| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: polizeitrojaner: "ihr computer wurde gesperrt"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2012, 16:08
| #1 |
 |  polizeitrojaner: "ihr computer wurde gesperrt" hallo! ich melde mich aus dem abgesichterten modus unseres laptops. ein "polizeitrojaner" hat den computer gesperrt und will 100 € zur freischaltung.  er ist nahezu identisch mit jenem, der hier gezeigt wird:http://www.trojaner-board.de/116052-...-gesperrt.html nur halt die österrreichische version: die kreisrunde flagge links oben ist rot-weiß-rot, daneben steht: "sitz: österreich" und rechts oben hängt das logo der österreichischen polizei. sonst sieht wie gesagt alles gleich aus, auch der text ist derselbe. betriebssystem: windows 7 home premium 64 bit ich poste hier wie angewiesen die logs defogger, otl.txt und extra.txt. bitte nehmt es mir nicht übel, dass ich nicht alle namen mit sternchen geschwärzt habe – das sieht mir bei diesen zahllosen zeilen nach stundenlanger arbeit aus. ansonster hoffe ich, alles richtig gemacht zu haben und würde mich sehr über ein bisschen hilfe freuen. besten dank im voraus!! ps. defogger log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:31 on 05/06/2012 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- otl.txt: OTL logfile created on: 05.06.2012 16:34:14 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Christine\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 3,37 Gb Available Physical Memory | 86,10% Memory free 7,82 Gb Paging File | 7,30 Gb Available in Paging File | 93,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657,54 Gb Total Space | 559,74 Gb Free Space | 85,13% Space Free | Partition Type: NTFS Drive D: | 37,99 Gb Total Space | 13,84 Gb Free Space | 36,43% Space Free | Partition Type: NTFS Computer Name: CRI | User Name: Christine | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.05 16:33:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christine\Downloads\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV - [2012.04.25 15:49:46 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.02 13:36:04 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R) DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R) DRV:64bit: - [2011.04.15 11:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.04.22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.11.02 11:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011.11.02 11:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\SearchScopes,DefaultScope = {9824CF41-BB89-4DAC-BB30-A04257FB155A} IE - HKCU\..\SearchScopes\{9824CF41-BB89-4DAC-BB30-A04257FB155A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [vdaoqgutrqtnsid] C:\ProgramData\vdaoqgutrqtnsidyhsww.exe () O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell - "" = AutoRun O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell - "" = AutoRun O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.05 14:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ggswwkdcmlmuynd [2012.06.05 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{78D78AB4-94D3-435D-9C96-B5DD1A29113E} [2012.06.05 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{17F6FC29-0130-49D6-96F8-B42DD6463674} [2012.06.05 03:17:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{64FE5756-19E7-4529-B341-F05299200D46} [2012.06.05 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{83822564-DFD6-473C-8962-94CD856A5C69} [2012.06.05 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B99ADAA6-A385-495E-A317-9C778ACA5CDB} [2012.06.04 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{077912A8-51E2-4D25-BB5A-3173DAA87B60} [2012.06.04 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9271EB4E-09A4-4BA5-A600-2A873F2FEEA5} [2012.06.04 08:20:34 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{32CCED7E-AFA6-4C59-B6F7-89D4119C448F} [2012.06.04 08:20:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{41DD0CDF-3E48-42FA-B199-23355D69FBC4} [2012.06.03 14:31:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{AB2DE2E6-3888-4997-922B-0F8B0D0FA041} [2012.06.03 08:44:15 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BA50F2BD-C00D-4E65-A53D-43337B31B7EB} [2012.06.03 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{587FC4A6-5FED-4FD3-BA84-FAA4AA1916A8} [2012.06.03 08:36:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E70AB0CD-53E4-4E64-8C40-ABE6D6211153} [2012.06.03 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{ED948568-3679-457B-94B4-EF8130DA5CAD} [2012.06.03 08:34:36 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{52340573-43CE-48E4-8AA5-2B833BBBA3C0} [2012.06.03 00:59:53 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DB5F2CF5-5E0A-4DE6-9DE2-D81C499B33F1} [2012.06.03 00:54:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1B195DE7-A1C4-4F9F-82B6-D2A49E032692} [2012.06.03 00:53:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F53FD837-1081-4BB0-8CDB-7502AD27ED19} [2012.06.02 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{5537A293-66FD-4AB8-9486-21D92C534C1C} [2012.06.02 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4266A521-E151-4D27-B50E-9B8078EBFB8F} [2012.06.02 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{998D12AC-03A5-4738-B695-B85DCED5F743} [2012.06.02 19:16:06 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EAD4AE8D-D423-4DCD-AD9E-89D26457B7A1} [2012.06.01 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EFCD8544-7F5D-40B4-B462-02C452E349C4} [2012.06.01 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CDB1414F-3340-40DF-830C-6A2FA4170FC7} [2012.06.01 13:01:23 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CFEAB9B9-7D2A-4C7A-9A16-F01FC2D6F5FF} [2012.06.01 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{66199F92-068E-44C8-AEAC-A7AEB1523541} [2012.06.01 11:33:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{90787EB7-35EA-41BF-B1B0-C3687A8E63F9} [2012.06.01 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6BA0C524-B4CB-4144-846A-FAC9DEE4903A} [2012.05.31 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{38B74254-11FF-4B3B-9089-801A2C9D1AB7} [2012.05.31 22:57:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B296B2F0-3A85-4E9A-AD84-4EBBBB0593E8} [2012.05.31 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4B6F0F11-95EE-4222-89E2-D33D85CD51A7} [2012.05.31 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{763DC0A3-93AA-4D52-B819-0D96C57010C2} [2012.05.31 22:02:55 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CC87F53D-DA82-44F6-9D3D-529C3221FAF8} [2012.05.31 13:24:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{37F361C0-FBB4-4636-AC83-B684B599DBD3} [2012.05.31 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E046E85B-D5FB-47C5-91BA-78E9AF1BE6AF} [2012.05.30 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3702520C-7111-4C22-A6C2-699B1C8CFF74} [2012.05.30 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BC2D5611-BA1F-4FB8-BFFF-74FF06CC45F7} [2012.05.30 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8A1A6B89-0BCC-420F-8CE7-F651F5C578D2} [2012.05.30 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D67E27EA-8528-4D8E-882A-220F88089D69} [2012.05.30 09:26:07 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{95B64402-90CF-4ACA-B885-BBA2DC4FA01C} [2012.05.30 09:25:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{85A3D7E3-7F84-4943-ABEA-DA63725C599E} [2012.05.29 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1E502B0A-2EB7-4413-8E66-13993F234EF0} [2012.05.29 13:43:08 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DC025FF9-6D79-48A1-B88F-0FC0AA7339D1} [2012.05.29 09:43:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6463C8EE-8DFD-4DC4-9E78-D7C3501CF329} [2012.05.29 09:43:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{482F24C6-C711-4C10-AD0A-8A321BD867DB} [2012.05.28 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F952B31F-C974-4BC9-8D5C-50FEE20DE474} [2012.05.25 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{284369C2-E976-4D8F-B6CE-246122648C33} [2012.05.25 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{24A8FEF9-2BA8-4C22-B273-ACF5F479F4D2} [2012.05.25 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3D3BE350-FCB2-47FF-9478-8F87E231A96F} [2012.05.25 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7697F8F2-1861-4196-B6FE-5A9C828A623D} [2012.05.25 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6960A2BF-B031-41AA-AD98-B81A4E7C7ECE} [2012.05.24 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{444DDF97-D6D2-4888-8008-BB0921A79CD3} [2012.05.24 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Christine\Desktop\Sherlock Holmes 2 2011 TS Xvid READ NFO UnKnOwN [2012.05.24 11:51:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3CB5EF64-02BD-4437-A3B9-23C552917BD9} [2012.05.24 11:51:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{56FF80DA-BD2C-47C9-BB23-EC2353F80029} [2012.05.23 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F8D1504E-7389-4DF8-B89A-00C494DC4CC4} [2012.05.23 21:34:36 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{49A8B57A-EA76-41EF-9C34-5DCD3542D70D} [2012.05.23 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7357424E-8BA9-4556-B9B7-3C6AA0D96150} [2012.05.23 11:08:58 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{44BD76E6-FDDB-4272-9F3F-E65B636EC2BD} [2012.05.23 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{43AA9A08-FB89-4BEA-B29B-9D4705248B27} [2012.05.23 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{43BD006A-1F68-4C0E-9398-3331565F4E4E} [2012.05.23 09:33:31 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DB1E4A49-D698-48F7-9E24-77B20ABF677B} [2012.05.23 09:33:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4CB1BD2A-2559-4937-8128-64392454BE0A} [2012.05.22 17:08:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{867597AB-ACBF-47AF-955C-7A7AB00FFC9E} [2012.05.22 17:07:46 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0CE9569B-8D7F-4A45-BA96-A337E061B643} [2012.05.22 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D7E6F1ED-B419-434B-BC8A-C59EDFC5703E} [2012.05.22 17:04:51 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F222452B-7F30-4222-A653-F19A105039F4} [2012.05.22 13:10:03 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9E821389-6783-4374-8E52-CA3E04A1C587} [2012.05.21 10:10:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0C25D652-6401-4829-8ECE-912CAC39B4E8} [2012.05.20 12:42:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{76E044E8-823F-4626-8448-A9B2464B0439} [2012.05.20 12:41:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3DAE0597-AEBF-4A46-8D10-A7B17DEA6626} [2012.05.19 23:12:53 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0D12E2C3-0C18-439E-A526-2B539B844D16} [2012.05.19 10:58:21 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B9BD12A3-389B-4A5B-95AB-B4C0FFDB9354} [2012.05.18 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BDD2E57C-6927-4068-867B-BBFFB0914080} [2012.05.18 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{5F121190-A5EC-49A8-B058-2417201EC586} [2012.05.18 12:53:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{2773C70D-F849-4E38-B06C-451E476B8611} [2012.05.18 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9CDDFC00-5599-4D74-AA65-25F3A625D59B} [2012.05.18 12:19:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{A5A45792-D64E-4755-906E-1165C3EE8D9F} [2012.05.18 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7BE3059A-BA5C-484C-8CF4-0D8D6F7721FD} [2012.05.18 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EFBD58FE-08F5-40CC-AFB0-E706EDD359FF} [2012.05.18 08:16:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EEAA7BC7-FBC4-4668-9B21-C6848F97F6F7} [2012.05.18 08:15:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6555E7CA-0BDE-4931-93AC-BCD4B7791C0B} [2012.05.17 20:00:08 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1EF820CD-1DE1-4B45-B2B4-34FF3BD3C5FB} [2012.05.17 19:59:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BA661BA4-68AB-40D1-87E4-A22C4C33C812} [2012.05.17 15:02:17 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{17837D67-FDFB-4F61-8366-07550F608A77} [2012.05.17 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D28311EC-73BE-4D47-AFBD-C067C1AB0FBD} [2012.05.17 13:41:27 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E6F8B608-460A-446F-B23F-3EF789FA7E70} [2012.05.17 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9BD7D8C6-7398-4C79-B638-45886294E856} [2012.05.17 11:12:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D637EE52-7BC0-45E2-AE42-CE6A56C68A5C} [2012.05.17 09:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.17 09:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.17 09:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.16 15:51:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F01C7B70-7D47-4182-9852-CF0877DB2351} [2012.05.16 15:51:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{21C2EE21-52E2-41F1-B374-B7B38D79CB3F} [2012.05.16 15:29:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F438C8B2-0FAF-4D54-89FA-D93DD672108E} [2012.05.14 09:24:15 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CA2BBE69-2CAE-48E5-968A-31A524B8AD9B} [2012.05.14 09:23:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BBA2413E-BDD9-48BB-AA21-C11FA462E970} [2012.05.13 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{571B1528-3EE2-4CE3-9ECB-8D7D545FA127} [2012.05.13 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{35F2DE3C-37FF-4FB0-B1C5-EDB453BEA0F3} [2012.05.12 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6D72B63A-8724-4565-A9D0-131D4B98C82C} [2012.05.12 10:13:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0A4B5533-4605-4727-B16E-C798A57ABFDD} [2012.05.12 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8398F0B3-0651-4670-820E-D04130970C9D} [2012.05.12 09:13:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D17EDC50-9900-4370-BB65-E2615A808576} [2012.05.10 21:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8B860A95-6034-4139-B15C-0000704E731D} [2012.05.10 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4A5DCC0E-A380-4D46-8F38-8954EB62204C} [2012.05.10 15:59:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4F6457B4-9158-40B7-BF01-52F1DB042AE6} [2012.05.10 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D02BF33D-761C-43F3-A110-0AA62F42DDC7} [2012.05.08 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{957D1751-C688-4CF0-ABC6-B754E7F32E9F} [2012.05.08 10:22:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D205B83C-2DD1-48A9-9F33-EB5FBD335AFB} [2012.05.07 13:38:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{2CE76FB3-194C-4262-8AD6-E5A1A7C2A5E7} [2012.05.07 13:38:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{78E72FED-0A8A-4C40-867A-5545337CC407} [2012.05.07 07:45:34 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B9C317CB-8786-4882-9B0F-DA4AF76C927C} [2012.05.07 07:45:23 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{61BADE39-2CCE-44AA-8CD6-A1C1F0879FF0} [2012.05.06 18:50:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{402537C6-F17E-4D36-A0D0-E5A2DC5C0C8B} [2012.05.06 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BDCDDBED-160E-444B-BA97-F1F3EF40CDD8} [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.05 16:31:25 | 000,000,000 | ---- | M] () -- C:\Users\Christine\defogger_reenable [2012.06.05 16:30:23 | 000,050,477 | ---- | M] () -- C:\Users\Christine\Desktop\Defogger.exe [2012.06.05 16:28:13 | 000,669,394 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.05 16:28:13 | 000,620,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.05 16:28:13 | 000,134,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.05 16:28:13 | 000,110,876 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.05 16:23:54 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2012.06.05 16:23:53 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys [2012.06.05 16:19:23 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.05 16:15:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.05 14:17:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 14:17:44 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.05 14:05:46 | 000,000,448 | ---- | M] () -- C:\ProgramData\mwwhxkwpuzcdkxr [2012.06.05 14:05:42 | 000,053,248 | ---- | M] () -- C:\ProgramData\vdaoqgutrqtnsidyhsww.exe [2012.06.05 14:05:42 | 000,053,248 | ---- | M] () -- C:\Users\Christine\0.09356871798761801.exe [2012.06.05 13:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.30 21:10:53 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.05.24 08:21:55 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.11 10:38:38 | 000,387,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.05 16:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Christine\defogger_reenable [2012.06.05 16:30:23 | 000,050,477 | ---- | C] () -- C:\Users\Christine\Desktop\Defogger.exe [2012.06.05 14:05:46 | 000,053,248 | ---- | C] () -- C:\ProgramData\vdaoqgutrqtnsidyhsww.exe [2012.06.05 14:05:42 | 000,053,248 | ---- | C] () -- C:\Users\Christine\0.09356871798761801.exe [2012.06.05 14:05:42 | 000,000,448 | ---- | C] () -- C:\ProgramData\mwwhxkwpuzcdkxr [2011.11.28 15:30:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.10.17 10:46:32 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.08 21:34:59 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.08 21:34:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.05.27 03:14:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.05.27 03:14:00 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.05.27 03:14:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.04.06 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Philipp Winterberg [2012.05.26 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\SoftGrid Client [2011.10.17 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\TP [2012.06.05 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\uTorrent [2011.09.22 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Windows Live Writer [2009.07.14 07:08:49 | 000,031,276 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > extras.txt.: OTL Extras logfile created on: 05.06.2012 16:34:14 - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Christine\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 3,37 Gb Available Physical Memory | 86,10% Memory free 7,82 Gb Paging File | 7,30 Gb Available in Paging File | 93,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657,54 Gb Total Space | 559,74 Gb Free Space | 85,13% Space Free | Partition Type: NTFS Drive D: | 37,99 Gb Total Space | 13,84 Gb Free Space | 36,43% Space Free | Partition Type: NTFS Computer Name: CRI | User Name: Christine | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EE1A0D3-BE2F-4AFF-A444-2BB9F73466C9}" = rport=445 | protocol=6 | dir=out | app=system | "{1FCE3EC0-7668-4347-AEAC-943CB44EA225}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{24F1B636-87D4-4D9A-85F6-AEEDB01CCBE5}" = rport=10243 | protocol=6 | dir=out | app=system | "{2C3B61FE-C54C-4C93-B7FA-F059B6627A89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{366E80A5-3A9C-4B07-90DC-FDEC37785014}" = lport=2869 | protocol=6 | dir=in | app=system | "{3D28D494-9B9B-48C9-A587-44D9604F6D38}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{544D4260-85F7-4E0A-B1AF-00BC1EBFA2F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{55CBD0F8-98C5-4F52-9C17-D0C96176F61B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6237552F-0386-4A21-8A80-474C5FA52384}" = lport=10243 | protocol=6 | dir=in | app=system | "{6D9C337C-61AD-4D6E-B07A-8170FF6DDA78}" = lport=138 | protocol=17 | dir=in | app=system | "{70440DFD-872D-4F8D-9190-83EBFD721F4D}" = rport=137 | protocol=17 | dir=out | app=system | "{713748AF-DFBA-49B3-B678-0AFAB204697C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A73BADC6-D772-450E-8F9A-4F5F8663CF40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8A0F995-765A-45F6-8E36-D44BFDA2E301}" = lport=445 | protocol=6 | dir=in | app=system | "{B779B561-388C-4E1F-8D8B-89F3229A769E}" = rport=138 | protocol=17 | dir=out | app=system | "{B903DC9C-169B-4DFD-B34C-CED154B50780}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C2607E71-B7B4-43BE-8F7A-53630F247B7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C465ADB8-FE5C-43D7-B1CA-50B7A5A78C81}" = rport=139 | protocol=6 | dir=out | app=system | "{CF7434B2-E45F-4519-AC38-6F995D8B44E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4A2076F-1D2A-4C49-91D9-B8B01BCCC769}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EAE9B112-5610-44AE-B601-B267AD15721D}" = lport=137 | protocol=17 | dir=in | app=system | "{F55436C8-04AA-4BA7-9198-6BDC724E9558}" = lport=139 | protocol=6 | dir=in | app=system | "{F8EE7150-31CD-48EC-AE18-E63FE186151D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13E3B754-6D40-4F79-96DA-A084368F3565}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{19A11E9D-92CE-4919-9D3D-0E0A443560E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{276D861A-D1E5-454C-8884-23222F9CC86F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2D697F46-BC3A-416A-AB13-CA9BB3B805D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{36666C50-92B5-44D1-B7B6-3605E2FBDA8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{42791D9D-BBC5-42C4-B9D4-E26264153C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{4DD629FC-9E9E-44BA-A549-B5C723213937}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{556D68ED-9371-4720-8023-BB1363723A0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{56FF91BF-D9B4-4BFE-8893-22A52B2B35AD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{5F088A94-99FF-46B9-AE81-45EB02FE5F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{64F29847-216C-4052-ACBE-BC39673AC642}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{75AD480C-E378-480A-8AD9-ECC6E7CF7E50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8AC7AA19-DFF3-4725-B4C2-124595B6D6AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DA0E4D4-D63C-4D27-9366-0EB7A5CA73CC}" = protocol=6 | dir=out | app=system | "{908364B7-8066-427B-8CA3-EB9B249A77B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{90F878C4-4F84-4AF7-A133-DCA8AD0E7848}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9537DFCD-41BA-473C-94B5-30672DA5D074}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A1E00855-8C67-428E-9D45-1D8112D1DEEC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A4375050-CE60-4C95-95EB-02B9E6EA68AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A71A9547-D380-4870-956A-172EB5E3ABA7}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{A7DAA2A7-9CED-4823-B253-BAA027BE72B7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{ACE7C606-C4AF-4A44-8185-D436C1A9B502}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{B0A55AA0-26CB-46BC-B1EC-DBF1853043C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B72A039A-B829-4720-869F-2FB336F58F6F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BD3B4D4A-B032-4CE4-B42F-29AE7ACCEB23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C3A3DBAE-AB36-4BA0-8632-2A29C2B7CA96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{CE6648A1-93DD-42C3-8F74-737C3856F2E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCFC396E-8FBB-40E2-A7B3-B3A0A9CB48F5}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{F71B195E-646D-4351-8CA9-A93DC8AFACD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D3836C5E-6824-4C9F-9B45-09C989B13EF6}" = VR-pulse Installer "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit) "{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM "{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AmUStor" = Alcor Micro USB Card Reader "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer "Ashampoo Snap_is1" = Ashampoo Snap "Free RAR Extract Frog" = Free RAR Extract Frog "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011 "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ProInst" = Intel PROSet Wireless "uTorrent" = µTorrent "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.05.2012 07:07:24 | Computer Name = Cri | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 24.05.2012 05:41:59 | Computer Name = Cri | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 24.05.2012 05:46:21 | Computer Name = Cri | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 28.05.2012 18:13:58 | Computer Name = Cri | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 30.05.2012 05:05:00 | Computer Name = Cri | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 05.06.2012 10:28:10 | Computer Name = Cri | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "12536". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 05.06.2012 10:28:10 | Computer Name = Cri | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "12536". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 05.06.2012 10:28:10 | Computer Name = Cri | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 05.06.2012 10:28:13 | Computer Name = Cri | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "12536". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 05.06.2012 10:28:13 | Computer Name = Cri | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "12536". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. [ Media Center Events ] Error - 31.03.2012 07:23:08 | Computer Name = Cri | Source = MCUpdate | ID = 0 Description = 13:23:03 - Fehler beim Herstellen der Internetverbindung. 13:23:08 - Serververbindung konnte nicht hergestellt werden.. Error - 31.03.2012 07:23:27 | Computer Name = Cri | Source = MCUpdate | ID = 0 Description = 13:23:26 - Fehler beim Herstellen der Internetverbindung. 13:23:26 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.06.2012 10:24:27 | Computer Name = Cri | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > |
|
08.06.2012, 10:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | polizeitrojaner: "ihr computer wurde gesperrt"Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
08.06.2012, 15:06
| #3 |
| | polizeitrojaner: "ihr computer wurde gesperrt" hallo, cosinus!
__________________danke für die antwort. ich hoffe, es passt so. grüße! ps. malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.08.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Christine :: CRI [Administrator] 08.06.2012 13:41:02 mbam-log-2012-06-08 (13-41-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359680 Laufzeit: 30 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vdaoqgutrqtnsid (Trojan.Winlock.G) -> Daten: C:\ProgramData\vdaoqgutrqtnsidyhsww.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\vdaoqgutrqtnsidyhsww.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christine\0.09356871798761801.exe (Trojan.Winlock.G) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f05e211585096f4aa65193f025975f69
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-08 01:37:13
# local_time=2012-06-08 03:37:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 24194854 24194854 0 0
# compatibility_mode=5893 16776574 100 94 24099738 90788073 0 0
# compatibility_mode=8192 67108863 100 0 404 404 0 0
# scanned=169273
# found=0
# cleaned=0
# scan_time=4410
|
|
08.06.2012, 17:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.06.2012, 18:05
| #5 |
| | polizeitrojaner: "ihr computer wurde gesperrt" hallo! ich habe Malwarebytes heute zum ersten mal runtergeladen und auch nur einen scann durchgeführt. die sperre ist mittlerweile übrigens aufgehoben. der pc ließ sich erstmals wieder im "normalen" (nicht abgesicherten) modus booten. es sind also keine symptome mehr sichtbar. ich nehme an, es ist trotzdem noch was zu tun? danke soweit, ps. |
|
08.06.2012, 18:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> polizeitrojaner: "ihr computer wurde gesperrt" |
|
08.06.2012, 18:50
| #7 |
| | polizeitrojaner: "ihr computer wurde gesperrt" also ich weiß zwar ehrlich gesagt nicht, was ich alles hätte checken sollen, aber bei meinen untersuchungen ist mir nichts ungewöhnliches aufgefallen. das internet funktioniert, ich hab nach zufall ein paar programme gestartet, die alle problemlos (zu) funktionieren (scheinen). auch im startmenü scheint nichts zu fehlen, leere ordner unter "alle programme" gibts nicht. ps. |
|
08.06.2012, 18:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.06.2012, 19:29
| #9 |
| | polizeitrojaner: "ihr computer wurde gesperrt" gut, erledigt. hier das log von otl: bin ab jetzt bis morgen leider afk. liebe grüße! Code:
ATTFilter OTL logfile created on: 08.06.2012 20:07:32 - Run 2 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Christine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,43% Memory free 7,82 Gb Paging File | 6,02 Gb Available in Paging File | 76,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 657,54 Gb Total Space | 560,98 Gb Free Space | 85,32% Space Free | Partition Type: NTFS Drive D: | 37,99 Gb Total Space | 13,84 Gb Free Space | 36,43% Space Free | Partition Type: NTFS Computer Name: CRI | User Name: Christine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.08 20:05:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe PRC - [2012.04.25 15:49:46 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.04.12 10:56:46 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.04.11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.03.14 23:09:50 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe PRC - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.20 11:40:56 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011.02.24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2011.02.24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.02.11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe ========== Modules (No Company Name) ========== MOD - [2012.04.11 15:47:44 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.03 12:30:52 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.03.20 15:17:16 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2011.11.23 18:38:58 | 000,205,824 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.04.25 15:49:46 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Running] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2010.11.02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP) SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.02 13:36:04 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R) DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R) DRV:64bit: - [2011.04.15 11:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 17:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010.06.09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.04.22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.11.02 11:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011.11.02 11:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\..\SearchScopes,DefaultScope = {9824CF41-BB89-4DAC-BB30-A04257FB155A} IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\..\SearchScopes\{9824CF41-BB89-4DAC-BB30-A04257FB155A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393 IE - HKU\S-1-5-21-233678140-1084956484-2358511146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.09.02 17:56:34 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-233678140-1084956484-2358511146-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-233678140-1084956484-2358511146-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8068FE7C-7296-400B-9019-82B7F3A7BDB2}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell - "" = AutoRun O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell - "" = AutoRun O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.08 20:05:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe [2012.06.08 14:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.08 13:39:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Roaming\Malwarebytes [2012.06.08 13:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.08 13:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.08 13:38:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.08 13:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.05 14:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ggswwkdcmlmuynd [2012.06.05 11:35:21 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{78D78AB4-94D3-435D-9C96-B5DD1A29113E} [2012.06.05 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{17F6FC29-0130-49D6-96F8-B42DD6463674} [2012.06.05 03:17:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{64FE5756-19E7-4529-B341-F05299200D46} [2012.06.05 01:59:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{83822564-DFD6-473C-8962-94CD856A5C69} [2012.06.05 01:58:39 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B99ADAA6-A385-495E-A317-9C778ACA5CDB} [2012.06.04 14:42:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{077912A8-51E2-4D25-BB5A-3173DAA87B60} [2012.06.04 14:42:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9271EB4E-09A4-4BA5-A600-2A873F2FEEA5} [2012.06.04 08:20:34 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{32CCED7E-AFA6-4C59-B6F7-89D4119C448F} [2012.06.04 08:20:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{41DD0CDF-3E48-42FA-B199-23355D69FBC4} [2012.06.03 14:31:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{AB2DE2E6-3888-4997-922B-0F8B0D0FA041} [2012.06.03 08:44:15 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BA50F2BD-C00D-4E65-A53D-43337B31B7EB} [2012.06.03 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{587FC4A6-5FED-4FD3-BA84-FAA4AA1916A8} [2012.06.03 08:36:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E70AB0CD-53E4-4E64-8C40-ABE6D6211153} [2012.06.03 08:35:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{ED948568-3679-457B-94B4-EF8130DA5CAD} [2012.06.03 08:34:36 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{52340573-43CE-48E4-8AA5-2B833BBBA3C0} [2012.06.03 00:59:53 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DB5F2CF5-5E0A-4DE6-9DE2-D81C499B33F1} [2012.06.03 00:54:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1B195DE7-A1C4-4F9F-82B6-D2A49E032692} [2012.06.03 00:53:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F53FD837-1081-4BB0-8CDB-7502AD27ED19} [2012.06.02 23:44:42 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{5537A293-66FD-4AB8-9486-21D92C534C1C} [2012.06.02 23:44:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4266A521-E151-4D27-B50E-9B8078EBFB8F} [2012.06.02 19:16:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{998D12AC-03A5-4738-B695-B85DCED5F743} [2012.06.02 19:16:06 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EAD4AE8D-D423-4DCD-AD9E-89D26457B7A1} [2012.06.01 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EFCD8544-7F5D-40B4-B462-02C452E349C4} [2012.06.01 22:53:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CDB1414F-3340-40DF-830C-6A2FA4170FC7} [2012.06.01 13:01:23 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CFEAB9B9-7D2A-4C7A-9A16-F01FC2D6F5FF} [2012.06.01 13:01:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{66199F92-068E-44C8-AEAC-A7AEB1523541} [2012.06.01 11:33:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{90787EB7-35EA-41BF-B1B0-C3687A8E63F9} [2012.06.01 11:33:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6BA0C524-B4CB-4144-846A-FAC9DEE4903A} [2012.05.31 23:36:49 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{38B74254-11FF-4B3B-9089-801A2C9D1AB7} [2012.05.31 22:57:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B296B2F0-3A85-4E9A-AD84-4EBBBB0593E8} [2012.05.31 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4B6F0F11-95EE-4222-89E2-D33D85CD51A7} [2012.05.31 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{763DC0A3-93AA-4D52-B819-0D96C57010C2} [2012.05.31 22:02:55 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CC87F53D-DA82-44F6-9D3D-529C3221FAF8} [2012.05.31 13:24:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{37F361C0-FBB4-4636-AC83-B684B599DBD3} [2012.05.31 13:24:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E046E85B-D5FB-47C5-91BA-78E9AF1BE6AF} [2012.05.30 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3702520C-7111-4C22-A6C2-699B1C8CFF74} [2012.05.30 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BC2D5611-BA1F-4FB8-BFFF-74FF06CC45F7} [2012.05.30 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8A1A6B89-0BCC-420F-8CE7-F651F5C578D2} [2012.05.30 10:26:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D67E27EA-8528-4D8E-882A-220F88089D69} [2012.05.30 09:26:07 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{95B64402-90CF-4ACA-B885-BBA2DC4FA01C} [2012.05.30 09:25:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{85A3D7E3-7F84-4943-ABEA-DA63725C599E} [2012.05.29 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1E502B0A-2EB7-4413-8E66-13993F234EF0} [2012.05.29 13:43:08 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DC025FF9-6D79-48A1-B88F-0FC0AA7339D1} [2012.05.29 09:43:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6463C8EE-8DFD-4DC4-9E78-D7C3501CF329} [2012.05.29 09:43:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{482F24C6-C711-4C10-AD0A-8A321BD867DB} [2012.05.28 19:55:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F952B31F-C974-4BC9-8D5C-50FEE20DE474} [2012.05.25 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{284369C2-E976-4D8F-B6CE-246122648C33} [2012.05.25 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{24A8FEF9-2BA8-4C22-B273-ACF5F479F4D2} [2012.05.25 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3D3BE350-FCB2-47FF-9478-8F87E231A96F} [2012.05.25 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7697F8F2-1861-4196-B6FE-5A9C828A623D} [2012.05.25 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6960A2BF-B031-41AA-AD98-B81A4E7C7ECE} [2012.05.24 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{444DDF97-D6D2-4888-8008-BB0921A79CD3} [2012.05.24 15:43:25 | 000,000,000 | ---D | C] -- C:\Users\Christine\Desktop\Sherlock Holmes 2 2011 TS Xvid READ NFO UnKnOwN [2012.05.24 11:51:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3CB5EF64-02BD-4437-A3B9-23C552917BD9} [2012.05.24 11:51:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{56FF80DA-BD2C-47C9-BB23-EC2353F80029} [2012.05.23 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F8D1504E-7389-4DF8-B89A-00C494DC4CC4} [2012.05.23 21:34:36 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{49A8B57A-EA76-41EF-9C34-5DCD3542D70D} [2012.05.23 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7357424E-8BA9-4556-B9B7-3C6AA0D96150} [2012.05.23 11:08:58 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{44BD76E6-FDDB-4272-9F3F-E65B636EC2BD} [2012.05.23 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{43AA9A08-FB89-4BEA-B29B-9D4705248B27} [2012.05.23 09:58:06 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{43BD006A-1F68-4C0E-9398-3331565F4E4E} [2012.05.23 09:33:31 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{DB1E4A49-D698-48F7-9E24-77B20ABF677B} [2012.05.23 09:33:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4CB1BD2A-2559-4937-8128-64392454BE0A} [2012.05.22 17:08:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{867597AB-ACBF-47AF-955C-7A7AB00FFC9E} [2012.05.22 17:07:46 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0CE9569B-8D7F-4A45-BA96-A337E061B643} [2012.05.22 17:05:14 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D7E6F1ED-B419-434B-BC8A-C59EDFC5703E} [2012.05.22 17:04:51 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F222452B-7F30-4222-A653-F19A105039F4} [2012.05.22 13:10:03 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9E821389-6783-4374-8E52-CA3E04A1C587} [2012.05.21 10:10:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0C25D652-6401-4829-8ECE-912CAC39B4E8} [2012.05.20 12:42:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{76E044E8-823F-4626-8448-A9B2464B0439} [2012.05.20 12:41:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{3DAE0597-AEBF-4A46-8D10-A7B17DEA6626} [2012.05.19 23:12:53 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0D12E2C3-0C18-439E-A526-2B539B844D16} [2012.05.19 10:58:21 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{B9BD12A3-389B-4A5B-95AB-B4C0FFDB9354} [2012.05.18 16:25:24 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BDD2E57C-6927-4068-867B-BBFFB0914080} [2012.05.18 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{5F121190-A5EC-49A8-B058-2417201EC586} [2012.05.18 12:53:01 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{2773C70D-F849-4E38-B06C-451E476B8611} [2012.05.18 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9CDDFC00-5599-4D74-AA65-25F3A625D59B} [2012.05.18 12:19:43 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{A5A45792-D64E-4755-906E-1165C3EE8D9F} [2012.05.18 12:19:05 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{7BE3059A-BA5C-484C-8CF4-0D8D6F7721FD} [2012.05.18 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EFBD58FE-08F5-40CC-AFB0-E706EDD359FF} [2012.05.18 08:16:10 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{EEAA7BC7-FBC4-4668-9B21-C6848F97F6F7} [2012.05.18 08:15:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6555E7CA-0BDE-4931-93AC-BCD4B7791C0B} [2012.05.17 20:00:08 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{1EF820CD-1DE1-4B45-B2B4-34FF3BD3C5FB} [2012.05.17 19:59:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BA661BA4-68AB-40D1-87E4-A22C4C33C812} [2012.05.17 15:02:17 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{17837D67-FDFB-4F61-8366-07550F608A77} [2012.05.17 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D28311EC-73BE-4D47-AFBD-C067C1AB0FBD} [2012.05.17 13:41:27 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{E6F8B608-460A-446F-B23F-3EF789FA7E70} [2012.05.17 11:12:22 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{9BD7D8C6-7398-4C79-B638-45886294E856} [2012.05.17 11:12:00 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D637EE52-7BC0-45E2-AE42-CE6A56C68A5C} [2012.05.17 09:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.17 09:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.17 09:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.16 15:51:44 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F01C7B70-7D47-4182-9852-CF0877DB2351} [2012.05.16 15:51:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{21C2EE21-52E2-41F1-B374-B7B38D79CB3F} [2012.05.16 15:29:45 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{F438C8B2-0FAF-4D54-89FA-D93DD672108E} [2012.05.14 09:24:15 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{CA2BBE69-2CAE-48E5-968A-31A524B8AD9B} [2012.05.14 09:23:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{BBA2413E-BDD9-48BB-AA21-C11FA462E970} [2012.05.13 10:11:09 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{571B1528-3EE2-4CE3-9ECB-8D7D545FA127} [2012.05.13 10:10:58 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{35F2DE3C-37FF-4FB0-B1C5-EDB453BEA0F3} [2012.05.12 20:57:24 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{6D72B63A-8724-4565-A9D0-131D4B98C82C} [2012.05.12 10:13:33 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{0A4B5533-4605-4727-B16E-C798A57ABFDD} [2012.05.12 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8398F0B3-0651-4670-820E-D04130970C9D} [2012.05.12 09:13:38 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D17EDC50-9900-4370-BB65-E2615A808576} [2012.05.10 21:49:49 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{8B860A95-6034-4139-B15C-0000704E731D} [2012.05.10 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4A5DCC0E-A380-4D46-8F38-8954EB62204C} [2012.05.10 15:59:48 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{4F6457B4-9158-40B7-BF01-52F1DB042AE6} [2012.05.10 15:59:25 | 000,000,000 | ---D | C] -- C:\Users\Christine\AppData\Local\{D02BF33D-761C-43F3-A110-0AA62F42DDC7} [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.08 20:05:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Christine\Desktop\OTL.exe [2012.06.08 19:41:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.08 19:41:51 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2012.06.08 19:02:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 19:02:40 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.08 18:59:39 | 001,529,274 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.08 18:59:39 | 000,669,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.08 18:59:39 | 000,621,156 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.08 18:59:39 | 000,135,170 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.08 18:59:39 | 000,111,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.08 18:55:03 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.08 18:54:51 | 3151,327,232 | -HS- | M] () -- C:\hiberfil.sys [2012.06.08 13:38:58 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.05 16:31:25 | 000,000,000 | ---- | M] () -- C:\Users\Christine\defogger_reenable [2012.06.05 16:30:23 | 000,050,477 | ---- | M] () -- C:\Users\Christine\Desktop\Defogger.exe [2012.06.05 14:05:46 | 000,000,448 | ---- | M] () -- C:\ProgramData\mwwhxkwpuzcdkxr [2012.05.30 21:10:53 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.05.24 08:21:55 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.05.11 10:38:38 | 000,387,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.08 13:38:58 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.05 16:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Christine\defogger_reenable [2012.06.05 16:30:23 | 000,050,477 | ---- | C] () -- C:\Users\Christine\Desktop\Defogger.exe [2012.06.05 14:05:42 | 000,000,448 | ---- | C] () -- C:\ProgramData\mwwhxkwpuzcdkxr [2011.11.28 15:30:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.10.17 10:46:32 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.08 21:34:59 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.06.08 21:34:59 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.05.27 03:14:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.05.27 03:14:00 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.05.27 03:14:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.04.06 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Philipp Winterberg [2012.05.26 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\SoftGrid Client [2011.10.17 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\TP [2012.06.08 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\uTorrent [2011.09.22 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Windows Live Writer [2009.07.14 07:08:49 | 000,031,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.07 11:58:35 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Adobe [2011.10.11 11:28:21 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\CyberLink [2011.09.02 13:38:34 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Identities [2011.09.02 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Intel [2011.05.14 20:10:07 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Macromedia [2012.06.08 13:39:09 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Malwarebytes [2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Media Center Programs [2012.03.05 19:24:40 | 000,000,000 | --SD | M] -- C:\Users\Christine\AppData\Roaming\Microsoft [2012.04.06 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Philipp Winterberg [2012.05.26 09:10:31 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\SoftGrid Client [2011.10.17 10:47:42 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\TP [2012.06.08 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\uTorrent [2011.09.22 11:45:00 | 000,000,000 | ---D | M] -- C:\Users\Christine\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.05.14 20:09:59 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Christine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] |
|
08.06.2012, 19:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell - "" = AutoRun
O33 - MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell - "" = AutoRun
O33 - MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2012.06.05 14:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ggswwkdcmlmuynd
:Files
C:\Users\Christine\Desktop\Sher*
C:\ProgramData\mwwhxkwpuzcdkxr
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.06.2012, 07:59
| #11 |
| | polizeitrojaner: "ihr computer wurde gesperrt" morgen! hier das log... lg, ps. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abaa3f73-2e17-11e1-a774-bc7737bd8025}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6301f5d-1e56-11e1-bfb2-bc7737bd8025}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\ProgramData\ggswwkdcmlmuynd folder moved successfully.
========== FILES ==========
C:\Users\Christine\Desktop\Sherlock Holmes 2 2011 TS Xvid READ NFO UnKnOwN folder moved successfully.
C:\ProgramData\mwwhxkwpuzcdkxr moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Christine
->Temp folder emptied: 99865398 bytes
->Temporary Internet Files folder emptied: 2037606422 bytes
->Java cache emptied: 1002888 bytes
->Google Chrome cache emptied: 6477899 bytes
->Flash cache emptied: 113935 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233912412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 768096838 bytes
Total Files Cleaned = 3.001,00 mb
[EMPTYFLASH]
User: All Users
User: Christine
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.47.0 log created on 06092012_084735
Files\Folders moved on Reboot...
C:\Users\Christine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
09.06.2012, 23:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 09:24
| #13 |
| | polizeitrojaner: "ihr computer wurde gesperrt" morgen! der tdss-killer hat 2 threats gefunden. das log: lg, ps. Code:
ATTFilter 10:16:00.0923 2136 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:16:01.0406 2136 ============================================================
10:16:01.0406 2136 Current date / time: 2012/06/10 10:16:01.0406
10:16:01.0406 2136 SystemInfo:
10:16:01.0406 2136
10:16:01.0406 2136 OS Version: 6.1.7601 ServicePack: 1.0
10:16:01.0406 2136 Product type: Workstation
10:16:01.0406 2136 ComputerName: CRI
10:16:01.0406 2136 UserName: Christine
10:16:01.0406 2136 Windows directory: C:\Windows
10:16:01.0406 2136 System windows directory: C:\Windows
10:16:01.0406 2136 Running under WOW64
10:16:01.0406 2136 Processor architecture: Intel x64
10:16:01.0406 2136 Number of processors: 4
10:16:01.0406 2136 Page size: 0x1000
10:16:01.0406 2136 Boot type: Normal boot
10:16:01.0406 2136 ============================================================
10:16:03.0746 2136 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:03.0762 2136 ============================================================
10:16:03.0762 2136 \Device\Harddisk0\DR0:
10:16:03.0762 2136 MBR partitions:
10:16:03.0762 2136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32800
10:16:03.0762 2136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x52313000
10:16:03.0777 2136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x52346800, BlocksNum 0x4BFD000
10:16:03.0809 2136 ============================================================
10:16:03.0840 2136 C: <-> \Device\Harddisk0\DR0\Partition1
10:16:03.0902 2136 D: <-> \Device\Harddisk0\DR0\Partition2
10:16:03.0902 2136 ============================================================
10:16:03.0902 2136 Initialize success
10:16:03.0902 2136 ============================================================
10:16:41.0623 2664 ============================================================
10:16:41.0623 2664 Scan started
10:16:41.0623 2664 Mode: Manual; SigCheck; TDLFS;
10:16:41.0623 2664 ============================================================
10:16:44.0072 2664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:16:44.0182 2664 1394ohci - ok
10:16:44.0291 2664 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
10:16:44.0353 2664 a2acc - ok
10:16:44.0556 2664 a2AntiMalware (0d5cb73fd036d9e904e0fc443e4e71ca) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
10:16:45.0258 2664 a2AntiMalware - ok
10:16:45.0367 2664 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
10:16:45.0398 2664 A2DDA - ok
10:16:45.0430 2664 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
10:16:45.0445 2664 a2injectiondriver - ok
10:16:45.0461 2664 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
10:16:45.0476 2664 a2util - ok
10:16:45.0632 2664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:16:45.0679 2664 ACPI - ok
10:16:45.0742 2664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:16:45.0835 2664 AcpiPmi - ok
10:16:45.0944 2664 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:16:45.0976 2664 AdobeARMservice - ok
10:16:46.0069 2664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:16:46.0100 2664 adp94xx - ok
10:16:46.0178 2664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:16:46.0225 2664 adpahci - ok
10:16:46.0272 2664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:16:46.0303 2664 adpu320 - ok
10:16:46.0334 2664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:16:46.0459 2664 AeLookupSvc - ok
10:16:46.0537 2664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:16:46.0615 2664 AFD - ok
10:16:46.0662 2664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:16:46.0693 2664 agp440 - ok
10:16:46.0802 2664 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:16:46.0865 2664 ALG - ok
10:16:46.0912 2664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:16:46.0943 2664 aliide - ok
10:16:46.0974 2664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:16:46.0990 2664 amdide - ok
10:16:47.0021 2664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:16:47.0068 2664 AmdK8 - ok
10:16:47.0099 2664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:16:47.0146 2664 AmdPPM - ok
10:16:47.0192 2664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:16:47.0224 2664 amdsata - ok
10:16:47.0255 2664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:16:47.0270 2664 amdsbs - ok
10:16:47.0302 2664 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:16:47.0317 2664 amdxata - ok
10:16:47.0364 2664 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\AMPPAL.sys
10:16:47.0426 2664 AMPPAL - ok
10:16:47.0442 2664 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\amppal.sys
10:16:47.0473 2664 AMPPALP - ok
10:16:47.0614 2664 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:16:47.0645 2664 AMPPALR3 - ok
10:16:47.0816 2664 AmUStor (08d51900c07bae4f1fc82fc669b99b79) C:\Windows\system32\drivers\AmUStor.SYS
10:16:47.0894 2664 AmUStor - ok
10:16:47.0941 2664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:16:48.0097 2664 AppID - ok
10:16:48.0144 2664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:16:48.0222 2664 AppIDSvc - ok
10:16:48.0284 2664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:16:48.0362 2664 Appinfo - ok
10:16:48.0394 2664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:16:48.0409 2664 arc - ok
10:16:48.0440 2664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:16:48.0456 2664 arcsas - ok
10:16:48.0565 2664 ASLDRService (efd89582b55dd32dc79c1a4eb54612a1) C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
10:16:48.0596 2664 ASLDRService - ok
10:16:48.0643 2664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:48.0706 2664 AsyncMac - ok
10:16:48.0768 2664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:16:48.0799 2664 atapi - ok
10:16:48.0893 2664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:16:48.0971 2664 AudioEndpointBuilder - ok
10:16:48.0971 2664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:16:49.0018 2664 AudioSrv - ok
10:16:49.0174 2664 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
10:16:49.0205 2664 AVP - ok
10:16:49.0252 2664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:16:49.0361 2664 AxInstSV - ok
10:16:49.0423 2664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:16:49.0470 2664 b06bdrv - ok
10:16:49.0532 2664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:16:49.0595 2664 b57nd60a - ok
10:16:49.0657 2664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:16:49.0704 2664 BDESVC - ok
10:16:49.0766 2664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:16:49.0813 2664 Beep - ok
10:16:49.0907 2664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:16:49.0985 2664 BFE - ok
10:16:50.0078 2664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:16:50.0141 2664 BITS - ok
10:16:50.0203 2664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:16:50.0266 2664 blbdrive - ok
10:16:50.0437 2664 Bluetooth Device Monitor (832314a5ac804dee429a009a3d41b99b) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:16:50.0468 2664 Bluetooth Device Monitor - ok
10:16:50.0593 2664 Bluetooth Media Service (35c701c5a286543973f0fc8bc195515e) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:16:50.0640 2664 Bluetooth Media Service - ok
10:16:50.0765 2664 Bluetooth OBEX Service (a475d68b03febf6c371f0d9644c2e12d) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:16:50.0796 2664 Bluetooth OBEX Service - ok
10:16:50.0905 2664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:16:50.0968 2664 bowser - ok
10:16:51.0014 2664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:16:51.0077 2664 BrFiltLo - ok
10:16:51.0108 2664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:16:51.0155 2664 BrFiltUp - ok
10:16:51.0202 2664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:16:51.0295 2664 Browser - ok
10:16:51.0373 2664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:16:51.0436 2664 Brserid - ok
10:16:51.0467 2664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:16:51.0498 2664 BrSerWdm - ok
10:16:51.0529 2664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:16:51.0576 2664 BrUsbMdm - ok
10:16:51.0623 2664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:16:51.0670 2664 BrUsbSer - ok
10:16:51.0716 2664 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:16:51.0794 2664 BthEnum - ok
10:16:51.0857 2664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:16:51.0919 2664 BTHMODEM - ok
10:16:51.0966 2664 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:16:52.0013 2664 BthPan - ok
10:16:52.0091 2664 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:16:52.0138 2664 BTHPORT - ok
10:16:52.0200 2664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:16:52.0262 2664 bthserv - ok
10:16:52.0340 2664 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:16:52.0372 2664 BTHSSecurityMgr - ok
10:16:52.0418 2664 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:16:52.0450 2664 BTHUSB - ok
10:16:52.0496 2664 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
10:16:52.0512 2664 btmaux - ok
10:16:52.0543 2664 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
10:16:52.0590 2664 btmhsf - ok
10:16:52.0637 2664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:16:52.0715 2664 cdfs - ok
10:16:52.0808 2664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:16:52.0855 2664 cdrom - ok
10:16:52.0902 2664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:16:52.0980 2664 CertPropSvc - ok
10:16:53.0011 2664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:16:53.0042 2664 circlass - ok
10:16:53.0105 2664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:16:53.0152 2664 CLFS - ok
10:16:53.0214 2664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:16:53.0214 2664 clr_optimization_v2.0.50727_32 - ok
10:16:53.0276 2664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:16:53.0308 2664 clr_optimization_v2.0.50727_64 - ok
10:16:53.0417 2664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:16:53.0479 2664 clr_optimization_v4.0.30319_32 - ok
10:16:53.0542 2664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:16:53.0588 2664 clr_optimization_v4.0.30319_64 - ok
10:16:53.0635 2664 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:16:53.0651 2664 clwvd - ok
10:16:53.0698 2664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:16:53.0776 2664 CmBatt - ok
10:16:53.0807 2664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:16:53.0822 2664 cmdide - ok
10:16:53.0885 2664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:16:53.0932 2664 CNG - ok
10:16:54.0072 2664 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\Windows\system32\drivers\CHDRT64.sys
10:16:54.0103 2664 CnxtHdAudService - ok
10:16:54.0259 2664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:16:54.0290 2664 Compbatt - ok
10:16:54.0337 2664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:16:54.0400 2664 CompositeBus - ok
10:16:54.0400 2664 COMSysApp - ok
10:16:54.0431 2664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:16:54.0446 2664 crcdisk - ok
10:16:54.0524 2664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:16:54.0602 2664 CryptSvc - ok
10:16:54.0805 2664 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:16:54.0852 2664 cvhsvc - ok
10:16:54.0930 2664 CxAudMsg (f160b26b26ba4afe8cecc12ed5ac231e) C:\Windows\system32\CxAudMsg64.exe
10:16:54.0961 2664 CxAudMsg - ok
10:16:55.0039 2664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:16:55.0117 2664 DcomLaunch - ok
10:16:55.0195 2664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:16:55.0289 2664 defragsvc - ok
10:16:55.0351 2664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:16:55.0429 2664 DfsC - ok
10:16:55.0492 2664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:16:55.0585 2664 Dhcp - ok
10:16:55.0616 2664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:16:55.0694 2664 discache - ok
10:16:55.0772 2664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:16:55.0804 2664 Disk - ok
10:16:55.0835 2664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:16:55.0882 2664 Dnscache - ok
10:16:55.0928 2664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:16:56.0006 2664 dot3svc - ok
10:16:56.0022 2664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:16:56.0069 2664 DPS - ok
10:16:56.0116 2664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:16:56.0178 2664 drmkaud - ok
10:16:56.0272 2664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:16:56.0318 2664 DXGKrnl - ok
10:16:56.0365 2664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:16:56.0428 2664 EapHost - ok
10:16:56.0693 2664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:16:56.0833 2664 ebdrv - ok
10:16:56.0974 2664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:16:57.0036 2664 EFS - ok
10:16:57.0145 2664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:16:57.0239 2664 ehRecvr - ok
10:16:57.0286 2664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:16:57.0332 2664 ehSched - ok
10:16:57.0426 2664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:16:57.0473 2664 elxstor - ok
10:16:57.0504 2664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:16:57.0520 2664 ErrDev - ok
10:16:57.0598 2664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:16:57.0691 2664 EventSystem - ok
10:16:57.0910 2664 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:16:57.0956 2664 EvtEng - ok
10:16:58.0112 2664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:16:58.0206 2664 exfat - ok
10:16:58.0206 2664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:16:58.0268 2664 fastfat - ok
10:16:58.0362 2664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:16:58.0424 2664 Fax - ok
10:16:58.0456 2664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:16:58.0502 2664 fdc - ok
10:16:58.0534 2664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:16:58.0612 2664 fdPHost - ok
10:16:58.0612 2664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:16:58.0658 2664 FDResPub - ok
10:16:58.0705 2664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:16:58.0721 2664 FileInfo - ok
10:16:58.0721 2664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:16:58.0783 2664 Filetrace - ok
10:16:58.0830 2664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:16:58.0846 2664 flpydisk - ok
10:16:58.0877 2664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:16:58.0892 2664 FltMgr - ok
10:16:58.0986 2664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:16:59.0064 2664 FontCache - ok
10:16:59.0158 2664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:16:59.0173 2664 FontCache3.0.0.0 - ok
10:16:59.0236 2664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:16:59.0267 2664 FsDepends - ok
10:16:59.0298 2664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:16:59.0314 2664 Fs_Rec - ok
10:16:59.0392 2664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:16:59.0423 2664 fvevol - ok
10:16:59.0454 2664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:16:59.0485 2664 gagp30kx - ok
10:16:59.0579 2664 GFNEXSrv (ba9051d3745fa546de3660f5f2ef84a5) C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
10:16:59.0610 2664 GFNEXSrv - ok
10:16:59.0704 2664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:16:59.0782 2664 gpsvc - ok
10:16:59.0860 2664 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:16:59.0891 2664 gupdate - ok
10:16:59.0922 2664 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:16:59.0953 2664 gupdatem - ok
10:16:59.0984 2664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:17:00.0031 2664 hcw85cir - ok
10:17:00.0094 2664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:17:00.0172 2664 HdAudAddService - ok
10:17:00.0218 2664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:17:00.0265 2664 HDAudBus - ok
10:17:00.0296 2664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:17:00.0328 2664 HidBatt - ok
10:17:00.0359 2664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:17:00.0406 2664 HidBth - ok
10:17:00.0452 2664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:17:00.0484 2664 HidIr - ok
10:17:00.0515 2664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:17:00.0562 2664 hidserv - ok
10:17:00.0624 2664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:17:00.0655 2664 HidUsb - ok
10:17:00.0702 2664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:17:00.0858 2664 hkmsvc - ok
10:17:00.0920 2664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:17:00.0983 2664 HomeGroupListener - ok
10:17:01.0045 2664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:17:01.0092 2664 HomeGroupProvider - ok
10:17:01.0139 2664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:17:01.0154 2664 HpSAMD - ok
10:17:01.0264 2664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:17:01.0342 2664 HTTP - ok
10:17:01.0373 2664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:17:01.0388 2664 hwpolicy - ok
10:17:01.0451 2664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:17:01.0482 2664 i8042prt - ok
10:17:01.0591 2664 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
10:17:01.0638 2664 iaStor - ok
10:17:01.0763 2664 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:17:01.0778 2664 IAStorDataMgrSvc - ok
10:17:01.0841 2664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:17:01.0872 2664 iaStorV - ok
10:17:01.0919 2664 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:17:01.0950 2664 iBtFltCoex - ok
10:17:02.0106 2664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:17:02.0153 2664 idsvc - ok
10:17:02.0870 2664 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:17:03.0229 2664 igfx - ok
10:17:03.0354 2664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:17:03.0385 2664 iirsp - ok
10:17:03.0479 2664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:17:03.0557 2664 IKEEXT - ok
10:17:03.0604 2664 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
10:17:03.0635 2664 intaud_WaveExtensible - ok
10:17:03.0728 2664 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:17:03.0791 2664 IntcDAud - ok
10:17:03.0838 2664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:17:03.0869 2664 intelide - ok
10:17:03.0916 2664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:17:03.0947 2664 intelppm - ok
10:17:03.0978 2664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:17:04.0040 2664 IPBusEnum - ok
10:17:04.0072 2664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:04.0118 2664 IpFilterDriver - ok
10:17:04.0196 2664 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:17:04.0243 2664 iphlpsvc - ok
10:17:04.0274 2664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:17:04.0306 2664 IPMIDRV - ok
10:17:04.0321 2664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:17:04.0368 2664 IPNAT - ok
10:17:04.0415 2664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:17:04.0446 2664 IRENUM - ok
10:17:04.0493 2664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:17:04.0524 2664 isapnp - ok
10:17:04.0586 2664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:17:04.0618 2664 iScsiPrt - ok
10:17:04.0664 2664 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
10:17:04.0696 2664 iwdbus - ok
10:17:04.0758 2664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:17:04.0789 2664 kbdclass - ok
10:17:04.0805 2664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:17:04.0836 2664 kbdhid - ok
10:17:04.0883 2664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:04.0898 2664 KeyIso - ok
10:17:05.0008 2664 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
10:17:05.0039 2664 KL1 - ok
10:17:05.0054 2664 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
10:17:05.0070 2664 kl2 - ok
10:17:05.0148 2664 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
10:17:05.0179 2664 KLIF - ok
10:17:05.0226 2664 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
10:17:05.0242 2664 KLIM6 - ok
10:17:05.0242 2664 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
10:17:05.0257 2664 klmouflt - ok
10:17:05.0304 2664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:17:05.0320 2664 KSecDD - ok
10:17:05.0351 2664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:17:05.0366 2664 KSecPkg - ok
10:17:05.0413 2664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:17:05.0491 2664 ksthunk - ok
10:17:05.0538 2664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:17:05.0632 2664 KtmRm - ok
10:17:05.0663 2664 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:17:05.0678 2664 L1C - ok
10:17:05.0788 2664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:17:05.0881 2664 LanmanServer - ok
10:17:05.0912 2664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:17:05.0990 2664 LanmanWorkstation - ok
10:17:06.0037 2664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:17:06.0084 2664 lltdio - ok
10:17:06.0146 2664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:17:06.0224 2664 lltdsvc - ok
10:17:06.0256 2664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:17:06.0302 2664 lmhosts - ok
10:17:06.0427 2664 LMS (5456de5a8e11edbd68bf19c70b0a8f58) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:17:06.0443 2664 LMS - ok
10:17:06.0505 2664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:17:06.0536 2664 LSI_FC - ok
10:17:06.0552 2664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:17:06.0568 2664 LSI_SAS - ok
10:17:06.0614 2664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:17:06.0646 2664 LSI_SAS2 - ok
10:17:06.0677 2664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:17:06.0692 2664 LSI_SCSI - ok
10:17:06.0786 2664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:17:06.0848 2664 luafv - ok
10:17:06.0926 2664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:17:06.0958 2664 Mcx2Svc - ok
10:17:07.0004 2664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:17:07.0036 2664 megasas - ok
10:17:07.0082 2664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:17:07.0129 2664 MegaSR - ok
10:17:07.0176 2664 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
10:17:07.0192 2664 MEIx64 - ok
10:17:07.0254 2664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:17:07.0316 2664 MMCSS - ok
10:17:07.0348 2664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:17:07.0379 2664 Modem - ok
10:17:07.0394 2664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:17:07.0426 2664 monitor - ok
10:17:07.0472 2664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:17:07.0488 2664 mouclass - ok
10:17:07.0550 2664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
10:17:07.0597 2664 mouhid - ok
10:17:07.0660 2664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:17:07.0691 2664 mountmgr - ok
10:17:07.0738 2664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:17:07.0753 2664 mpio - ok
10:17:07.0753 2664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:17:07.0800 2664 mpsdrv - ok
10:17:07.0878 2664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:17:07.0940 2664 MpsSvc - ok
10:17:07.0972 2664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:17:08.0003 2664 MRxDAV - ok
10:17:08.0034 2664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:08.0096 2664 mrxsmb - ok
10:17:08.0128 2664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:08.0174 2664 mrxsmb10 - ok
10:17:08.0190 2664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:08.0237 2664 mrxsmb20 - ok
10:17:08.0268 2664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:17:08.0299 2664 msahci - ok
10:17:08.0315 2664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:17:08.0346 2664 msdsm - ok
10:17:08.0377 2664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:17:08.0424 2664 MSDTC - ok
10:17:08.0471 2664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:17:08.0518 2664 Msfs - ok
10:17:08.0518 2664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:17:08.0564 2664 mshidkmdf - ok
10:17:08.0611 2664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:17:08.0611 2664 msisadrv - ok
10:17:08.0658 2664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:17:08.0736 2664 MSiSCSI - ok
10:17:08.0736 2664 msiserver - ok
10:17:08.0783 2664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:17:08.0861 2664 MSKSSRV - ok
10:17:08.0861 2664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:08.0892 2664 MSPCLOCK - ok
10:17:08.0939 2664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:17:09.0001 2664 MSPQM - ok
10:17:09.0032 2664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:17:09.0048 2664 MsRPC - ok
10:17:09.0064 2664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:17:09.0079 2664 mssmbios - ok
10:17:09.0126 2664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:17:09.0188 2664 MSTEE - ok
10:17:09.0220 2664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:17:09.0235 2664 MTConfig - ok
10:17:09.0282 2664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:17:09.0313 2664 Mup - ok
10:17:09.0407 2664 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:17:09.0438 2664 MyWiFiDHCPDNS - ok
10:17:09.0500 2664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:17:09.0578 2664 napagent - ok
10:17:09.0656 2664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:17:09.0734 2664 NativeWifiP - ok
10:17:09.0828 2664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:17:09.0875 2664 NDIS - ok
10:17:09.0890 2664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:09.0922 2664 NdisCap - ok
10:17:09.0937 2664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:09.0984 2664 NdisTapi - ok
10:17:10.0046 2664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:10.0109 2664 Ndisuio - ok
10:17:10.0124 2664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:10.0187 2664 NdisWan - ok
10:17:10.0218 2664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:17:10.0312 2664 NDProxy - ok
10:17:10.0327 2664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:17:10.0374 2664 NetBIOS - ok
10:17:10.0405 2664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:17:10.0452 2664 NetBT - ok
10:17:10.0483 2664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:10.0499 2664 Netlogon - ok
10:17:10.0577 2664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:17:10.0624 2664 Netman - ok
10:17:10.0686 2664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:17:10.0826 2664 netprofm - ok
10:17:10.0936 2664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:17:10.0967 2664 NetTcpPortSharing - ok
10:17:11.0466 2664 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
10:17:11.0700 2664 NETwNs64 - ok
10:17:11.0887 2664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:17:11.0918 2664 nfrd960 - ok
10:17:11.0981 2664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:17:12.0059 2664 NlaSvc - ok
10:17:12.0090 2664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:17:12.0121 2664 Npfs - ok
10:17:12.0168 2664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:17:12.0230 2664 nsi - ok
10:17:12.0262 2664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:17:12.0308 2664 nsiproxy - ok
10:17:12.0449 2664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:17:12.0511 2664 Ntfs - ok
10:17:12.0605 2664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:17:12.0683 2664 Null - ok
10:17:12.0808 2664 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\drivers\nusb3hub.sys
10:17:12.0854 2664 nusb3hub - ok
10:17:12.0932 2664 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\drivers\nusb3xhc.sys
10:17:12.0979 2664 nusb3xhc - ok
10:17:13.0042 2664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:17:13.0073 2664 nvraid - ok
10:17:13.0104 2664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:17:13.0120 2664 nvstor - ok
10:17:13.0166 2664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:17:13.0198 2664 nv_agp - ok
10:17:13.0229 2664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:17:13.0276 2664 ohci1394 - ok
10:17:13.0369 2664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:17:13.0400 2664 ose - ok
10:17:13.0790 2664 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:17:14.0024 2664 osppsvc - ok
10:17:14.0149 2664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:17:14.0212 2664 p2pimsvc - ok
10:17:14.0258 2664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:17:14.0305 2664 p2psvc - ok
10:17:14.0368 2664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:17:14.0414 2664 Parport - ok
10:17:14.0461 2664 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:17:14.0477 2664 partmgr - ok
10:17:14.0508 2664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:17:14.0570 2664 PcaSvc - ok
10:17:14.0617 2664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:17:14.0648 2664 pci - ok
10:17:14.0664 2664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:17:14.0695 2664 pciide - ok
10:17:14.0758 2664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:17:14.0804 2664 pcmcia - ok
10:17:14.0836 2664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:17:14.0836 2664 pcw - ok
10:17:14.0867 2664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:17:14.0929 2664 PEAUTH - ok
10:17:15.0023 2664 PEGAGFN (ee926c59cbd4dc4dc9fbb85014a2f1a5) C:\Program Files (x86)\PHotkey\PEGAGFN.sys
10:17:15.0038 2664 PEGAGFN - ok
10:17:15.0132 2664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:17:15.0163 2664 PerfHost - ok
10:17:15.0350 2664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:17:15.0444 2664 pla - ok
10:17:15.0538 2664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:17:15.0616 2664 PlugPlay - ok
10:17:15.0647 2664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:17:15.0662 2664 PNRPAutoReg - ok
10:17:15.0694 2664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:17:15.0709 2664 PNRPsvc - ok
10:17:15.0787 2664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:17:15.0850 2664 PolicyAgent - ok
10:17:15.0896 2664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:17:15.0974 2664 Power - ok
10:17:16.0021 2664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:17:16.0068 2664 PptpMiniport - ok
10:17:16.0099 2664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:17:16.0146 2664 Processor - ok
10:17:16.0177 2664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:17:16.0240 2664 ProfSvc - ok
10:17:16.0271 2664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:16.0286 2664 ProtectedStorage - ok
10:17:16.0333 2664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:17:16.0396 2664 Psched - ok
10:17:16.0458 2664 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:17:16.0489 2664 PSI_SVC_2 - ok
10:17:16.0630 2664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:17:16.0692 2664 ql2300 - ok
10:17:16.0832 2664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:17:16.0864 2664 ql40xx - ok
10:17:16.0910 2664 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:17:16.0942 2664 QWAVE - ok
10:17:17.0004 2664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:17:17.0051 2664 QWAVEdrv - ok
10:17:17.0051 2664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:17:17.0098 2664 RasAcd - ok
10:17:17.0144 2664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:17.0207 2664 RasAgileVpn - ok
10:17:17.0238 2664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:17:17.0269 2664 RasAuto - ok
10:17:17.0332 2664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:17.0410 2664 Rasl2tp - ok
10:17:17.0488 2664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:17:17.0550 2664 RasMan - ok
10:17:17.0581 2664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:17.0675 2664 RasPppoe - ok
10:17:17.0722 2664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:17:17.0768 2664 RasSstp - ok
10:17:17.0784 2664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:17:17.0831 2664 rdbss - ok
10:17:17.0862 2664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:17:17.0878 2664 rdpbus - ok
10:17:17.0909 2664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:17.0987 2664 RDPCDD - ok
10:17:18.0034 2664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:17:18.0096 2664 RDPENCDD - ok
10:17:18.0127 2664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:17:18.0174 2664 RDPREFMP - ok
10:17:18.0221 2664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:17:18.0252 2664 RDPWD - ok
10:17:18.0283 2664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:17:18.0299 2664 rdyboost - ok
10:17:18.0439 2664 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:17:18.0470 2664 RegSrvc - ok
10:17:18.0502 2664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:17:18.0548 2664 RemoteAccess - ok
10:17:18.0595 2664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:17:18.0642 2664 RemoteRegistry - ok
10:17:18.0720 2664 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:17:18.0767 2664 RFCOMM - ok
10:17:18.0907 2664 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:17:18.0938 2664 RichVideo ( UnsignedFile.Multi.Generic ) - warning
10:17:18.0938 2664 RichVideo - detected UnsignedFile.Multi.Generic (1)
10:17:18.0970 2664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:17:19.0048 2664 RpcEptMapper - ok
10:17:19.0079 2664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:17:19.0094 2664 RpcLocator - ok
10:17:19.0172 2664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:17:19.0219 2664 RpcSs - ok
10:17:19.0266 2664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:17:19.0297 2664 rspndr - ok
10:17:19.0328 2664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:19.0360 2664 SamSs - ok
10:17:19.0391 2664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:17:19.0406 2664 sbp2port - ok
10:17:19.0453 2664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:17:19.0516 2664 SCardSvr - ok
10:17:19.0547 2664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:17:19.0625 2664 scfilter - ok
10:17:19.0750 2664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:17:19.0828 2664 Schedule - ok
10:17:19.0874 2664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:17:19.0921 2664 SCPolicySvc - ok
10:17:19.0984 2664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:17:20.0046 2664 SDRSVC - ok
10:17:20.0093 2664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:17:20.0171 2664 secdrv - ok
10:17:20.0218 2664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:17:20.0280 2664 seclogon - ok
10:17:20.0327 2664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:17:20.0405 2664 SENS - ok
10:17:20.0436 2664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:17:20.0498 2664 SensrSvc - ok
10:17:20.0530 2664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:17:20.0576 2664 Serenum - ok
10:17:20.0623 2664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:17:20.0639 2664 Serial - ok
10:17:20.0670 2664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:17:20.0701 2664 sermouse - ok
10:17:20.0748 2664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:17:20.0795 2664 SessionEnv - ok
10:17:20.0826 2664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:17:20.0857 2664 sffdisk - ok
10:17:20.0888 2664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:17:20.0920 2664 sffp_mmc - ok
10:17:20.0951 2664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:17:20.0982 2664 sffp_sd - ok
10:17:21.0029 2664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:17:21.0044 2664 sfloppy - ok
10:17:21.0138 2664 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:17:21.0169 2664 Sftfs - ok
10:17:21.0294 2664 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:17:21.0341 2664 sftlist - ok
10:17:21.0388 2664 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:17:21.0403 2664 Sftplay - ok
10:17:21.0419 2664 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:17:21.0434 2664 Sftredir - ok
10:17:21.0450 2664 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:17:21.0466 2664 Sftvol - ok
10:17:21.0512 2664 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:17:21.0544 2664 sftvsa - ok
10:17:21.0606 2664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:17:21.0684 2664 SharedAccess - ok
10:17:21.0731 2664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:17:21.0824 2664 ShellHWDetection - ok
10:17:21.0856 2664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:17:21.0871 2664 SiSRaid2 - ok
10:17:21.0902 2664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:17:21.0934 2664 SiSRaid4 - ok
10:17:21.0980 2664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:17:22.0043 2664 Smb - ok
10:17:22.0090 2664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:17:22.0121 2664 SNMPTRAP - ok
10:17:22.0214 2664 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
10:17:22.0246 2664 Sony PC Companion - ok
10:17:22.0277 2664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:17:22.0292 2664 spldr - ok
10:17:22.0355 2664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:17:22.0433 2664 Spooler - ok
10:17:22.0667 2664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:17:22.0729 2664 sppsvc - ok
10:17:22.0885 2664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:17:22.0963 2664 sppuinotify - ok
10:17:23.0041 2664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:17:23.0119 2664 srv - ok
10:17:23.0197 2664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:17:23.0228 2664 srv2 - ok
10:17:23.0260 2664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:17:23.0291 2664 srvnet - ok
10:17:23.0338 2664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:17:23.0400 2664 SSDPSRV - ok
10:17:23.0400 2664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:17:23.0447 2664 SstpSvc - ok
10:17:23.0462 2664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:17:23.0478 2664 stexstor - ok
10:17:23.0556 2664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:17:23.0603 2664 stisvc - ok
10:17:23.0634 2664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:17:23.0665 2664 swenum - ok
10:17:23.0743 2664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:17:23.0790 2664 swprv - ok
10:17:23.0852 2664 SynTP (be2b928de9af2848289db7a54c7e2398) C:\Windows\system32\drivers\SynTP.sys
10:17:23.0884 2664 SynTP - ok
10:17:24.0024 2664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:17:24.0086 2664 SysMain - ok
10:17:24.0196 2664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:17:24.0242 2664 TabletInputService - ok
10:17:24.0274 2664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:17:24.0320 2664 TapiSrv - ok
10:17:24.0352 2664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:17:24.0398 2664 TBS - ok
10:17:24.0586 2664 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:17:24.0648 2664 Tcpip - ok
10:17:24.0898 2664 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:17:24.0944 2664 TCPIP6 - ok
10:17:25.0054 2664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:17:25.0147 2664 tcpipreg - ok
10:17:25.0163 2664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:17:25.0178 2664 TDPIPE - ok
10:17:25.0194 2664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:17:25.0225 2664 TDTCP - ok
10:17:25.0272 2664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:17:25.0350 2664 tdx - ok
10:17:25.0397 2664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:17:25.0428 2664 TermDD - ok
10:17:25.0506 2664 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:17:25.0584 2664 TermService - ok
10:17:25.0615 2664 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:17:25.0662 2664 Themes - ok
10:17:25.0693 2664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:17:25.0724 2664 THREADORDER - ok
10:17:25.0787 2664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:17:25.0865 2664 TrkWks - ok
10:17:25.0927 2664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:17:26.0005 2664 TrustedInstaller - ok
10:17:26.0036 2664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:26.0114 2664 tssecsrv - ok
10:17:26.0146 2664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:17:26.0177 2664 TsUsbFlt - ok
10:17:26.0192 2664 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:17:26.0208 2664 TsUsbGD - ok
10:17:26.0270 2664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:17:26.0348 2664 tunnel - ok
10:17:26.0364 2664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:17:26.0380 2664 uagp35 - ok
10:17:26.0442 2664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:17:26.0520 2664 udfs - ok
10:17:26.0551 2664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:17:26.0582 2664 UI0Detect - ok
10:17:26.0629 2664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:17:26.0660 2664 uliagpkx - ok
10:17:26.0676 2664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:17:26.0707 2664 umbus - ok
10:17:26.0723 2664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:17:26.0754 2664 UmPass - ok
10:17:26.0988 2664 UNS (d87fb12563f65088b1904871d86e5164) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:17:27.0050 2664 UNS - ok
10:17:27.0175 2664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:17:27.0269 2664 upnphost - ok
10:17:27.0331 2664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:27.0394 2664 usbccgp - ok
10:17:27.0425 2664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:17:27.0456 2664 usbcir - ok
10:17:27.0487 2664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:17:27.0518 2664 usbehci - ok
10:17:27.0581 2664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
10:17:27.0628 2664 usbhub - ok
10:17:27.0643 2664 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:17:27.0690 2664 usbohci - ok
10:17:27.0721 2664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
10:17:27.0752 2664 usbprint - ok
10:17:27.0784 2664 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
10:17:27.0799 2664 usbser - ok
10:17:27.0830 2664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:17:27.0862 2664 USBSTOR - ok
10:17:27.0908 2664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:17:27.0940 2664 usbuhci - ok
10:17:27.0986 2664 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:17:28.0018 2664 usbvideo - ok
10:17:28.0064 2664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:17:28.0142 2664 UxSms - ok
10:17:28.0174 2664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:17:28.0205 2664 VaultSvc - ok
10:17:28.0252 2664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:17:28.0283 2664 vdrvroot - ok
10:17:28.0376 2664 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:17:28.0470 2664 vds - ok
10:17:28.0501 2664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:28.0517 2664 vga - ok
10:17:28.0517 2664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:17:28.0564 2664 VgaSave - ok
10:17:28.0610 2664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:17:28.0642 2664 vhdmp - ok
10:17:28.0673 2664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:17:28.0704 2664 viaide - ok
10:17:28.0751 2664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:17:28.0782 2664 volmgr - ok
10:17:28.0829 2664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:17:28.0860 2664 volmgrx - ok
10:17:28.0907 2664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:17:28.0938 2664 volsnap - ok
10:17:28.0985 2664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:17:29.0000 2664 vsmraid - ok
10:17:29.0110 2664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:17:29.0188 2664 VSS - ok
10:17:29.0312 2664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:17:29.0344 2664 vwifibus - ok
10:17:29.0375 2664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:17:29.0406 2664 vwififlt - ok
10:17:29.0406 2664 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:17:29.0437 2664 vwifimp - ok
10:17:29.0484 2664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:17:29.0562 2664 W32Time - ok
10:17:29.0593 2664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:17:29.0624 2664 WacomPen - ok
10:17:29.0656 2664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:29.0702 2664 WANARP - ok
10:17:29.0718 2664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:29.0749 2664 Wanarpv6 - ok
10:17:29.0890 2664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:17:29.0952 2664 WatAdminSvc - ok
10:17:30.0030 2664 watchmi (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe
10:17:30.0046 2664 watchmi ( UnsignedFile.Multi.Generic ) - warning
10:17:30.0046 2664 watchmi - detected UnsignedFile.Multi.Generic (1)
10:17:30.0186 2664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:17:30.0264 2664 wbengine - ok
10:17:30.0389 2664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:17:30.0436 2664 WbioSrvc - ok
10:17:30.0451 2664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:17:30.0482 2664 wcncsvc - ok
10:17:30.0498 2664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:17:30.0529 2664 WcsPlugInService - ok
10:17:30.0576 2664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:17:30.0607 2664 Wd - ok
10:17:30.0685 2664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:17:30.0732 2664 Wdf01000 - ok
10:17:30.0763 2664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:17:30.0826 2664 WdiServiceHost - ok
10:17:30.0826 2664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:17:30.0841 2664 WdiSystemHost - ok
10:17:30.0904 2664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:17:30.0950 2664 WebClient - ok
10:17:30.0982 2664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:17:31.0028 2664 Wecsvc - ok
10:17:31.0060 2664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:17:31.0106 2664 wercplsupport - ok
10:17:31.0169 2664 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:17:31.0247 2664 WerSvc - ok
10:17:31.0309 2664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:31.0356 2664 WfpLwf - ok
10:17:31.0372 2664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:17:31.0372 2664 WIMMount - ok
10:17:31.0403 2664 WinDefend - ok
10:17:31.0418 2664 WinHttpAutoProxySvc - ok
10:17:31.0465 2664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:17:31.0528 2664 Winmgmt - ok
10:17:31.0684 2664 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:17:31.0762 2664 WinRM - ok
10:17:31.0918 2664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:17:31.0980 2664 WinUsb - ok
10:17:32.0074 2664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:17:32.0136 2664 Wlansvc - ok
10:17:32.0214 2664 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:17:32.0230 2664 wlcrasvc - ok
10:17:32.0464 2664 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:17:32.0510 2664 wlidsvc - ok
10:17:32.0635 2664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:17:32.0682 2664 WmiAcpi - ok
10:17:32.0760 2664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:17:32.0807 2664 wmiApSrv - ok
10:17:32.0854 2664 WMPNetworkSvc - ok
10:17:32.0900 2664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:17:32.0947 2664 WPCSvc - ok
10:17:32.0963 2664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:17:32.0978 2664 WPDBusEnum - ok
10:17:33.0010 2664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:17:33.0072 2664 ws2ifsl - ok
10:17:33.0103 2664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:17:33.0150 2664 wscsvc - ok
10:17:33.0150 2664 WSearch - ok
10:17:33.0212 2664 wsvd (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
10:17:33.0244 2664 wsvd - ok
10:17:33.0431 2664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:17:33.0493 2664 wuauserv - ok
10:17:33.0634 2664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:17:33.0712 2664 WudfPf - ok
10:17:33.0743 2664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:17:33.0790 2664 WUDFRd - ok
10:17:33.0836 2664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:17:33.0883 2664 wudfsvc - ok
10:17:33.0914 2664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:17:33.0946 2664 WwanSvc - ok
10:17:33.0992 2664 MBR (0x1B8) (696e19d55ec5e8564af347109d7e796c) \Device\Harddisk0\DR0
10:17:36.0707 2664 \Device\Harddisk0\DR0 - ok
10:17:36.0707 2664 Boot (0x1200) (85038963bed499145e6016b491b3cfea) \Device\Harddisk0\DR0\Partition0
10:17:36.0707 2664 \Device\Harddisk0\DR0\Partition0 - ok
10:17:36.0754 2664 Boot (0x1200) (0772585bd7b06c5542afdd051753c3ca) \Device\Harddisk0\DR0\Partition1
10:17:36.0754 2664 \Device\Harddisk0\DR0\Partition1 - ok
10:17:36.0800 2664 Boot (0x1200) (2d981f8283248990b0dc6e276bfe164b) \Device\Harddisk0\DR0\Partition2
10:17:36.0800 2664 \Device\Harddisk0\DR0\Partition2 - ok
10:17:36.0800 2664 ============================================================
10:17:36.0800 2664 Scan finished
10:17:36.0800 2664 ============================================================
10:17:36.0816 0796 Detected object count: 2
10:17:36.0816 0796 Actual detected object count: 2
10:18:45.0955 0796 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:45.0955 0796 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:45.0955 0796 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:45.0955 0796 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.06.2012, 15:58
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | polizeitrojaner: "ihr computer wurde gesperrt" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.06.2012, 18:13
| #15 |
| | polizeitrojaner: "ihr computer wurde gesperrt" hallo! habe soeben combofix drüberlaufen lassen. hier das log: lg, ps. [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-09.03 - Christine 10.06.2012 19:00:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.4007.2523 [GMT 2:00]
ausgeführt von:: c:\users\Christine\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\system32\ICON.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-10 bis 2012-06-10 ))))))))))))))))))))))))))))))
.
.
2012-06-10 17:06 . 2012-06-10 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 06:47 . 2012-06-09 06:47 -------- d-----w- C:\_OTL
2012-06-08 12:16 . 2012-06-08 12:16 -------- d-----w- c:\program files (x86)\ESET
2012-06-08 11:39 . 2012-06-08 11:39 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes
2012-06-08 11:38 . 2012-06-08 11:38 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 11:38 . 2012-06-08 11:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-08 11:38 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 07:39 . 2012-05-17 07:39 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-17 07:39 . 2012-05-17 07:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 12:23 . 2012-03-31 12:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-31 06:05 . 2012-05-10 13:38 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 13:38 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 13:38 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 13:38 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 13:37 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 13:38 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-14 21:09 . 2011-05-14 18:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-04-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-9-2 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe [2010-10-07 159752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys [2009-09-11 14344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 32500593
*Deregistered* - 32500593
*Deregistered* - A2DDA
*Deregistered* - a2util
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 11:32]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 11:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-10 19:08:05
ComboFix-quarantined-files.txt 2012-06-10 17:08
.
Vor Suchlauf: 8 Verzeichnis(se), 603.918.270.464 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 603.420.135.424 Bytes frei
.
- - End Of File - - 500C3FB8ADB4B62E4D6B7B48F8C991E4
|
|
| Themen zu polizeitrojaner: "ihr computer wurde gesperrt" |
| adobe, autorun, avp.exe, bho, browser, computer, defender, emsisoft, error, fehler, firefox, flash player, format, gesperrt, gfnexsrv.exe, google earth, home, hängt, install.exe, kaspersky, logfile, microsoft office starter 2010, monitor, plug-in, registry, rundll, scan, searchscopes, software, svchost.exe, tastatur, usb, usb 3.0, version=1.0 |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
