvc - ok
22:33:41.0762 3276 WSearch - ok
22:33:41.0934 3276 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:33:42.0012 3276 wuauserv - ok
22:33:42.0058 3276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:33:42.0121 3276 WudfPf - ok
22:33:42.0136 3276 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:42.0152 3276 WUDFRd - ok
22:33:42.0168 3276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:33:42.0199 3276 wudfsvc - ok
22:33:42.0214 3276 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
22:33:42.0230 3276 WwanSvc - ok
22:33:42.0246 3276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:33:42.0480 3276 \Device\Harddisk0\DR0 - ok
22:33:42.0480 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:33:44.0773 3276 \Device\Harddisk1\DR1 - ok
22:33:44.0788 3276 Boot (0x1200) (8a2532311174dd9800ce1bef7a2298dd) \Device\Harddisk0\DR0\Partition0
22:33:44.0788 3276 \Device\Harddisk0\DR0\Partition0 - ok
22:33:44.0788 3276 Boot (0x1200) (1a61c705cbf7aa2950edff54d13b6a2f) \Device\Harddisk0\DR0\Partition1
22:33:44.0788 3276 \Device\Harddisk0\DR0\Partition1 - ok
22:33:44.0804 3276 Boot (0x1200) (98fab305b785dc1908ad0fc2554516da) \Device\Harddisk0\DR0\Partition2
22:33:44.0804 3276 \Device\Harddisk0\DR0\Partition2 - ok
22:33:44.0804 3276 Boot (0x1200) (85434178f1772277a8cce7f492e2f113) \Device\Harddisk0\DR0\Partition3
22:33:44.0804 3276 \Device\Harddisk0\DR0\Partition3 - ok
22:33:44.0820 3276 Boot (0x1200) (5fd6a081f42a3367f8b539984ee2ab2f) \Device\Harddisk1\DR1\Partition0
22:33:44.0820 3276 \Device\Harddisk1\DR1\Partition0 - ok
22:33:44.0820 3276 ============================================================
22:33:44.0820 3276 Scan finished
22:33:44.0820 3276 ============================================================
22:33:44.0835 5624 Detected object count: 5
22:33:44.0835 5624 Actual detected object count: 5
22:35:15.0581 5624 DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624 DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:15.0581 5624 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:15.0581 5624 HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0581 5624 HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:15.0596 5624 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:15.0596 5624 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:15.0596 5624 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
22:35:15.0596 5624 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Befall vom Verschluesselungstrojaner |
| alternate, autorun, bho, bildschirm, bonjour, e-mail, error, firefox, flash player, flirt fever trojaner, flirt-fever, install.exe, internet, internetleitung, jdownloader, kunde, launch, league of legends, mahnbescheid.zip, mahnung, microsoft office starter 2010, monkey island, ms-dos, ms-dos anwendung, pando media booster, plug-in, problem, sanduhr, searchscopes, security, svchost.exe, taskmanager, udp, usb, usb 3.0, version=1.0, windows, zip-datei |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
