|
Plagegeister aller Art und deren Bekämpfung: Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.07.2012, 18:09 | #1 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) Hallo Zusammen, leider gehör ich zu den Dummen, die auf die blöde Phishing-Mail der "deutschen Post" reingefallen ist. "Lieber Kunde, Es ist unserem Boten leider misslungen einen Postsendung an Ihre Adresse zuzustellen. Grund: Ein Fehler in der Leiferanschrift. Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen. Anbei finden Sie einen Postetikett. Sie sollen dieses Postetikett drucken lassen, um Ihre Postsendung in der Postabteilung empfangen zu konnen. Vielen Dank! Deutsche Post AG." Da ich zufällig auch noch eine Paketsendung erwartete, hab ich weniger nachgedacht, als ich den Anhang öffnete und blöderweise die ZIP-Datei auch noch entpackt habe. Als ich darauf aufmerksam gemacht worden bin, das könnte eine Fake-E-Mail sein, habe ich mich informiert darüber. Durch Recherchen bin ich auf dieses Forum gestoßen und habe den Scan des Malwarebytes anti malware durchgeführt, gleich 2 mal. Zuerst den Quick-Scan und den vollständigen Suchlauf. Wobei ich bei dem vollständigen Suchlauf vergessen hab, vorher zu aktualisieren. Ich hoffe, das ist nicht so schlimm :/ Ich hoffe ihr könnt mir hier helfen, dass der Trojaner bald Vergangenheit ist. Quick-Scan: Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Curly :: CURLY-PC [Administrator] 14.07.2012 16:55:15 mbam-log-2012-07-14 (16-55-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213176 Laufzeit: 4 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 25 HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\HBLiteAx.Info (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\HBLiteAx.Info.1 (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\HBLiteAX.UserProfiles (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\hblitesa (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 8 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|kxfmpban (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\xincfqas.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|oxkpoicw (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\fngdtpah.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|trfsfclp (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\njekjppc.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fxejhhil (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\bblsxexs.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gnrjfthu (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\hipuexod.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|nfldaolc (Trojan.Phex.THAGen1) -> Daten: "C:\Users\Curly\AppData\Local\terljrrq.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Daten: C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Daten: C:\Program Files (x86)\QuestScan\questscan.dll -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 13 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Roaming\HBLite (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin\11.0.384.0 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\plugins (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 21 C:\Users\Curly\Downloads\888casino.exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\Curly\AppData\Local\xincfqas.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\fngdtpah.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\njekjppc.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\bblsxexs.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\hipuexod.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\terljrrq.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\AppData\Local\Temp\Temp1_Postetikett_Deutsche_Post_AG_DE1543-35.zip\Postetikett_Deutsche_Post_AG_DE1543-35.exe (Trojan.Phex.THAGen1) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\Downloads\PDFConverterSetup.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\Downloads\setup (1).exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\Downloads\setup.exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\HBLite\bin\11.0.384.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vollständiger Suchlauf: Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.07.14.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Curly :: CURLY-PC [Administrator] 14.07.2012 17:15:00 mbam-log-2012-07-14 (17-15-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 418261 Laufzeit: 1 Stunde(n), 15 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Curly\Downloads\888casino.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Liebe Grüße Curly |
14.07.2012, 18:39 | #2 |
/// Malware-holic | Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) hi
__________________wenn du die logs ins forum kopierst, brauchst du sie nicht noch mal anzuhängen :-) 1. in zukunft solche mails bitte an mich weiterleiten, wie das geht, steht in meiner signatur. 2. gibt es bei dir verschlüsselte dateien? 3. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
14.07.2012, 19:24 | #3 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) Ich hatte das mit dem direkt reinstellen woanders gesehen.
__________________Soweit ich weiß, habe ich keine verschlüsselten Dateien. Hier die Logs:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/14/2012 7:59:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Curly\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free 7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system | "{2092520B-966D-4044-BFAC-53AE2EDD7ECB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system | "{3C7072C4-65BE-4245-B0B5-13752809C068}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3D57B42A-1BEB-4542-A383-ED564A49F3DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{466BAAA6-48D5-43D4-BA6D-2471905BA12A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5E3A5AC1-9573-46DC-BFE1-44850761EC48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system | "{74E47DFA-198F-4D2C-8345-DDB106031F75}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{79B54805-6501-40CC-8A51-769B9F988187}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7AD559A0-6325-45BF-9889-971651042C4E}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EC1E60D-2AA7-4BB3-9086-AD970A586728}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system | "{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8293E152-0868-447F-99BB-4A2020E1ACB6}" = rport=10243 | protocol=6 | dir=out | app=system | "{8676C04B-E3F7-4851-B324-85D4ED38F757}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{87C6315B-DC5E-4902-93F0-550178C46158}" = lport=2869 | protocol=6 | dir=in | app=system | "{8F25E10B-133F-4202-A4C9-B0B71645EB1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{90A6E77D-D528-4771-9047-1324942BCBFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93637A4F-B52D-4CD8-A85D-C239C87F64AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98A6891E-44A5-4C0F-AA5A-D1A0FA3D38E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99DAD283-B6DE-40AA-B7CC-7E8AF8DD83E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system | "{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system | "{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system | "{B13A441A-641B-4608-A20D-387E5E7B1DFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B24D3273-7724-4BA9-82F5-5AF8AD33EECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B7360798-D458-4D58-B80E-8DE8B65A1616}" = lport=10243 | protocol=6 | dir=in | app=system | "{C4696401-DA3F-49D7-B5B3-D856F37CEEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4FB5557-2150-48B1-8244-AAB4EC93CDED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9C98227-C8A8-41EE-BAFC-0E43973757EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1B35A95D-7346-4D92-953A-31B307694FC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{208A3084-C63C-4826-B483-F6B009767D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "{26FCA5F2-140B-42F2-A396-8DF3D9B3C060}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{37677B55-48E1-4F5F-8092-8B566677137A}" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | "{3AE7A479-8530-4BD3-A916-AECD223FA6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3E04AB46-F9C0-403A-9774-BC1D0B6CC8CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{40836A3E-C887-407F-AD26-20C61DC690FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5481D989-E77F-4E17-AA08-9F65F10C7A93}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{577285BC-9155-4B27-A26F-ECFE53F0BA22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8068FAB8-FC58-40B1-9D2B-98E206F5522C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89F449F1-BD36-4016-934C-7CC9D13B89EB}" = protocol=6 | dir=out | app=system | "{8B4052CE-D834-411E-BAA1-4E2CBBFFBFDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8E79F325-74F9-4526-B156-551FB2FF97EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D9D963F-5742-47BA-BED4-790F23736B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB1CBE95-38FA-4129-B8D5-9F02DCAB5C75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AC4BFE1E-0574-432A-A409-9C70455EA853}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B2823A6C-76AF-4725-AED2-A929CBED35EC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C0F010B6-7DBD-4F13-8551-639ABC497C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D0043576-4FF5-4FFB-9489-36699BBF8110}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EBF7309C-A09C-4DFC-815A-BD5727BCD612}" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | "{F04600AA-DAAB-4CEE-9906-7351820009AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{F280F92D-F2F7-4350-99F4-F42588E5BC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F660CDAB-929A-4315-BA96-287578D11C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD3AFA01-032F-4FB5-A7BC-5C6810DD7DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{6CE4A3D7-371C-476E-A2CD-C01E5BAE6980}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | "TCP Query User{A98B90E5-C86C-404E-A1E9-089A7B1733DC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{AD7B1BCF-28B0-474B-BFC6-840E99F5CD7B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B393B290-C8D1-4D53-AEB8-CE76E9DFEF54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{EEB7CED1-C2BD-44C5-B683-C3E4D59373DC}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{388353D5-5BA1-4A3F-A02C-2AE50045B01D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | "UDP Query User{69CADA3B-F6A4-477F-82EF-ECF803BB2DDF}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{7E18F17B-7C5E-462F-8D5E-A036093CA140}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{EDEFCBCA-EB35-470F-A06E-052002CEB662}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{F185A452-A77C-4DF3-8A6E-F6CCD2445B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "888poker" = 888poker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Akamai" = Akamai NetSession Interface Service "Alice Software" = Alice Software 4.10.0 "BabylonToolbar" = Babylon toolbar on IE "BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald "BFGC" = Big Fish Games: Game Manager "colosseum" = Colosseum Casino "DealPly" = DealPly "DSGPlayer" = RTL GAME CENTER "ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Jane Angel_is1" = Jane Angel "Jewel Match 2" = Jewel Match 2 "Jewel Quest 2_is1" = Jewel Quest 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Marvell Miniport Driver" = Marvell Miniport Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "TmNationsForever_is1" = TmNationsForever "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/25/2012 4:11:05 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/26/2012 8:01:30 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/26/2012 2:10:03 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 3:10:37 AM | Computer Name = Curly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3538.513, Zeitstempel: 0x4dcdb2b3 Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version: 2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8 ID des fehlerhaften Prozesses: 0xb30 Startzeit der fehlerhaften Anwendung: 0x01cd2444c59627a4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax Berichtskennung: 164509e8-9038-11e1-a521-002454ce6eec Error - 4/27/2012 3:20:21 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 3:54:43 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 5:22:11 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 4/27/2012 5:22:29 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 4/27/2012 2:26:51 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/28/2012 5:06:31 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ System Events ] Error - 6/9/2012 8:53:58 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 6/12/2012 2:02:39 PM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1715.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/28/2012 3:22:04 PM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Error - 7/1/2012 9:15:12 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error - 7/3/2012 10:51:02 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error - 7/3/2012 1:39:26 PM | Computer Name = Curly-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 7/14/2012 11:51:06 AM | Computer Name = Curly-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der Netzwerkhardwareadresse E4-7C-F9-26-4A-D2 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/14/2012 7:59:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Curly\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free 7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/14 19:11:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Curly\Downloads\OTL (1).exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/12/09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/07/10 19:44:31 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2010/09/29 16:05:06 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Samsung | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a1a847a IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\ CHR - Extension: YouTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\ CHR - Extension: DealPly = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Skype Click to Call = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70F52640-BC37-48B9-9469-CABB97784DB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/14 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Malwarebytes [2012/07/14 16:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/14 16:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/14 16:53:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/14 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/14 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Curly\Documents\Simply Super Software [2012/07/14 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0B8437F3-455E-4594-8000-CF2F32718C1D} [2012/07/14 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6C50CC1E-1167-4A7D-97C7-77F4D945A868} [2012/07/14 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1B83F72F-FBBE-46E8-946A-A33B291D913B} [2012/07/14 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1083DB5F-87E2-4B8C-A08E-3EB677EE55A3} [2012/07/13 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9EC33733-E145-43BC-B53B-5C96E92188CB} [2012/07/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3F957AFA-14D0-4C70-AF31-0B0067AA517B} [2012/07/12 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{099B6F47-AB64-47D3-A2A8-C409E9F9A19C} [2012/07/12 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{97A632B0-08D6-4C87-8F2B-A9ADBA3AE2E8} [2012/07/11 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{C547E0FE-1315-45DD-AAA6-522B906BBBD9} [2012/07/11 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BDE20456-27AE-4CD2-AD2D-4ABD9227DFFA} [2012/07/10 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E82146B6-C436-494A-AA78-D4C3AE77C09C} [2012/07/10 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B4CC0C13-FB37-44A5-8E9B-E41B412B244E} [2012/07/09 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{22EB1839-8BA7-4D07-85A6-7C5F02C36C5C} [2012/07/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{042A7E39-51F4-43E4-819B-A52B8BB4C792} [2012/07/08 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0C37E501-C89C-41EF-8440-C6F29A13A811} [2012/07/08 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0A0C36D9-EB71-4FF6-8001-D57D96B660A3} [2012/07/08 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{31225A11-D694-422C-AF66-F82EBB79FCD0} [2012/07/08 08:03:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{725F1962-318B-459B-92C9-891110E6E725} [2012/07/07 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{966E0BD8-68CC-4DE1-91B7-483DFD16DAB0} [2012/07/07 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A60421EA-A0FC-4112-95D3-3B50B3EA1306} [2012/07/07 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{66028DD7-4F0D-4C0F-A50D-3861B1260581} [2012/07/07 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DCB17834-1F54-4C3D-8BF7-04CD84CEB5E8} [2012/07/06 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F3B04F8-9F2E-4D93-86AB-13F62C2972B9} [2012/07/06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A15967AC-8D31-4385-BC9B-42BD30EC5F91} [2012/07/05 16:38:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7EA1BB94-60C8-40C0-B2B9-F5D1EC40C3CC} [2012/07/05 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AF0B1B3-F5CA-4A7C-9926-0234C7172410} [2012/07/03 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{238179E4-F0CA-4AE6-AA56-5B7E1E455416} [2012/07/03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1D31B9E6-9D35-4E53-9213-7226158CAC92} [2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Try2 [2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Try2 [2012/06/30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rondomedia [2012/06/30 15:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rondomedia [2012/06/30 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{91C14A3C-EA6D-464D-90E6-04588472836A} [2012/06/30 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{620D4DA6-0351-4304-A54F-B1BCAC8AF811} [2012/06/29 20:08:06 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{85C6442F-B9D5-49A7-9D2D-EE984F9FC91F} [2012/06/29 20:07:54 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{87ECE462-7EEB-4211-8CC4-697C787AE266} [2012/06/28 17:22:39 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3E6338C1-61A4-4A1B-8E84-E71F251E3E04} [2012/06/28 17:22:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B6F28B37-0223-49DE-BE8F-A05024E34C24} [2012/06/27 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{EDF4A685-4661-4669-8A69-B0DC621C1B6A} [2012/06/27 12:07:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8C0D85AC-4947-4705-8572-DFA62CA98594} [2012/06/26 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8314CFFE-C64E-4C90-9263-6EE337D4A14C} [2012/06/26 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0E617B41-9F0F-42B2-A076-A8AAA7B408E0} [2012/06/25 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{787B3F86-D47E-45E5-B545-ECFEC5683D0D} [2012/06/25 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6136B93F-ADA6-42A8-91C6-94F1687857D2} [2012/06/24 13:51:27 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AA44DD6E-9ED3-494A-B90B-DC4F06829FC1} [2012/06/24 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F4D4BE8-90F8-4F30-BF09-6EADADB91195} [2012/06/23 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CC8E8176-BDCD-479F-A942-D218B5F1D1C5} [2012/06/23 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{461389E9-71DC-4D5A-9755-8605D9AA9487} [2012/06/23 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A9369701-9AE9-4A9F-B7D6-A0E26C14F609} [2012/06/23 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5989344F-A244-48B1-929E-F872BFBF60AC} [2012/06/22 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{854BC9EB-6588-4052-A7C5-B258DD5993FE} [2012/06/22 10:16:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4E24F057-FEA2-4E00-9260-DC15E3AE99EC} [2012/06/21 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{812CBD7C-EACC-46FE-B4A8-6A6287DC04C4} [2012/06/21 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9661BFD4-872C-4FB1-B612-DCCB5EA8A0A2} [2012/06/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9E0D13C0-8A97-46CF-8160-CAE36ACB3112} [2012/06/21 09:45:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7D65540B-B4C7-4AAA-BDB2-B862F4F33313} [2012/06/20 14:29:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FECEF177-12E8-4706-8C42-BA2B2BE52D20} [2012/06/20 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FF83F29A-A84E-475E-8B44-6D249E43C7A3} [2012/06/20 14:28:15 | 000,000,000 | ---D | C] -- C:\windows\de [2012/06/20 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5D1AC59A-784F-43FA-92F5-E7D855BFFD8C} [2012/06/20 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AD04DD3-AA84-45EE-9A18-E2DD33BC6254} [2012/06/20 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{09AC0B06-970F-42FA-B9E9-C9102F3D9A0B} [2012/06/20 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FDECE332-E2F4-4A21-BE08-3686ACF7296D} [2012/06/20 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BA5E77BF-3B9E-4CF5-96D0-E6CD6BF6157B} [2012/06/20 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BC041490-B794-47A9-8408-C0453B9C8A30} [2012/06/20 08:54:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4963E122-B1E8-4341-AE89-CAB1253F3D20} [2012/06/20 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8A196436-5561-4FC4-82D2-B860537E631D} [2012/06/20 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{389ADBA7-CF63-4ED7-8388-CD7535264E4F} [2012/06/20 08:15:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AE11333D-3098-4744-90D9-013AB0476BCC} [2012/06/19 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AF064C82-00F6-4179-8E96-713F68634680} [2012/06/19 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B1283DBE-5973-4313-B936-DE316349B10B} [2012/06/19 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{26AEC35B-4A4C-414C-B412-D4B0B538FBCA} [2012/06/19 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{71EDB583-229D-45ED-BFBC-56224171E6F3} [2012/06/19 10:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{86E9479B-BC8E-498C-8F8F-056CAFD83FC5} [2012/06/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{39F18714-431F-4877-A76C-229B7BE21B61} [2012/06/19 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CAD1D7C6-BB32-4577-BFDC-9CA9C1961E69} [2012/06/19 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E9D50095-2332-4F8F-978F-5CB23262705D} [2012/06/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{17A4699B-7E9B-4B84-8C52-8EF3BCCFEC97} [2012/06/16 08:39:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DB85DFBD-E265-4904-81A8-621671DDA6CD} [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/14 19:41:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job [2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 18:35:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/14 18:35:26 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys [2012/07/14 09:45:21 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\gjgsnppv [2012/07/14 09:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs [2012/07/14 09:43:44 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\duipdtsf [2012/07/12 17:42:29 | 000,002,397 | ---- | M] () -- C:\Users\Curly\Desktop\Google Chrome.lnk [2012/07/12 17:17:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/07/08 07:41:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/30 15:57:31 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk [2012/06/23 19:58:36 | 003,379,648 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/06/23 19:58:36 | 001,440,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/23 19:58:36 | 001,001,626 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/06/23 19:58:36 | 000,892,264 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/23 19:58:36 | 000,005,646 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/23 17:39:19 | 000,001,172 | ---- | M] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/14 13:50:56 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll [2012/07/14 13:50:56 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll [2012/07/14 09:45:21 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\gjgsnppv [2012/07/14 09:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs [2012/07/14 09:43:44 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\duipdtsf [2012/06/30 15:57:31 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk [2012/06/23 17:39:19 | 000,001,172 | ---- | C] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk [2011/12/13 20:46:28 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll [2011/01/25 22:12:09 | 000,005,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/01/09 23:52:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/09 22:20:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/08/04 05:29:38 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/08/04 04:29:02 | 000,001,960 | ---- | C] () -- C:\windows\HotFixList.ini [2010/08/04 04:27:22 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe ========== LOP Check ========== [2011/12/13 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Babylon [2012/05/29 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoft [2011/01/25 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers [2011/02/26 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\elsterformular [2011/01/10 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Green Clover Games [2011/01/10 06:22:54 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Hansenet [2012/06/03 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\iMaxGen [2011/08/12 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\JewelMatch2 [2012/02/12 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Need for Speed World [2011/10/24 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PacificPoker [2011/01/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PlayPond [2012/07/14 12:06:01 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\SoftGrid Client [2011/12/15 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\TP [2012/06/30 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Try2 [2011/12/27 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Windows Live Writer [2012/07/08 13:24:58 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/05/07 19:07:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011/01/10 19:29:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/08/04 04:22:21 | 000,000,000 | ---D | M] -- C:\Intel [2011/10/10 19:44:15 | 000,000,000 | ---D | M] -- C:\Microgaming [2011/12/15 22:28:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/02/21 18:19:35 | 000,000,000 | ---D | M] -- C:\PFiles [2012/04/23 18:17:30 | 000,000,000 | R--D | M] -- C:\Program Files [2012/07/14 17:06:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/12/29 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files(x86) [2012/07/14 17:06:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/01/09 22:17:20 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/07/14 20:04:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/01/09 22:18:57 | 000,000,000 | R--D | M] -- C:\Users [2012/06/20 14:28:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/01/09 22:44:24 | 000,000,148 | ---- | M] () -- C:\Users\Curly\DiskScrP.txt [2012/07/14 20:10:10 | 001,835,008 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT [2012/07/14 20:10:10 | 000,262,144 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG1 [2011/01/09 22:18:58 | 000,000,000 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG2 [2011/01/09 23:17:32 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/05/15 16:37:51 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TM.blf [2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000001.regtrans-ms [2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000002.regtrans-ms [2011/01/09 22:18:58 | 000,000,020 | -HS- | M] () -- C:\Users\Curly\ntuser.ini [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2 < End of report > |
14.07.2012, 19:28 | #4 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) Ich hatte das mit dem direkt reinstellen woanders gesehen. Soweit ich weiß, habe ich keine verschlüsselten Dateien. Hier die Logs: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/14/2012 7:59:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Curly\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free 7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system | "{2092520B-966D-4044-BFAC-53AE2EDD7ECB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system | "{3C7072C4-65BE-4245-B0B5-13752809C068}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3D57B42A-1BEB-4542-A383-ED564A49F3DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{466BAAA6-48D5-43D4-BA6D-2471905BA12A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5E3A5AC1-9573-46DC-BFE1-44850761EC48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system | "{74E47DFA-198F-4D2C-8345-DDB106031F75}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{79B54805-6501-40CC-8A51-769B9F988187}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7AD559A0-6325-45BF-9889-971651042C4E}" = lport=2869 | protocol=6 | dir=in | app=system | "{7EC1E60D-2AA7-4BB3-9086-AD970A586728}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system | "{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8293E152-0868-447F-99BB-4A2020E1ACB6}" = rport=10243 | protocol=6 | dir=out | app=system | "{8676C04B-E3F7-4851-B324-85D4ED38F757}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{87C6315B-DC5E-4902-93F0-550178C46158}" = lport=2869 | protocol=6 | dir=in | app=system | "{8F25E10B-133F-4202-A4C9-B0B71645EB1B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{90A6E77D-D528-4771-9047-1324942BCBFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93637A4F-B52D-4CD8-A85D-C239C87F64AB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{98A6891E-44A5-4C0F-AA5A-D1A0FA3D38E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{99DAD283-B6DE-40AA-B7CC-7E8AF8DD83E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system | "{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system | "{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system | "{B13A441A-641B-4608-A20D-387E5E7B1DFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B24D3273-7724-4BA9-82F5-5AF8AD33EECA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B7360798-D458-4D58-B80E-8DE8B65A1616}" = lport=10243 | protocol=6 | dir=in | app=system | "{C4696401-DA3F-49D7-B5B3-D856F37CEEA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4FB5557-2150-48B1-8244-AAB4EC93CDED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D9C98227-C8A8-41EE-BAFC-0E43973757EC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1B35A95D-7346-4D92-953A-31B307694FC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{208A3084-C63C-4826-B483-F6B009767D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "{26FCA5F2-140B-42F2-A396-8DF3D9B3C060}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{37677B55-48E1-4F5F-8092-8B566677137A}" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | "{3AE7A479-8530-4BD3-A916-AECD223FA6E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3E04AB46-F9C0-403A-9774-BC1D0B6CC8CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{40836A3E-C887-407F-AD26-20C61DC690FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5481D989-E77F-4E17-AA08-9F65F10C7A93}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{577285BC-9155-4B27-A26F-ECFE53F0BA22}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{8068FAB8-FC58-40B1-9D2B-98E206F5522C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{89F449F1-BD36-4016-934C-7CC9D13B89EB}" = protocol=6 | dir=out | app=system | "{8B4052CE-D834-411E-BAA1-4E2CBBFFBFDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{8E79F325-74F9-4526-B156-551FB2FF97EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D9D963F-5742-47BA-BED4-790F23736B70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB1CBE95-38FA-4129-B8D5-9F02DCAB5C75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AC4BFE1E-0574-432A-A409-9C70455EA853}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B2823A6C-76AF-4725-AED2-A929CBED35EC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C0F010B6-7DBD-4F13-8551-639ABC497C27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D0043576-4FF5-4FFB-9489-36699BBF8110}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EBF7309C-A09C-4DFC-815A-BD5727BCD612}" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\akamai\netsession_win.exe | "{F04600AA-DAAB-4CEE-9906-7351820009AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{F280F92D-F2F7-4350-99F4-F42588E5BC5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F660CDAB-929A-4315-BA96-287578D11C92}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FD3AFA01-032F-4FB5-A7BC-5C6810DD7DB7}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{6CE4A3D7-371C-476E-A2CD-C01E5BAE6980}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | "TCP Query User{A98B90E5-C86C-404E-A1E9-089A7B1733DC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "TCP Query User{AD7B1BCF-28B0-474B-BFC6-840E99F5CD7B}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B393B290-C8D1-4D53-AEB8-CE76E9DFEF54}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{EEB7CED1-C2BD-44C5-B683-C3E4D59373DC}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{388353D5-5BA1-4A3F-A02C-2AE50045B01D}C:\program files (x86)\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pacificpoker\bin\poker.exe | "UDP Query User{69CADA3B-F6A4-477F-82EF-ECF803BB2DDF}C:\users\curly\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\curly\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{7E18F17B-7C5E-462F-8D5E-A036093CA140}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{EDEFCBCA-EB35-470F-A06E-052002CEB662}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | "UDP Query User{F185A452-A77C-4DF3-8A6E-F6CCD2445B5B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{60356853-8141-8377-6786-288431479053}" = Jewel Empire-Hidden Secrets "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "888poker" = 888poker "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Akamai" = Akamai NetSession Interface Service "Alice Software" = Alice Software 4.10.0 "BabylonToolbar" = Babylon toolbar on IE "BFG-Awakening 2 - Der Mondenwald" = Awakening 2: Der Mondenwald "BFGC" = Big Fish Games: Game Manager "colosseum" = Colosseum Casino "DealPly" = DealPly "DSGPlayer" = RTL GAME CENTER "ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular für Privatanwender und Unternehmer "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Jane Angel_is1" = Jane Angel "Jewel Match 2" = Jewel Match 2 "Jewel Quest 2_is1" = Jewel Quest 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Marvell Miniport Driver" = Marvell Miniport Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "TmNationsForever_is1" = TmNationsForever "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/25/2012 4:11:05 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/26/2012 8:01:30 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/26/2012 2:10:03 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 3:10:37 AM | Computer Name = Curly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3538.513, Zeitstempel: 0x4dcdb2b3 Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version: 2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8 ID des fehlerhaften Prozesses: 0xb30 Startzeit der fehlerhaften Anwendung: 0x01cd2444c59627a4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax Berichtskennung: 164509e8-9038-11e1-a521-002454ce6eec Error - 4/27/2012 3:20:21 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 3:54:43 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/27/2012 5:22:11 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 4/27/2012 5:22:29 AM | Computer Name = Curly-PC | Source = SideBySide | ID = 16842824 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements angezeigt, das von dieser Windows-Version nicht unterstützt wird. Error - 4/27/2012 2:26:51 PM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 4/28/2012 5:06:31 AM | Computer Name = Curly-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . [ System Events ] Error - 6/9/2012 8:53:58 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 6/12/2012 2:02:39 PM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1715.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x8024001e Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%854 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/14/2012 11:06:37 AM | Computer Name = Curly-PC | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.127.1922.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%853 Quellpfad: Microsoft Corporation: Software, Smartphones, Online, Games, Cloud Computing, IT Business Technology, Downloads Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8403.0 Fehlercode: 0x80240016 Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". Error - 6/28/2012 3:22:04 PM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Error - 7/1/2012 9:15:12 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error - 7/3/2012 10:51:02 AM | Computer Name = Curly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Rezip erreicht. Error - 7/3/2012 1:39:26 PM | Computer Name = Curly-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 7/14/2012 11:51:06 AM | Computer Name = Curly-PC | Source = Tcpip | ID = 4199 Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der Netzwerkhardwareadresse E4-7C-F9-26-4A-D2 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/14/2012 7:59:50 PM - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Curly\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 72.59% Memory free 7.73 Gb Paging File | 6.60 Gb Available in Paging File | 85.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 253.00 Gb Total Space | 171.67 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Drive D: | 192.66 Gb Total Space | 192.57 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: CURLY-PC | User Name: Curly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/14 19:11:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Curly\Downloads\OTL (1).exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/12/09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2009/06/03 13:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 13:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/07/10 19:44:31 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2010/09/29 16:05:06 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Samsung | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=c641592b0000000000001ef46a1a847a IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Curly\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\ CHR - Extension: YouTube = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Deaktivierungs-Add-on von Google Analytics = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\ CHR - Extension: DealPly = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Skype Click to Call = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Users\Curly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Curly\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70F52640-BC37-48B9-9469-CABB97784DB3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/07/14 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Malwarebytes [2012/07/14 16:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/14 16:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/14 16:53:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/07/14 16:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/14 13:51:07 | 000,000,000 | ---D | C] -- C:\Users\Curly\Documents\Simply Super Software [2012/07/14 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0B8437F3-455E-4594-8000-CF2F32718C1D} [2012/07/14 13:19:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6C50CC1E-1167-4A7D-97C7-77F4D945A868} [2012/07/14 01:07:36 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1B83F72F-FBBE-46E8-946A-A33B291D913B} [2012/07/14 01:07:25 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1083DB5F-87E2-4B8C-A08E-3EB677EE55A3} [2012/07/13 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9EC33733-E145-43BC-B53B-5C96E92188CB} [2012/07/13 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3F957AFA-14D0-4C70-AF31-0B0067AA517B} [2012/07/12 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{099B6F47-AB64-47D3-A2A8-C409E9F9A19C} [2012/07/12 16:47:58 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{97A632B0-08D6-4C87-8F2B-A9ADBA3AE2E8} [2012/07/11 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{C547E0FE-1315-45DD-AAA6-522B906BBBD9} [2012/07/11 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BDE20456-27AE-4CD2-AD2D-4ABD9227DFFA} [2012/07/10 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E82146B6-C436-494A-AA78-D4C3AE77C09C} [2012/07/10 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B4CC0C13-FB37-44A5-8E9B-E41B412B244E} [2012/07/09 19:27:23 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{22EB1839-8BA7-4D07-85A6-7C5F02C36C5C} [2012/07/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{042A7E39-51F4-43E4-819B-A52B8BB4C792} [2012/07/08 20:04:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0C37E501-C89C-41EF-8440-C6F29A13A811} [2012/07/08 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0A0C36D9-EB71-4FF6-8001-D57D96B660A3} [2012/07/08 08:03:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{31225A11-D694-422C-AF66-F82EBB79FCD0} [2012/07/08 08:03:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{725F1962-318B-459B-92C9-891110E6E725} [2012/07/07 20:02:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{966E0BD8-68CC-4DE1-91B7-483DFD16DAB0} [2012/07/07 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A60421EA-A0FC-4112-95D3-3B50B3EA1306} [2012/07/07 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{66028DD7-4F0D-4C0F-A50D-3861B1260581} [2012/07/07 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DCB17834-1F54-4C3D-8BF7-04CD84CEB5E8} [2012/07/06 19:59:17 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F3B04F8-9F2E-4D93-86AB-13F62C2972B9} [2012/07/06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A15967AC-8D31-4385-BC9B-42BD30EC5F91} [2012/07/05 16:38:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7EA1BB94-60C8-40C0-B2B9-F5D1EC40C3CC} [2012/07/05 16:38:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AF0B1B3-F5CA-4A7C-9926-0234C7172410} [2012/07/03 16:51:41 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{238179E4-F0CA-4AE6-AA56-5B7E1E455416} [2012/07/03 16:51:30 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{1D31B9E6-9D35-4E53-9213-7226158CAC92} [2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Roaming\Try2 [2012/06/30 15:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Try2 [2012/06/30 15:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rondomedia [2012/06/30 15:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\rondomedia [2012/06/30 08:40:33 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{91C14A3C-EA6D-464D-90E6-04588472836A} [2012/06/30 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{620D4DA6-0351-4304-A54F-B1BCAC8AF811} [2012/06/29 20:08:06 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{85C6442F-B9D5-49A7-9D2D-EE984F9FC91F} [2012/06/29 20:07:54 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{87ECE462-7EEB-4211-8CC4-697C787AE266} [2012/06/28 17:22:39 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{3E6338C1-61A4-4A1B-8E84-E71F251E3E04} [2012/06/28 17:22:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B6F28B37-0223-49DE-BE8F-A05024E34C24} [2012/06/27 12:07:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{EDF4A685-4661-4669-8A69-B0DC621C1B6A} [2012/06/27 12:07:12 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8C0D85AC-4947-4705-8572-DFA62CA98594} [2012/06/26 17:26:04 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8314CFFE-C64E-4C90-9263-6EE337D4A14C} [2012/06/26 17:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0E617B41-9F0F-42B2-A076-A8AAA7B408E0} [2012/06/25 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{787B3F86-D47E-45E5-B545-ECFEC5683D0D} [2012/06/25 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{6136B93F-ADA6-42A8-91C6-94F1687857D2} [2012/06/24 13:51:27 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AA44DD6E-9ED3-494A-B90B-DC4F06829FC1} [2012/06/24 13:51:14 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{2F4D4BE8-90F8-4F30-BF09-6EADADB91195} [2012/06/23 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CC8E8176-BDCD-479F-A942-D218B5F1D1C5} [2012/06/23 23:18:42 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{461389E9-71DC-4D5A-9755-8605D9AA9487} [2012/06/23 11:18:15 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{A9369701-9AE9-4A9F-B7D6-A0E26C14F609} [2012/06/23 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5989344F-A244-48B1-929E-F872BFBF60AC} [2012/06/22 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{854BC9EB-6588-4052-A7C5-B258DD5993FE} [2012/06/22 10:16:34 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4E24F057-FEA2-4E00-9260-DC15E3AE99EC} [2012/06/21 22:16:02 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{812CBD7C-EACC-46FE-B4A8-6A6287DC04C4} [2012/06/21 22:15:49 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9661BFD4-872C-4FB1-B612-DCCB5EA8A0A2} [2012/06/21 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{9E0D13C0-8A97-46CF-8160-CAE36ACB3112} [2012/06/21 09:45:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{7D65540B-B4C7-4AAA-BDB2-B862F4F33313} [2012/06/20 14:29:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FECEF177-12E8-4706-8C42-BA2B2BE52D20} [2012/06/20 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FF83F29A-A84E-475E-8B44-6D249E43C7A3} [2012/06/20 14:28:15 | 000,000,000 | ---D | C] -- C:\windows\de [2012/06/20 14:23:19 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{5D1AC59A-784F-43FA-92F5-E7D855BFFD8C} [2012/06/20 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{0AD04DD3-AA84-45EE-9A18-E2DD33BC6254} [2012/06/20 12:52:08 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{09AC0B06-970F-42FA-B9E9-C9102F3D9A0B} [2012/06/20 12:51:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{FDECE332-E2F4-4A21-BE08-3686ACF7296D} [2012/06/20 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BA5E77BF-3B9E-4CF5-96D0-E6CD6BF6157B} [2012/06/20 12:40:10 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{BC041490-B794-47A9-8408-C0453B9C8A30} [2012/06/20 08:54:05 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{4963E122-B1E8-4341-AE89-CAB1253F3D20} [2012/06/20 08:53:52 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{8A196436-5561-4FC4-82D2-B860537E631D} [2012/06/20 08:16:09 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{389ADBA7-CF63-4ED7-8388-CD7535264E4F} [2012/06/20 08:15:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AE11333D-3098-4744-90D9-013AB0476BCC} [2012/06/19 20:37:56 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{AF064C82-00F6-4179-8E96-713F68634680} [2012/06/19 20:37:43 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{B1283DBE-5973-4313-B936-DE316349B10B} [2012/06/19 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{26AEC35B-4A4C-414C-B412-D4B0B538FBCA} [2012/06/19 13:16:45 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{71EDB583-229D-45ED-BFBC-56224171E6F3} [2012/06/19 10:25:51 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{86E9479B-BC8E-498C-8F8F-056CAFD83FC5} [2012/06/19 10:25:38 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{39F18714-431F-4877-A76C-229B7BE21B61} [2012/06/19 08:18:31 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{CAD1D7C6-BB32-4577-BFDC-9CA9C1961E69} [2012/06/19 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{E9D50095-2332-4F8F-978F-5CB23262705D} [2012/06/17 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{17A4699B-7E9B-4B84-8C52-8EF3BCCFEC97} [2012/06/16 08:39:24 | 000,000,000 | ---D | C] -- C:\Users\Curly\AppData\Local\{DB85DFBD-E265-4904-81A8-621671DDA6CD} [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/14 19:41:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job [2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 18:43:03 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/14 18:35:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/14 18:35:26 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys [2012/07/14 09:45:21 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\gjgsnppv [2012/07/14 09:44:17 | 000,000,000 | ---- | M] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs [2012/07/14 09:43:44 | 000,058,880 | ---- | M] () -- C:\Users\Curly\AppData\Local\duipdtsf [2012/07/12 17:42:29 | 000,002,397 | ---- | M] () -- C:\Users\Curly\Desktop\Google Chrome.lnk [2012/07/12 17:17:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/07/08 07:41:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/30 15:57:31 | 000,002,271 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk [2012/06/23 19:58:36 | 003,379,648 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/06/23 19:58:36 | 001,440,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/23 19:58:36 | 001,001,626 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/06/23 19:58:36 | 000,892,264 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/23 19:58:36 | 000,005,646 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/23 17:39:19 | 000,001,172 | ---- | M] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk [2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/14 13:50:56 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\UNRAR3.dll [2012/07/14 13:50:56 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll [2012/07/14 09:45:21 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\gjgsnppv [2012/07/14 09:44:17 | 000,000,000 | ---- | C] () -- C:\Users\Curly\AppData\Roaming\SharedSettings.ccs [2012/07/14 09:43:44 | 000,058,880 | ---- | C] () -- C:\Users\Curly\AppData\Local\duipdtsf [2012/06/30 15:57:31 | 000,002,271 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Empire - Hidden Secrets.lnk [2012/06/23 17:39:19 | 000,001,172 | ---- | C] () -- C:\Users\Curly\Desktop\Jewel Quest 2.lnk [2011/12/13 20:46:28 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll [2011/01/25 22:12:09 | 000,005,612 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/01/09 23:52:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/01/09 22:20:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/08/04 05:29:38 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2010/08/04 04:29:02 | 000,001,960 | ---- | C] () -- C:\windows\HotFixList.ini [2010/08/04 04:27:22 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe ========== LOP Check ========== [2011/12/13 20:46:15 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Babylon [2012/05/29 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoft [2011/01/25 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers [2011/02/26 15:39:46 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\elsterformular [2011/01/10 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Green Clover Games [2011/01/10 06:22:54 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Hansenet [2012/06/03 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\iMaxGen [2011/08/12 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\JewelMatch2 [2012/02/12 19:41:08 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Need for Speed World [2011/10/24 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PacificPoker [2011/01/10 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\PlayPond [2012/07/14 12:06:01 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\SoftGrid Client [2011/12/15 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\TP [2012/06/30 15:57:34 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Try2 [2011/12/27 20:44:36 | 000,000,000 | ---D | M] -- C:\Users\Curly\AppData\Roaming\Windows Live Writer [2012/07/08 13:24:58 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/05/07 19:07:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011/01/10 19:29:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/08/04 04:22:21 | 000,000,000 | ---D | M] -- C:\Intel [2011/10/10 19:44:15 | 000,000,000 | ---D | M] -- C:\Microgaming [2011/12/15 22:28:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/02/21 18:19:35 | 000,000,000 | ---D | M] -- C:\PFiles [2012/04/23 18:17:30 | 000,000,000 | R--D | M] -- C:\Program Files [2012/07/14 17:06:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011/12/29 13:16:24 | 000,000,000 | ---D | M] -- C:\Program Files(x86) [2012/07/14 17:06:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/01/09 22:17:20 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/07/14 20:04:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/01/09 22:18:57 | 000,000,000 | R--D | M] -- C:\Users [2012/06/20 14:28:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/05/17 14:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\drivers\iaStor.sys [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/01/09 22:44:24 | 000,000,148 | ---- | M] () -- C:\Users\Curly\DiskScrP.txt [2012/07/14 20:10:10 | 001,835,008 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT [2012/07/14 20:10:10 | 000,262,144 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG1 [2011/01/09 22:18:58 | 000,000,000 | -HS- | M] () -- C:\Users\Curly\ntuser.dat.LOG2 [2011/01/09 23:17:32 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/01/09 23:17:32 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/05/15 16:37:51 | 000,065,536 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TM.blf [2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000001.regtrans-ms [2012/05/15 16:37:51 | 000,524,288 | -HS- | M] () -- C:\Users\Curly\NTUSER.DAT{1a3ab4de-9e9b-11e1-971f-002454ce6eec}.TMContainer00000000000000000002.regtrans-ms [2011/01/09 22:18:58 | 000,000,020 | -HS- | M] () -- C:\Users\Curly\ntuser.ini [2 C:\Users\Curly\*.tmp files -> C:\Users\Curly\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2 < End of report > |
15.07.2012, 16:49 | #5 | |
/// Malware-holic | Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.07.2012, 20:13 | #6 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) eine kurze frage habe ich hierzu noch: Wie kann ich microsoft security essentials deaktivieren? hier der log von combofix Am Anfang stand ich solle einen Sytemwiederherstellungspunkt erstellen. Soll ich das noch machen? Combofix Logfile: Code:
ATTFilter ComboFix 12-07-14.01 - Curly 16.07.2012 10:14:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3957.2786 [GMT 2:00] ausgeführt von:: c:\users\Curly\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DealPly c:\program files (x86)\DealPly\DealPly.crx c:\program files (x86)\DealPly\DealPlyIE.dll c:\program files (x86)\DealPly\icon.ico c:\program files (x86)\DealPly\uninst.exe c:\programdata\FullRemove.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-16 bis 2012-07-16 )))))))))))))))))))))))))))))) . . 2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-16 08:09 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BE2E01AE-F098-4358-BFDD-6B633A61A4AB}\mpengine.dll 2012-07-15 04:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-14 14:53 . 2012-07-14 14:53 -------- d-----w- c:\users\Curly\AppData\Roaming\Malwarebytes 2012-07-14 14:53 . 2012-07-14 14:53 -------- d-----w- c:\programdata\Malwarebytes 2012-07-14 14:53 . 2012-07-14 14:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-14 14:53 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-14 11:50 . 2003-02-02 17:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll 2012-07-14 11:50 . 2002-03-05 22:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll 2012-07-12 15:00 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 15:02 . 2012-02-10 17:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FA9DE79-CD3D-4C98-9D98-B8BBCDCD92DC}\gapaengine.dll 2012-06-30 13:57 . 2012-06-30 13:57 -------- d-----w- c:\users\Curly\AppData\Roaming\Try2 2012-06-30 13:57 . 2012-06-30 13:57 -------- d-----w- c:\programdata\Try2 2012-06-30 13:55 . 2012-06-30 13:55 -------- d-----w- c:\program files (x86)\rondomedia 2012-06-21 07:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 07:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 07:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 07:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 07:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 07:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 07:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 07:30 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 07:30 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-20 12:28 . 2012-06-20 12:28 -------- d-----w- c:\windows\de 2012-06-20 12:23 . 2012-06-20 12:23 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\DSETUP.dll 2012-06-20 12:23 . 2012-06-20 12:23 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\DXSETUP.exe 2012-06-20 12:23 . 2012-06-20 12:23 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8cb7c75d1cd4edf01\dsetup32.dll 2012-06-20 12:23 . 2012-06-20 12:23 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8d07bd491cd4edf02\MeshBetaRemover.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 17:18 . 2012-05-25 17:18 0 ----a-w- c:\windows\SysWow64\shoF47B.tmp 2012-05-15 04:01 . 2012-06-13 14:46 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-13 14:46 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 11:06 . 2012-06-13 14:46 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 14:46 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 14:46 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 14:46 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 14:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 14:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 14:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 14:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 14:45 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 14:45 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 14:45 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 14:45 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 14:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 14:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 03:45 . 2012-06-13 14:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-13 14:46 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-18 11:49 . 2012-05-29 16:17 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Curly\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-06-27 83488] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhalt des "geplante Tasks" Ordners . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000Core.job - c:\users\Curly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 22:00] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-522234228-4192544273-3428825822-1000UA.job - c:\users\Curly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-09 22:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?AF=100478&babsrc=HP_ss&mntrId=c641592b0000000000001ef46a1a847a mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Free YouTube to MP3 Converter - c:\users\Curly\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-07-16 10:28:50 ComboFix-quarantined-files.txt 2012-07-16 08:28 . Vor Suchlauf: 11 Verzeichnis(se), 184.266.301.440 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 185.726.205.952 Bytes frei . - - End Of File - - 4CFB3B000B246F0254C0B06B0D386E86 |
17.07.2012, 22:13 | #7 |
/// Malware-holic | Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) ne, stand ja am anfang da, da hättest es machen sollen. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.07.2012, 16:17 | #8 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) 17:14:17.0325 4744 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 17:14:17.0528 4744 ============================================================ 17:14:17.0528 4744 Current date / time: 2012/07/18 17:14:17.0528 17:14:17.0528 4744 SystemInfo: 17:14:17.0528 4744 17:14:17.0528 4744 OS Version: 6.1.7601 ServicePack: 1.0 17:14:17.0528 4744 Product type: Workstation 17:14:17.0528 4744 ComputerName: CURLY-PC 17:14:17.0528 4744 UserName: Curly 17:14:17.0528 4744 Windows directory: C:\windows 17:14:17.0528 4744 System windows directory: C:\windows 17:14:17.0528 4744 Running under WOW64 17:14:17.0528 4744 Processor architecture: Intel x64 17:14:17.0528 4744 Number of processors: 4 17:14:17.0528 4744 Page size: 0x1000 17:14:17.0528 4744 Boot type: Normal boot 17:14:17.0528 4744 ============================================================ 17:14:18.0963 4744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:14:18.0979 4744 ============================================================ 17:14:18.0979 4744 \Device\Harddisk0\DR0: 17:14:18.0979 4744 MBR partitions: 17:14:18.0979 4744 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000 17:14:18.0979 4744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1FA00000 17:14:18.0994 4744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22233000, BlocksNum 0x18152800 17:14:18.0994 4744 ============================================================ 17:14:19.0088 4744 C: <-> \Device\Harddisk0\DR0\Partition1 17:14:19.0135 4744 D: <-> \Device\Harddisk0\DR0\Partition2 17:14:19.0135 4744 ============================================================ 17:14:19.0135 4744 Initialize success 17:14:19.0135 4744 ============================================================ 17:14:53.0312 2876 ============================================================ 17:14:53.0312 2876 Scan started 17:14:53.0312 2876 Mode: Manual; SigCheck; TDLFS; 17:14:53.0312 2876 ============================================================ 17:14:53.0686 2876 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 17:14:53.0826 2876 1394ohci - ok 17:14:53.0904 2876 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 17:14:53.0936 2876 ACPI - ok 17:14:53.0998 2876 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 17:14:54.0076 2876 AcpiPmi - ok 17:14:54.0201 2876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 17:14:54.0248 2876 adp94xx - ok 17:14:54.0310 2876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 17:14:54.0341 2876 adpahci - ok 17:14:54.0388 2876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 17:14:54.0419 2876 adpu320 - ok 17:14:54.0450 2876 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 17:14:54.0544 2876 AeLookupSvc - ok 17:14:54.0638 2876 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 17:14:54.0716 2876 AFD - ok 17:14:54.0762 2876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 17:14:54.0794 2876 agp440 - ok 17:14:55.0246 2876 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll 17:14:55.0246 2876 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22 17:14:55.0246 2876 Akamai ( HiddenFile.Multi.Generic ) - warning 17:14:55.0246 2876 Akamai - detected HiddenFile.Multi.Generic (1) 17:14:55.0402 2876 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 17:14:55.0449 2876 ALG - ok 17:14:55.0511 2876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 17:14:55.0542 2876 aliide - ok 17:14:55.0542 2876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 17:14:55.0574 2876 amdide - ok 17:14:55.0636 2876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 17:14:55.0698 2876 AmdK8 - ok 17:14:55.0714 2876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 17:14:55.0745 2876 AmdPPM - ok 17:14:55.0792 2876 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 17:14:55.0823 2876 amdsata - ok 17:14:55.0854 2876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 17:14:55.0886 2876 amdsbs - ok 17:14:55.0901 2876 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 17:14:55.0917 2876 amdxata - ok 17:14:55.0964 2876 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 17:14:56.0026 2876 AppID - ok 17:14:56.0057 2876 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 17:14:56.0166 2876 AppIDSvc - ok 17:14:56.0229 2876 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 17:14:56.0307 2876 Appinfo - ok 17:14:56.0354 2876 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 17:14:56.0385 2876 arc - ok 17:14:56.0432 2876 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 17:14:56.0447 2876 arcsas - ok 17:14:56.0494 2876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 17:14:56.0634 2876 AsyncMac - ok 17:14:56.0681 2876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 17:14:56.0712 2876 atapi - ok 17:14:56.0884 2876 athr (2c0bb386e86670bb1b1a57caaef3e50d) C:\windows\system32\DRIVERS\athrx.sys 17:14:57.0056 2876 athr - ok 17:14:57.0274 2876 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:14:57.0414 2876 AudioEndpointBuilder - ok 17:14:57.0414 2876 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:14:57.0461 2876 AudioSrv - ok 17:14:57.0524 2876 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 17:14:57.0633 2876 AxInstSV - ok 17:14:57.0773 2876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 17:14:57.0836 2876 b06bdrv - ok 17:14:57.0914 2876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 17:14:57.0976 2876 b57nd60a - ok 17:14:58.0023 2876 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 17:14:58.0116 2876 BDESVC - ok 17:14:58.0179 2876 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 17:14:58.0288 2876 Beep - ok 17:14:58.0397 2876 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 17:14:58.0506 2876 BFE - ok 17:14:58.0600 2876 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 17:14:58.0709 2876 BITS - ok 17:14:58.0787 2876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 17:14:58.0818 2876 blbdrive - ok 17:14:58.0865 2876 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 17:14:58.0928 2876 bowser - ok 17:14:58.0974 2876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 17:14:59.0084 2876 BrFiltLo - ok 17:14:59.0130 2876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 17:14:59.0162 2876 BrFiltUp - ok 17:14:59.0193 2876 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 17:14:59.0255 2876 Browser - ok 17:14:59.0302 2876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 17:14:59.0364 2876 Brserid - ok 17:14:59.0411 2876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 17:14:59.0474 2876 BrSerWdm - ok 17:14:59.0505 2876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 17:14:59.0567 2876 BrUsbMdm - ok 17:14:59.0598 2876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 17:14:59.0661 2876 BrUsbSer - ok 17:14:59.0739 2876 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 17:14:59.0801 2876 BthEnum - ok 17:14:59.0864 2876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 17:14:59.0895 2876 BTHMODEM - ok 17:14:59.0957 2876 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 17:14:59.0988 2876 BthPan - ok 17:15:00.0098 2876 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys 17:15:00.0207 2876 BTHPORT - ok 17:15:00.0269 2876 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 17:15:00.0363 2876 bthserv - ok 17:15:00.0425 2876 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys 17:15:00.0456 2876 BTHUSB - ok 17:15:00.0503 2876 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 17:15:00.0581 2876 cdfs - ok 17:15:00.0628 2876 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys 17:15:00.0644 2876 cdrom - ok 17:15:00.0706 2876 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:15:00.0800 2876 CertPropSvc - ok 17:15:00.0846 2876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 17:15:00.0893 2876 circlass - ok 17:15:00.0956 2876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 17:15:00.0971 2876 CLFS - ok 17:15:01.0049 2876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:15:01.0065 2876 clr_optimization_v2.0.50727_32 - ok 17:15:01.0112 2876 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:15:01.0143 2876 clr_optimization_v2.0.50727_64 - ok 17:15:01.0236 2876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:15:01.0252 2876 clr_optimization_v4.0.30319_32 - ok 17:15:01.0330 2876 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:15:01.0361 2876 clr_optimization_v4.0.30319_64 - ok 17:15:01.0392 2876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 17:15:01.0439 2876 CmBatt - ok 17:15:01.0486 2876 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 17:15:01.0502 2876 cmdide - ok 17:15:01.0611 2876 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 17:15:01.0689 2876 CNG - ok 17:15:01.0751 2876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 17:15:01.0767 2876 Compbatt - ok 17:15:01.0814 2876 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 17:15:01.0860 2876 CompositeBus - ok 17:15:01.0892 2876 COMSysApp - ok 17:15:01.0907 2876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 17:15:01.0938 2876 crcdisk - ok 17:15:02.0001 2876 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 17:15:02.0063 2876 CryptSvc - ok 17:15:02.0266 2876 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 17:15:02.0313 2876 cvhsvc - ok 17:15:02.0422 2876 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:15:02.0516 2876 DcomLaunch - ok 17:15:02.0578 2876 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 17:15:02.0687 2876 defragsvc - ok 17:15:02.0765 2876 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 17:15:02.0843 2876 DfsC - ok 17:15:02.0921 2876 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 17:15:03.0030 2876 Dhcp - ok 17:15:03.0062 2876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 17:15:03.0155 2876 discache - ok 17:15:03.0171 2876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 17:15:03.0202 2876 Disk - ok 17:15:03.0249 2876 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 17:15:03.0311 2876 Dnscache - ok 17:15:03.0374 2876 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 17:15:03.0483 2876 dot3svc - ok 17:15:03.0545 2876 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 17:15:03.0639 2876 DPS - ok 17:15:03.0686 2876 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 17:15:03.0732 2876 drmkaud - ok 17:15:03.0842 2876 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 17:15:03.0888 2876 DXGKrnl - ok 17:15:03.0951 2876 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 17:15:04.0029 2876 EapHost - ok 17:15:04.0294 2876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 17:15:04.0434 2876 ebdrv - ok 17:15:04.0590 2876 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 17:15:04.0637 2876 EFS - ok 17:15:04.0746 2876 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 17:15:04.0840 2876 ehRecvr - ok 17:15:04.0887 2876 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 17:15:04.0949 2876 ehSched - ok 17:15:05.0074 2876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 17:15:05.0105 2876 elxstor - ok 17:15:05.0121 2876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 17:15:05.0168 2876 ErrDev - ok 17:15:05.0261 2876 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 17:15:05.0370 2876 EventSystem - ok 17:15:05.0433 2876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 17:15:05.0511 2876 exfat - ok 17:15:05.0558 2876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 17:15:05.0651 2876 fastfat - ok 17:15:05.0745 2876 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 17:15:05.0854 2876 Fax - ok 17:15:05.0885 2876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 17:15:05.0916 2876 fdc - ok 17:15:05.0948 2876 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 17:15:06.0057 2876 fdPHost - ok 17:15:06.0072 2876 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 17:15:06.0135 2876 FDResPub - ok 17:15:06.0197 2876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 17:15:06.0228 2876 FileInfo - ok 17:15:06.0260 2876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 17:15:06.0338 2876 Filetrace - ok 17:15:06.0384 2876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 17:15:06.0416 2876 flpydisk - ok 17:15:06.0494 2876 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 17:15:06.0540 2876 FltMgr - ok 17:15:06.0681 2876 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 17:15:06.0759 2876 FontCache - ok 17:15:06.0837 2876 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:15:06.0852 2876 FontCache3.0.0.0 - ok 17:15:06.0899 2876 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 17:15:06.0915 2876 FsDepends - ok 17:15:06.0962 2876 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 17:15:06.0977 2876 Fs_Rec - ok 17:15:07.0055 2876 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 17:15:07.0086 2876 fvevol - ok 17:15:07.0133 2876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 17:15:07.0164 2876 gagp30kx - ok 17:15:07.0258 2876 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 17:15:07.0352 2876 gpsvc - ok 17:15:07.0367 2876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 17:15:07.0430 2876 hcw85cir - ok 17:15:07.0523 2876 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 17:15:07.0570 2876 HdAudAddService - ok 17:15:07.0617 2876 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 17:15:07.0664 2876 HDAudBus - ok 17:15:07.0695 2876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 17:15:07.0710 2876 HidBatt - ok 17:15:07.0726 2876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 17:15:07.0773 2876 HidBth - ok 17:15:07.0804 2876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 17:15:07.0835 2876 HidIr - ok 17:15:07.0866 2876 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 17:15:07.0944 2876 hidserv - ok 17:15:07.0991 2876 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 17:15:08.0007 2876 HidUsb - ok 17:15:08.0069 2876 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 17:15:08.0163 2876 hkmsvc - ok 17:15:08.0225 2876 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 17:15:08.0272 2876 HomeGroupListener - ok 17:15:08.0334 2876 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 17:15:08.0366 2876 HomeGroupProvider - ok 17:15:08.0428 2876 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 17:15:08.0444 2876 HpSAMD - ok 17:15:08.0568 2876 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 17:15:08.0646 2876 HTTP - ok 17:15:08.0678 2876 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 17:15:08.0693 2876 hwpolicy - ok 17:15:08.0756 2876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys 17:15:08.0787 2876 i8042prt - ok 17:15:08.0849 2876 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys 17:15:09.0146 2876 iaStor - ok 17:15:09.0239 2876 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 17:15:09.0270 2876 iaStorV - ok 17:15:09.0411 2876 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:15:09.0458 2876 idsvc - ok 17:15:09.0926 2876 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys 17:15:10.0144 2876 igfx - ok 17:15:10.0300 2876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 17:15:10.0331 2876 iirsp - ok 17:15:10.0440 2876 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 17:15:10.0534 2876 IKEEXT - ok 17:15:10.0596 2876 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys 17:15:10.0643 2876 Impcd - ok 17:15:10.0908 2876 IntcAzAudAddService (801946ce25dd2179fe68599826b0bb88) C:\windows\system32\drivers\RTKVHD64.sys 17:15:11.0018 2876 IntcAzAudAddService - ok 17:15:11.0189 2876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 17:15:11.0220 2876 intelide - ok 17:15:11.0267 2876 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 17:15:11.0314 2876 intelppm - ok 17:15:11.0361 2876 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 17:15:11.0454 2876 IPBusEnum - ok 17:15:11.0517 2876 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 17:15:11.0610 2876 IpFilterDriver - ok 17:15:11.0704 2876 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 17:15:11.0813 2876 iphlpsvc - ok 17:15:11.0860 2876 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 17:15:11.0891 2876 IPMIDRV - ok 17:15:11.0938 2876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 17:15:12.0032 2876 IPNAT - ok 17:15:12.0063 2876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 17:15:12.0156 2876 IRENUM - ok 17:15:12.0219 2876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 17:15:12.0234 2876 isapnp - ok 17:15:12.0297 2876 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 17:15:12.0328 2876 iScsiPrt - ok 17:15:12.0390 2876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys 17:15:12.0406 2876 kbdclass - ok 17:15:12.0468 2876 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 17:15:12.0500 2876 kbdhid - ok 17:15:12.0562 2876 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:15:12.0578 2876 KeyIso - ok 17:15:12.0640 2876 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 17:15:12.0656 2876 KSecDD - ok 17:15:12.0687 2876 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 17:15:12.0718 2876 KSecPkg - ok 17:15:12.0780 2876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 17:15:12.0874 2876 ksthunk - ok 17:15:12.0936 2876 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 17:15:13.0030 2876 KtmRm - ok 17:15:13.0108 2876 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 17:15:13.0170 2876 LanmanServer - ok 17:15:13.0233 2876 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 17:15:13.0295 2876 LanmanWorkstation - ok 17:15:13.0342 2876 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 17:15:13.0436 2876 lltdio - ok 17:15:13.0482 2876 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 17:15:13.0560 2876 lltdsvc - ok 17:15:13.0607 2876 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 17:15:13.0701 2876 lmhosts - ok 17:15:13.0748 2876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 17:15:13.0763 2876 LSI_FC - ok 17:15:13.0794 2876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 17:15:13.0826 2876 LSI_SAS - ok 17:15:13.0857 2876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 17:15:13.0872 2876 LSI_SAS2 - ok 17:15:13.0888 2876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 17:15:13.0904 2876 LSI_SCSI - ok 17:15:13.0950 2876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 17:15:14.0028 2876 luafv - ok 17:15:14.0091 2876 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 17:15:14.0122 2876 Mcx2Svc - ok 17:15:14.0138 2876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 17:15:14.0169 2876 megasas - ok 17:15:14.0200 2876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 17:15:14.0231 2876 MegaSR - ok 17:15:14.0278 2876 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:15:14.0372 2876 MMCSS - ok 17:15:14.0372 2876 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 17:15:14.0434 2876 Modem - ok 17:15:14.0465 2876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 17:15:14.0512 2876 monitor - ok 17:15:14.0559 2876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 17:15:14.0590 2876 mouclass - ok 17:15:14.0621 2876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 17:15:14.0652 2876 mouhid - ok 17:15:14.0715 2876 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 17:15:14.0746 2876 mountmgr - ok 17:15:14.0808 2876 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys 17:15:14.0840 2876 MpFilter - ok 17:15:14.0871 2876 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 17:15:14.0902 2876 mpio - ok 17:15:14.0933 2876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 17:15:14.0980 2876 mpsdrv - ok 17:15:15.0089 2876 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 17:15:15.0214 2876 MpsSvc - ok 17:15:15.0261 2876 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 17:15:15.0308 2876 MRxDAV - ok 17:15:15.0339 2876 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 17:15:15.0386 2876 mrxsmb - ok 17:15:15.0432 2876 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 17:15:15.0464 2876 mrxsmb10 - ok 17:15:15.0495 2876 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 17:15:15.0510 2876 mrxsmb20 - ok 17:15:15.0557 2876 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 17:15:15.0573 2876 msahci - ok 17:15:15.0620 2876 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 17:15:15.0651 2876 msdsm - ok 17:15:15.0698 2876 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 17:15:15.0744 2876 MSDTC - ok 17:15:15.0838 2876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 17:15:15.0916 2876 Msfs - ok 17:15:15.0963 2876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 17:15:16.0025 2876 mshidkmdf - ok 17:15:16.0056 2876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 17:15:16.0056 2876 msisadrv - ok 17:15:16.0103 2876 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 17:15:16.0181 2876 MSiSCSI - ok 17:15:16.0181 2876 msiserver - ok 17:15:16.0228 2876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 17:15:16.0290 2876 MSKSSRV - ok 17:15:16.0400 2876 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 17:15:16.0431 2876 MsMpSvc - ok 17:15:16.0478 2876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 17:15:16.0556 2876 MSPCLOCK - ok 17:15:16.0556 2876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 17:15:16.0602 2876 MSPQM - ok 17:15:16.0649 2876 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 17:15:16.0680 2876 MsRPC - ok 17:15:16.0712 2876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 17:15:16.0727 2876 mssmbios - ok 17:15:16.0758 2876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 17:15:16.0821 2876 MSTEE - ok 17:15:16.0836 2876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 17:15:16.0852 2876 MTConfig - ok 17:15:16.0868 2876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 17:15:16.0883 2876 Mup - ok 17:15:16.0946 2876 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 17:15:17.0024 2876 napagent - ok 17:15:17.0102 2876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 17:15:17.0148 2876 NativeWifiP - ok 17:15:17.0258 2876 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 17:15:17.0320 2876 NDIS - ok 17:15:17.0367 2876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 17:15:17.0460 2876 NdisCap - ok 17:15:17.0492 2876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 17:15:17.0554 2876 NdisTapi - ok 17:15:17.0585 2876 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 17:15:17.0632 2876 Ndisuio - ok 17:15:17.0679 2876 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 17:15:17.0772 2876 NdisWan - ok 17:15:17.0819 2876 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 17:15:17.0928 2876 NDProxy - ok 17:15:17.0975 2876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 17:15:18.0022 2876 NetBIOS - ok 17:15:18.0084 2876 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 17:15:18.0178 2876 NetBT - ok 17:15:18.0240 2876 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:15:18.0256 2876 Netlogon - ok 17:15:18.0334 2876 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 17:15:18.0428 2876 Netman - ok 17:15:18.0474 2876 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 17:15:18.0599 2876 netprofm - ok 17:15:18.0693 2876 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:15:18.0708 2876 NetTcpPortSharing - ok 17:15:18.0755 2876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 17:15:18.0786 2876 nfrd960 - ok 17:15:18.0833 2876 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys 17:15:18.0849 2876 NisDrv - ok 17:15:18.0989 2876 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 17:15:19.0036 2876 NisSrv - ok 17:15:19.0114 2876 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 17:15:19.0192 2876 NlaSvc - ok 17:15:19.0223 2876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 17:15:19.0254 2876 Npfs - ok 17:15:19.0286 2876 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 17:15:19.0364 2876 nsi - ok 17:15:19.0395 2876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 17:15:19.0473 2876 nsiproxy - ok 17:15:19.0644 2876 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 17:15:19.0769 2876 Ntfs - ok 17:15:19.0910 2876 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 17:15:20.0003 2876 Null - ok 17:15:20.0050 2876 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\windows\system32\drivers\nvhda64v.sys 17:15:20.0081 2876 NVHDA - ok 17:15:20.0877 2876 nvlddmkm (a518a34f345abf771e66ac48932ffea8) C:\windows\system32\DRIVERS\nvlddmkm.sys 17:15:21.0267 2876 nvlddmkm - ok 17:15:21.0438 2876 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 17:15:21.0470 2876 nvraid - ok 17:15:21.0532 2876 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 17:15:21.0548 2876 nvstor - ok 17:15:21.0626 2876 nvsvc (5fdeb48cd1a35c6754f6e345308b99d5) C:\windows\system32\nvvsvc.exe 17:15:21.0657 2876 nvsvc - ok 17:15:21.0704 2876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 17:15:21.0735 2876 nv_agp - ok 17:15:21.0766 2876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 17:15:21.0813 2876 ohci1394 - ok 17:15:21.0938 2876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:15:21.0969 2876 ose - ok 17:15:22.0452 2876 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:15:22.0640 2876 osppsvc - ok 17:15:22.0796 2876 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:15:22.0874 2876 p2pimsvc - ok 17:15:22.0920 2876 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 17:15:22.0952 2876 p2psvc - ok 17:15:23.0045 2876 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 17:15:23.0092 2876 Parport - ok 17:15:23.0139 2876 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 17:15:23.0154 2876 partmgr - ok 17:15:23.0201 2876 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 17:15:23.0248 2876 PcaSvc - ok 17:15:23.0279 2876 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 17:15:23.0310 2876 pci - ok 17:15:23.0342 2876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 17:15:23.0357 2876 pciide - ok 17:15:23.0420 2876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 17:15:23.0451 2876 pcmcia - ok 17:15:23.0466 2876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 17:15:23.0498 2876 pcw - ok 17:15:23.0544 2876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 17:15:23.0638 2876 PEAUTH - ok 17:15:23.0747 2876 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 17:15:23.0794 2876 PerfHost - ok 17:15:24.0028 2876 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 17:15:24.0184 2876 pla - ok 17:15:24.0262 2876 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 17:15:24.0324 2876 PlugPlay - ok 17:15:24.0340 2876 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 17:15:24.0387 2876 PNRPAutoReg - ok 17:15:24.0434 2876 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:15:24.0465 2876 PNRPsvc - ok 17:15:24.0543 2876 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 17:15:24.0605 2876 PolicyAgent - ok 17:15:24.0652 2876 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 17:15:24.0730 2876 Power - ok 17:15:24.0824 2876 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 17:15:24.0902 2876 PptpMiniport - ok 17:15:24.0933 2876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 17:15:24.0964 2876 Processor - ok 17:15:25.0042 2876 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 17:15:25.0104 2876 ProfSvc - ok 17:15:25.0151 2876 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:15:25.0167 2876 ProtectedStorage - ok 17:15:25.0214 2876 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 17:15:25.0292 2876 Psched - ok 17:15:25.0463 2876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 17:15:25.0557 2876 ql2300 - ok 17:15:25.0697 2876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 17:15:25.0728 2876 ql40xx - ok 17:15:25.0775 2876 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 17:15:25.0822 2876 QWAVE - ok 17:15:25.0838 2876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 17:15:25.0900 2876 QWAVEdrv - ok 17:15:25.0916 2876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 17:15:25.0978 2876 RasAcd - ok 17:15:26.0040 2876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 17:15:26.0103 2876 RasAgileVpn - ok 17:15:26.0150 2876 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 17:15:26.0243 2876 RasAuto - ok 17:15:26.0290 2876 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 17:15:26.0384 2876 Rasl2tp - ok 17:15:26.0462 2876 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 17:15:26.0555 2876 RasMan - ok 17:15:26.0602 2876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 17:15:26.0680 2876 RasPppoe - ok 17:15:26.0711 2876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 17:15:26.0774 2876 RasSstp - ok 17:15:26.0836 2876 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 17:15:26.0930 2876 rdbss - ok 17:15:26.0961 2876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 17:15:27.0008 2876 rdpbus - ok 17:15:27.0039 2876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 17:15:27.0101 2876 RDPCDD - ok 17:15:27.0132 2876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 17:15:27.0164 2876 RDPENCDD - ok 17:15:27.0179 2876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 17:15:27.0242 2876 RDPREFMP - ok 17:15:27.0304 2876 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 17:15:27.0366 2876 RDPWD - ok 17:15:27.0429 2876 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 17:15:27.0460 2876 rdyboost - ok 17:15:27.0507 2876 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 17:15:27.0585 2876 RemoteAccess - ok 17:15:27.0663 2876 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 17:15:27.0725 2876 RemoteRegistry - ok 17:15:27.0881 2876 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SysWOW64\Rezip.exe 17:15:27.0912 2876 Rezip ( UnsignedFile.Multi.Generic ) - warning 17:15:27.0912 2876 Rezip - detected UnsignedFile.Multi.Generic (1) 17:15:28.0006 2876 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 17:15:28.0037 2876 RFCOMM - ok 17:15:28.0146 2876 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 17:15:28.0178 2876 RichVideo - ok 17:15:28.0224 2876 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 17:15:28.0318 2876 RpcEptMapper - ok 17:15:28.0349 2876 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 17:15:28.0396 2876 RpcLocator - ok 17:15:28.0490 2876 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:15:28.0552 2876 RpcSs - ok 17:15:28.0614 2876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 17:15:28.0677 2876 rspndr - ok 17:15:28.0739 2876 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys 17:15:28.0786 2876 RTL8167 - ok 17:15:28.0911 2876 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys 17:15:28.0926 2876 rtport - ok 17:15:28.0989 2876 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys 17:15:29.0051 2876 SABI - ok 17:15:29.0082 2876 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:15:29.0098 2876 SamSs - ok 17:15:29.0145 2876 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 17:15:29.0176 2876 sbp2port - ok 17:15:29.0223 2876 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 17:15:29.0316 2876 SCardSvr - ok 17:15:29.0348 2876 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 17:15:29.0394 2876 scfilter - ok 17:15:29.0519 2876 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 17:15:29.0613 2876 Schedule - ok 17:15:29.0660 2876 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:15:29.0706 2876 SCPolicySvc - ok 17:15:29.0753 2876 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 17:15:29.0816 2876 SDRSVC - ok 17:15:29.0894 2876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 17:15:29.0956 2876 secdrv - ok 17:15:29.0987 2876 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 17:15:30.0034 2876 seclogon - ok 17:15:30.0081 2876 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 17:15:30.0174 2876 SENS - ok 17:15:30.0206 2876 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 17:15:30.0237 2876 SensrSvc - ok 17:15:30.0299 2876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 17:15:30.0330 2876 Serenum - ok 17:15:30.0377 2876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 17:15:30.0408 2876 Serial - ok 17:15:30.0455 2876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 17:15:30.0502 2876 sermouse - ok 17:15:30.0549 2876 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 17:15:30.0642 2876 SessionEnv - ok 17:15:30.0674 2876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 17:15:30.0736 2876 sffdisk - ok 17:15:30.0736 2876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 17:15:30.0767 2876 sffp_mmc - ok 17:15:30.0767 2876 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 17:15:30.0814 2876 sffp_sd - ok 17:15:30.0861 2876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 17:15:30.0876 2876 sfloppy - ok 17:15:31.0017 2876 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys 17:15:31.0064 2876 Sftfs - ok 17:15:31.0235 2876 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 17:15:31.0266 2876 sftlist - ok 17:15:31.0329 2876 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys 17:15:31.0360 2876 Sftplay - ok 17:15:31.0391 2876 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys 17:15:31.0407 2876 Sftredir - ok 17:15:31.0422 2876 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys 17:15:31.0438 2876 Sftvol - ok 17:15:31.0500 2876 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 17:15:31.0532 2876 sftvsa - ok 17:15:31.0625 2876 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 17:15:31.0719 2876 SharedAccess - ok 17:15:31.0781 2876 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 17:15:31.0859 2876 ShellHWDetection - ok 17:15:31.0922 2876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 17:15:31.0937 2876 SiSRaid2 - ok 17:15:31.0968 2876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 17:15:32.0000 2876 SiSRaid4 - ok 17:15:32.0031 2876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 17:15:32.0093 2876 Smb - ok 17:15:32.0156 2876 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 17:15:32.0202 2876 SNMPTRAP - ok 17:15:32.0218 2876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 17:15:32.0234 2876 spldr - ok 17:15:32.0327 2876 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 17:15:32.0405 2876 Spooler - ok 17:15:32.0733 2876 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 17:15:32.0842 2876 sppsvc - ok 17:15:32.0982 2876 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 17:15:33.0076 2876 sppuinotify - ok 17:15:33.0170 2876 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 17:15:33.0216 2876 srv - ok 17:15:33.0279 2876 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 17:15:33.0310 2876 srv2 - ok 17:15:33.0341 2876 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 17:15:33.0357 2876 srvnet - ok 17:15:33.0419 2876 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 17:15:33.0513 2876 SSDPSRV - ok 17:15:33.0544 2876 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 17:15:33.0638 2876 SstpSvc - ok 17:15:33.0669 2876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 17:15:33.0684 2876 stexstor - ok 17:15:33.0778 2876 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 17:15:33.0825 2876 stisvc - ok 17:15:33.0856 2876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 17:15:33.0872 2876 swenum - ok 17:15:33.0934 2876 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 17:15:34.0043 2876 swprv - ok 17:15:34.0121 2876 SynTP (3c80203c725c28cea5713d1ab242880a) C:\windows\system32\DRIVERS\SynTP.sys 17:15:34.0152 2876 SynTP - ok 17:15:34.0340 2876 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 17:15:34.0480 2876 SysMain - ok 17:15:34.0620 2876 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 17:15:34.0683 2876 TabletInputService - ok 17:15:34.0730 2876 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 17:15:34.0823 2876 TapiSrv - ok 17:15:34.0870 2876 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 17:15:34.0995 2876 TBS - ok 17:15:35.0213 2876 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 17:15:35.0338 2876 Tcpip - ok 17:15:35.0666 2876 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 17:15:35.0744 2876 TCPIP6 - ok 17:15:35.0900 2876 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 17:15:35.0962 2876 tcpipreg - ok 17:15:35.0993 2876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 17:15:36.0040 2876 TDPIPE - ok 17:15:36.0071 2876 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 17:15:36.0102 2876 TDTCP - ok 17:15:36.0149 2876 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 17:15:36.0258 2876 tdx - ok 17:15:36.0305 2876 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 17:15:36.0321 2876 TermDD - ok 17:15:36.0461 2876 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 17:15:36.0602 2876 TermService - ok 17:15:36.0633 2876 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 17:15:36.0695 2876 Themes - ok 17:15:36.0726 2876 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:15:36.0789 2876 THREADORDER - ok 17:15:36.0820 2876 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 17:15:36.0929 2876 TrkWks - ok 17:15:37.0007 2876 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 17:15:37.0101 2876 TrustedInstaller - ok 17:15:37.0148 2876 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 17:15:37.0226 2876 tssecsrv - ok 17:15:37.0288 2876 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 17:15:37.0335 2876 TsUsbFlt - ok 17:15:37.0413 2876 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 17:15:37.0506 2876 tunnel - ok 17:15:37.0538 2876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 17:15:37.0569 2876 uagp35 - ok 17:15:37.0616 2876 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 17:15:37.0709 2876 udfs - ok 17:15:37.0740 2876 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 17:15:37.0772 2876 UI0Detect - ok 17:15:37.0834 2876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 17:15:37.0865 2876 uliagpkx - ok 17:15:37.0928 2876 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys 17:15:37.0974 2876 umbus - ok 17:15:38.0006 2876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 17:15:38.0021 2876 UmPass - ok 17:15:38.0084 2876 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 17:15:38.0162 2876 upnphost - ok 17:15:38.0208 2876 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 17:15:38.0286 2876 usbccgp - ok 17:15:38.0349 2876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 17:15:38.0380 2876 usbcir - ok 17:15:38.0411 2876 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 17:15:38.0427 2876 usbehci - ok 17:15:38.0474 2876 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 17:15:38.0520 2876 usbhub - ok 17:15:38.0552 2876 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 17:15:38.0598 2876 usbohci - ok 17:15:38.0630 2876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 17:15:38.0661 2876 usbprint - ok 17:15:38.0708 2876 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 17:15:38.0770 2876 USBSTOR - ok 17:15:38.0801 2876 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 17:15:38.0848 2876 usbuhci - ok 17:15:38.0910 2876 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys 17:15:38.0957 2876 usbvideo - ok 17:15:38.0988 2876 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 17:15:39.0082 2876 UxSms - ok 17:15:39.0129 2876 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:15:39.0160 2876 VaultSvc - ok 17:15:39.0222 2876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 17:15:39.0254 2876 vdrvroot - ok 17:15:39.0332 2876 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 17:15:39.0441 2876 vds - ok 17:15:39.0472 2876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 17:15:39.0519 2876 vga - ok 17:15:39.0550 2876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 17:15:39.0628 2876 VgaSave - ok 17:15:39.0690 2876 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 17:15:39.0722 2876 vhdmp - ok 17:15:39.0737 2876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 17:15:39.0768 2876 viaide - ok 17:15:39.0815 2876 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 17:15:39.0831 2876 volmgr - ok 17:15:39.0909 2876 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 17:15:39.0940 2876 volmgrx - ok 17:15:39.0987 2876 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 17:15:40.0002 2876 volsnap - ok 17:15:40.0065 2876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 17:15:40.0096 2876 vsmraid - ok 17:15:40.0252 2876 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 17:15:40.0408 2876 VSS - ok 17:15:40.0564 2876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 17:15:40.0611 2876 vwifibus - ok 17:15:40.0658 2876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 17:15:40.0720 2876 vwififlt - ok 17:15:40.0751 2876 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 17:15:40.0767 2876 vwifimp - ok 17:15:40.0860 2876 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 17:15:40.0954 2876 W32Time - ok 17:15:40.0985 2876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 17:15:41.0016 2876 WacomPen - ok 17:15:41.0063 2876 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:15:41.0126 2876 WANARP - ok 17:15:41.0126 2876 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:15:41.0172 2876 Wanarpv6 - ok 17:15:41.0344 2876 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 17:15:41.0438 2876 wbengine - ok 17:15:41.0578 2876 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 17:15:41.0625 2876 WbioSrvc - ok 17:15:41.0687 2876 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 17:15:41.0765 2876 wcncsvc - ok 17:15:41.0796 2876 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 17:15:41.0859 2876 WcsPlugInService - ok 17:15:41.0906 2876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 17:15:41.0921 2876 Wd - ok 17:15:41.0999 2876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 17:15:42.0046 2876 Wdf01000 - ok 17:15:42.0077 2876 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:15:42.0186 2876 WdiServiceHost - ok 17:15:42.0202 2876 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:15:42.0233 2876 WdiSystemHost - ok 17:15:42.0280 2876 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 17:15:42.0327 2876 WebClient - ok 17:15:42.0374 2876 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 17:15:42.0436 2876 Wecsvc - ok 17:15:42.0467 2876 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 17:15:42.0545 2876 wercplsupport - ok 17:15:42.0608 2876 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 17:15:42.0686 2876 WerSvc - ok 17:15:42.0764 2876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 17:15:42.0826 2876 WfpLwf - ok 17:15:42.0873 2876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 17:15:42.0873 2876 WIMMount - ok 17:15:42.0904 2876 WinDefend - ok 17:15:42.0904 2876 WinHttpAutoProxySvc - ok 17:15:42.0974 2876 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 17:15:43.0074 2876 Winmgmt - ok 17:15:43.0254 2876 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 17:15:43.0394 2876 WinRM - ok 17:15:43.0574 2876 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 17:15:43.0604 2876 WinUsb - ok 17:15:43.0704 2876 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 17:15:43.0784 2876 Wlansvc - ok 17:15:43.0884 2876 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:15:43.0904 2876 wlcrasvc - ok 17:15:44.0184 2876 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:15:44.0314 2876 wlidsvc - ok 17:15:44.0444 2876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 17:15:44.0474 2876 WmiAcpi - ok 17:15:44.0534 2876 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 17:15:44.0584 2876 wmiApSrv - ok 17:15:44.0644 2876 WMPNetworkSvc - ok 17:15:44.0664 2876 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 17:15:44.0704 2876 WPCSvc - ok 17:15:44.0744 2876 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 17:15:44.0784 2876 WPDBusEnum - ok 17:15:44.0804 2876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 17:15:44.0904 2876 ws2ifsl - ok 17:15:44.0940 2876 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 17:15:44.0991 2876 wscsvc - ok 17:15:45.0001 2876 WSearch - ok 17:15:45.0221 2876 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 17:15:45.0361 2876 wuauserv - ok 17:15:45.0531 2876 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 17:15:45.0611 2876 WudfPf - ok 17:15:45.0661 2876 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 17:15:45.0731 2876 WUDFRd - ok 17:15:45.0781 2876 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 17:15:45.0851 2876 wudfsvc - ok 17:15:45.0901 2876 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 17:15:45.0971 2876 WwanSvc - ok 17:15:46.0041 2876 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys 17:15:46.0121 2876 yukonw7 - ok 17:15:46.0211 2876 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 17:15:46.0761 2876 \Device\Harddisk0\DR0 - ok 17:15:46.0791 2876 Boot (0x1200) (377d7e08fdf136635779511095f2ca43) \Device\Harddisk0\DR0\Partition0 17:15:46.0791 2876 \Device\Harddisk0\DR0\Partition0 - ok 17:15:46.0801 2876 Boot (0x1200) (1608caa69b621a25e90b904fce25436d) \Device\Harddisk0\DR0\Partition1 17:15:46.0811 2876 \Device\Harddisk0\DR0\Partition1 - ok 17:15:46.0831 2876 Boot (0x1200) (bc6562f0acc264748576274eb5934ab7) \Device\Harddisk0\DR0\Partition2 17:15:46.0831 2876 \Device\Harddisk0\DR0\Partition2 - ok 17:15:46.0841 2876 ============================================================ 17:15:46.0841 2876 Scan finished 17:15:46.0841 2876 ============================================================ 17:15:46.0851 4148 Detected object count: 2 17:15:46.0851 4148 Actual detected object count: 2 17:16:15.0382 4148 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 17:16:15.0382 4148 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 17:16:15.0392 4148 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user 17:16:15.0392 4148 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip |
19.07.2012, 17:24 | #9 |
/// Malware-holic | Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) führe mal bitte eset online scan aus, poste das log. http://www.trojaner-board.de/80603-e...ner-nod32.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
20.07.2012, 13:29 | #10 |
| Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) Leider habe ich der Beschreibung nach den Log nicht gefunden. Vielleicht kannst du hiermit was anfangen. Das habe ich bei dem Scanner rauskopiert. Oder soll ich das noch mal machen? C:\Microgaming\Casino\Colosseum\install.exe Variante von Win32/PrimeCasino Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Variante von Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe möglicherweise Variante von Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Curly\AppData\Local\Temp\246F1A97-BAB0-7891-8585-92C945994A01\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Curly\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Curly\Downloads\colosseum.exe Variante von Win32/PrimeCasino Anwendung Gesäubert durch Löschen - in Quarantäne kopiert C:\Users\Curly\Downloads\DivxUpdate (1).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert C:\Users\Curly\Downloads\DivxUpdate (2).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert C:\Users\Curly\Downloads\DivxUpdate (3).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert C:\Users\Curly\Downloads\DivxUpdate (4).exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert C:\Users\Curly\Downloads\DivxUpdate.exe Win32/Adware.ToolPlugin Anwendung gelöscht - in Quarantäne kopiert C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\upgrade[1].cab Variante von Win32/Adware.OneStep.AT Anwendung gelöscht - in Quarantäne kopiert C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab Variante von Win32/Adware.OneStep.AT Anwendung gelöscht - in Quarantäne kopiert |
25.07.2012, 20:43 | #11 |
/// Malware-holic | Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) hi noch probleme aufgetreten? lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi) |
.dll, administrator, adware.bundler, adware.shoppingreport2, anti, anti-malware, appdata, autostart, browsermodifier, dateien, empfangen, explorer, fehler, firefox, forum, free, gelöscht, heuristiks/extra, heuristiks/shuriken, install.exe, kunde, malwarebytes, microsoft, mozilla, phishing-mail, roaming, scan, searchscopes, software, spyware, temp, trojan.phex.thagen, trojaner, win32, zip-datei, zufällig |