| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum Virus - wirklich entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2012, 16:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Live Security Platinum Virus - wirklich entfernt? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - user.js - File not found
[2012.08.12 00:13:27 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml
[2010.10.24 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml
[2010.10.28 17:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml
[2010.12.11 15:48:08 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml
[2010.10.13 22:47:45 | 000,001,056 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
@Alternate Data Stream - 1131 bytes -> C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l
:Files
C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache
C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n
C:\Users\Anne\öojölk.aup
C:\Users\Anne\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.08.2012, 16:44
| #17 |
 | Live Security Platinum Virus - wirklich entfernt? Hallo Arne,
__________________habe alles gemacht. Hier der Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\AutoRun.exe not found.
ADS C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l deleted successfully.
========== FILES ==========
C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7 folder moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L folder moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L folder moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U folder moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U folder moved successfully.
File\Folder C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n not found.
File\Folder C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n not found.
C:\Users\Anne\öojölk.aup moved successfully.
C:\Users\Anne\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Anne
->Temp folder emptied: 401720722 bytes
->Temporary Internet Files folder emptied: 81313052 bytes
->FireFox cache emptied: 53657032 bytes
->Flash cache emptied: 930 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11867043 bytes
RecycleBin emptied: 205180916 bytes
Total Files Cleaned = 719,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Anne
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.56.0 log created on 08132012_173922
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Tim |
|
13.08.2012, 18:19
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
13.08.2012, 18:35
| #19 |
| | Live Security Platinum Virus - wirklich entfernt? Da ist der Log Code:
ATTFilter 19:35:55.0444 3768 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:35:55.0537 3768 ============================================================
19:35:55.0537 3768 Current date / time: 2012/08/13 19:35:55.0537
19:35:55.0537 3768 SystemInfo:
19:35:55.0537 3768
19:35:55.0537 3768 OS Version: 6.1.7601 ServicePack: 1.0
19:35:55.0537 3768 Product type: Workstation
19:35:55.0537 3768 ComputerName: ANNE-PC
19:35:55.0537 3768 UserName: Anne
19:35:55.0537 3768 Windows directory: C:\Windows
19:35:55.0537 3768 System windows directory: C:\Windows
19:35:55.0537 3768 Processor architecture: Intel x86
19:35:55.0537 3768 Number of processors: 4
19:35:55.0537 3768 Page size: 0x1000
19:35:55.0537 3768 Boot type: Normal boot
19:35:55.0537 3768 ============================================================
19:35:56.0255 3768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:56.0255 3768 ============================================================
19:35:56.0255 3768 \Device\Harddisk0\DR0:
19:35:56.0255 3768 MBR partitions:
19:35:56.0255 3768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:56.0255 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x215FA800
19:35:56.0255 3768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2162D000, BlocksNum 0x3C00000
19:35:56.0255 3768 ============================================================
19:35:56.0286 3768 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:56.0317 3768 D: <-> \Device\Harddisk0\DR0\Partition2
19:35:56.0317 3768 ============================================================
19:35:56.0317 3768 Initialize success
19:35:56.0317 3768 ============================================================
19:36:05.0428 1208 ============================================================
19:36:05.0428 1208 Scan started
19:36:05.0428 1208 Mode: Manual; SigCheck; TDLFS;
19:36:05.0428 1208 ============================================================
19:36:06.0052 1208 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:36:06.0098 1208 !SASCORE - ok
19:36:06.0442 1208 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:36:06.0535 1208 1394ohci - ok
19:36:06.0613 1208 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:36:06.0629 1208 ACPI - ok
19:36:06.0660 1208 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:36:06.0738 1208 AcpiPmi - ok
19:36:06.0863 1208 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:06.0878 1208 AdobeARMservice - ok
19:36:07.0003 1208 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:07.0003 1208 AdobeFlashPlayerUpdateSvc - ok
19:36:07.0097 1208 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:07.0112 1208 adp94xx - ok
19:36:07.0175 1208 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:36:07.0190 1208 adpahci - ok
19:36:07.0253 1208 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:36:07.0268 1208 adpu320 - ok
19:36:07.0315 1208 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:36:07.0378 1208 AeLookupSvc - ok
19:36:07.0487 1208 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:36:07.0549 1208 AFD - ok
19:36:07.0658 1208 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:36:07.0674 1208 agp440 - ok
19:36:07.0752 1208 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:36:07.0768 1208 aic78xx - ok
19:36:07.0955 1208 ALDITALKVerbindungsassistent_Service (7067ac22eb74c2e3d4c950050cbb1ac0) C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
19:36:07.0970 1208 ALDITALKVerbindungsassistent_Service - ok
19:36:08.0048 1208 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:36:08.0080 1208 ALG - ok
19:36:08.0173 1208 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:36:08.0189 1208 aliide - ok
19:36:08.0251 1208 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:36:08.0267 1208 amdagp - ok
19:36:08.0267 1208 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:36:08.0282 1208 amdide - ok
19:36:08.0360 1208 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:36:08.0407 1208 AmdK8 - ok
19:36:08.0438 1208 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:36:08.0485 1208 AmdPPM - ok
19:36:08.0563 1208 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
19:36:08.0579 1208 amdsata - ok
19:36:08.0641 1208 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:08.0657 1208 amdsbs - ok
19:36:08.0672 1208 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
19:36:08.0688 1208 amdxata - ok
19:36:08.0828 1208 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:08.0828 1208 AntiVirSchedulerService - ok
19:36:08.0938 1208 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:08.0938 1208 AntiVirService - ok
19:36:09.0000 1208 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:36:09.0109 1208 AppID - ok
19:36:09.0172 1208 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:36:09.0234 1208 AppIDSvc - ok
19:36:09.0281 1208 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:36:09.0328 1208 Appinfo - ok
19:36:09.0484 1208 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:36:09.0484 1208 Apple Mobile Device - ok
19:36:09.0562 1208 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:36:09.0577 1208 arc - ok
19:36:09.0593 1208 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:36:09.0608 1208 arcsas - ok
19:36:09.0624 1208 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:09.0749 1208 AsyncMac - ok
19:36:09.0827 1208 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:36:09.0842 1208 atapi - ok
19:36:09.0920 1208 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:36:09.0967 1208 AudioEndpointBuilder - ok
19:36:09.0983 1208 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:36:10.0014 1208 Audiosrv - ok
19:36:10.0108 1208 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:10.0123 1208 avgntflt - ok
19:36:10.0139 1208 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:36:10.0154 1208 avipbb - ok
19:36:10.0170 1208 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:10.0186 1208 avkmgr - ok
19:36:10.0248 1208 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:36:10.0295 1208 AxInstSV - ok
19:36:10.0373 1208 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:10.0420 1208 b06bdrv - ok
19:36:10.0513 1208 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:10.0529 1208 b57nd60x - ok
19:36:10.0607 1208 BCA2000 (69bc0073620ceca7450968094e32e3a6) C:\Windows\system32\Drivers\BCA2000.SYS
19:36:10.0638 1208 BCA2000 ( UnsignedFile.Multi.Generic ) - warning
19:36:10.0638 1208 BCA2000 - detected UnsignedFile.Multi.Generic (1)
19:36:10.0669 1208 BCA2000WDM (2bb9cd94898ef04c7af5d4a899574d4f) C:\Windows\system32\Drivers\BCA2000WDM.SYS
19:36:10.0700 1208 BCA2000WDM ( UnsignedFile.Multi.Generic ) - warning
19:36:10.0700 1208 BCA2000WDM - detected UnsignedFile.Multi.Generic (1)
19:36:10.0747 1208 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:36:10.0778 1208 BDESVC - ok
19:36:10.0856 1208 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:36:10.0919 1208 Beep - ok
19:36:11.0059 1208 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:36:11.0122 1208 BITS - ok
19:36:11.0184 1208 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:11.0246 1208 blbdrive - ok
19:36:11.0465 1208 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:36:11.0480 1208 Bonjour Service - ok
19:36:11.0543 1208 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:36:11.0605 1208 bowser - ok
19:36:11.0683 1208 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:11.0777 1208 BrFiltLo - ok
19:36:11.0839 1208 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:11.0870 1208 BrFiltUp - ok
19:36:11.0964 1208 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:36:12.0026 1208 Browser - ok
19:36:12.0073 1208 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:36:12.0120 1208 Brserid - ok
19:36:12.0151 1208 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:12.0182 1208 BrSerWdm - ok
19:36:12.0245 1208 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:12.0292 1208 BrUsbMdm - ok
19:36:12.0338 1208 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:12.0370 1208 BrUsbSer - ok
19:36:12.0401 1208 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:12.0448 1208 BTHMODEM - ok
19:36:12.0526 1208 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:36:12.0572 1208 bthserv - ok
19:36:12.0604 1208 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:36:12.0650 1208 cdfs - ok
19:36:12.0728 1208 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:36:12.0775 1208 cdrom - ok
19:36:12.0853 1208 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:36:12.0900 1208 CertPropSvc - ok
19:36:12.0978 1208 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:36:12.0994 1208 circlass - ok
19:36:13.0056 1208 CLAVIAUSB (bf2917077f836c496261c7d0944770cc) C:\Windows\system32\DRIVERS\ClaviaUSB.sys
19:36:13.0072 1208 CLAVIAUSB - ok
19:36:13.0134 1208 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:36:13.0150 1208 CLFS - ok
19:36:13.0274 1208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:13.0274 1208 clr_optimization_v2.0.50727_32 - ok
19:36:13.0337 1208 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:13.0337 1208 CmBatt - ok
19:36:13.0399 1208 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:36:13.0399 1208 cmdide - ok
19:36:13.0477 1208 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:36:13.0508 1208 CNG - ok
19:36:13.0571 1208 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:36:13.0586 1208 Compbatt - ok
19:36:13.0649 1208 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:36:13.0696 1208 CompositeBus - ok
19:36:13.0711 1208 COMSysApp - ok
19:36:13.0727 1208 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:13.0742 1208 crcdisk - ok
19:36:13.0820 1208 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:36:13.0852 1208 CryptSvc - ok
19:36:13.0930 1208 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:36:13.0976 1208 DcomLaunch - ok
19:36:14.0023 1208 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:36:14.0070 1208 defragsvc - ok
19:36:14.0164 1208 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:36:14.0195 1208 DfsC - ok
19:36:14.0273 1208 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:36:14.0320 1208 Dhcp - ok
19:36:14.0351 1208 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:36:14.0413 1208 discache - ok
19:36:14.0491 1208 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:36:14.0507 1208 Disk - ok
19:36:14.0569 1208 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:36:14.0600 1208 Dnscache - ok
19:36:14.0663 1208 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:36:14.0725 1208 dot3svc - ok
19:36:14.0788 1208 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:36:14.0850 1208 DPS - ok
19:36:14.0912 1208 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:36:14.0959 1208 drmkaud - ok
19:36:15.0022 1208 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:36:15.0053 1208 DXGKrnl - ok
19:36:15.0115 1208 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:36:15.0178 1208 EapHost - ok
19:36:15.0380 1208 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:36:15.0474 1208 ebdrv - ok
19:36:15.0646 1208 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:36:15.0692 1208 EFS - ok
19:36:15.0802 1208 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:36:15.0864 1208 ehRecvr - ok
19:36:15.0895 1208 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:36:15.0911 1208 ehSched - ok
19:36:16.0051 1208 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:16.0067 1208 elxstor - ok
19:36:16.0145 1208 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:36:16.0192 1208 ErrDev - ok
19:36:16.0270 1208 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:36:16.0348 1208 EventSystem - ok
19:36:16.0441 1208 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:36:16.0472 1208 ewusbnet - ok
19:36:16.0597 1208 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:36:16.0628 1208 ew_hwusbdev - ok
19:36:16.0722 1208 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:36:16.0769 1208 exfat - ok
19:36:16.0925 1208 Fabs - ok
19:36:16.0956 1208 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:36:17.0003 1208 fastfat - ok
19:36:17.0096 1208 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:36:17.0143 1208 Fax - ok
19:36:17.0221 1208 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:36:17.0221 1208 fdc - ok
19:36:17.0299 1208 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:36:17.0330 1208 fdPHost - ok
19:36:17.0330 1208 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:36:17.0393 1208 FDResPub - ok
19:36:17.0455 1208 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:36:17.0455 1208 FileInfo - ok
19:36:17.0471 1208 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:36:17.0533 1208 Filetrace - ok
19:36:17.0689 1208 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:36:17.0767 1208 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:36:17.0767 1208 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:36:18.0032 1208 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:18.0048 1208 flpydisk - ok
19:36:18.0110 1208 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:36:18.0126 1208 FltMgr - ok
19:36:18.0204 1208 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
19:36:18.0266 1208 FontCache - ok
19:36:18.0438 1208 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:18.0438 1208 FontCache3.0.0.0 - ok
19:36:18.0454 1208 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:36:18.0469 1208 FsDepends - ok
19:36:18.0516 1208 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:18.0532 1208 Fs_Rec - ok
19:36:18.0578 1208 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:18.0594 1208 fvevol - ok
19:36:18.0672 1208 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:18.0672 1208 gagp30kx - ok
19:36:18.0719 1208 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:36:18.0734 1208 GEARAspiWDM - ok
19:36:18.0812 1208 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:36:18.0875 1208 gpsvc - ok
19:36:18.0922 1208 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:36:18.0968 1208 hcw85cir - ok
19:36:19.0062 1208 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:36:19.0093 1208 HdAudAddService - ok
19:36:19.0140 1208 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:36:19.0187 1208 HDAudBus - ok
19:36:19.0265 1208 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
19:36:19.0312 1208 HECI - ok
19:36:19.0358 1208 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:19.0374 1208 HidBatt - ok
19:36:19.0436 1208 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:19.0468 1208 HidBth - ok
19:36:19.0499 1208 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:36:19.0530 1208 HidIr - ok
19:36:19.0577 1208 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:36:19.0624 1208 hidserv - ok
19:36:19.0702 1208 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:36:19.0717 1208 HidUsb - ok
19:36:19.0764 1208 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:36:19.0826 1208 hkmsvc - ok
19:36:19.0873 1208 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:36:19.0904 1208 HomeGroupListener - ok
19:36:19.0951 1208 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:36:19.0982 1208 HomeGroupProvider - ok
19:36:20.0060 1208 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:36:20.0076 1208 HpSAMD - ok
19:36:20.0154 1208 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:36:20.0185 1208 HTTP - ok
19:36:20.0248 1208 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:36:20.0294 1208 hwdatacard - ok
19:36:20.0341 1208 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:36:20.0341 1208 hwpolicy - ok
19:36:20.0357 1208 hwusbdev - ok
19:36:20.0435 1208 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:36:20.0466 1208 i8042prt - ok
19:36:20.0560 1208 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
19:36:20.0575 1208 iaStor - ok
19:36:20.0794 1208 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:36:20.0809 1208 IAStorDataMgrSvc - ok
19:36:20.0872 1208 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
19:36:20.0887 1208 iaStorV - ok
19:36:21.0074 1208 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:21.0106 1208 idsvc - ok
19:36:21.0776 1208 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:36:22.0088 1208 igfx - ok
19:36:22.0338 1208 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:22.0338 1208 iirsp - ok
19:36:22.0432 1208 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:36:22.0510 1208 IKEEXT - ok
19:36:22.0588 1208 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
19:36:22.0666 1208 Impcd - ok
19:36:22.0853 1208 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
19:36:22.0931 1208 IntcAzAudAddService - ok
19:36:23.0180 1208 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:36:23.0243 1208 IntcDAud - ok
19:36:23.0305 1208 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:36:23.0321 1208 intelide - ok
19:36:23.0399 1208 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:23.0430 1208 intelppm - ok
19:36:23.0477 1208 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:36:23.0524 1208 IPBusEnum - ok
19:36:23.0602 1208 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:23.0664 1208 IpFilterDriver - ok
19:36:23.0742 1208 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:23.0773 1208 IPMIDRV - ok
19:36:23.0804 1208 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:36:23.0851 1208 IPNAT - ok
19:36:23.0992 1208 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:36:24.0023 1208 iPod Service - ok
19:36:24.0038 1208 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:36:24.0070 1208 IRENUM - ok
19:36:24.0148 1208 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:36:24.0148 1208 isapnp - ok
19:36:24.0179 1208 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:36:24.0194 1208 iScsiPrt - ok
19:36:24.0226 1208 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:36:24.0241 1208 kbdclass - ok
19:36:24.0257 1208 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:36:24.0304 1208 kbdhid - ok
19:36:24.0382 1208 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:24.0397 1208 KeyIso - ok
19:36:24.0444 1208 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:36:24.0460 1208 KSecDD - ok
19:36:24.0522 1208 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:24.0538 1208 KSecPkg - ok
19:36:24.0600 1208 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:36:24.0647 1208 KtmRm - ok
19:36:24.0740 1208 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
19:36:24.0756 1208 L1C - ok
19:36:24.0818 1208 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:36:24.0850 1208 LanmanServer - ok
19:36:24.0896 1208 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:36:24.0943 1208 LanmanWorkstation - ok
19:36:25.0037 1208 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:25.0084 1208 lltdio - ok
19:36:25.0130 1208 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:36:25.0162 1208 lltdsvc - ok
19:36:25.0177 1208 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:36:25.0208 1208 lmhosts - ok
19:36:25.0442 1208 LMS (1e2f802846eb944e0333efee7c9532a8) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:36:25.0442 1208 LMS - ok
19:36:25.0520 1208 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:25.0536 1208 LSI_FC - ok
19:36:25.0583 1208 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:25.0598 1208 LSI_SAS - ok
19:36:25.0645 1208 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:25.0661 1208 LSI_SAS2 - ok
19:36:25.0676 1208 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:25.0676 1208 LSI_SCSI - ok
19:36:25.0754 1208 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:36:25.0786 1208 luafv - ok
19:36:25.0864 1208 MAUSBFASTTRACK (2f6aac05cbe660784e4df5847208bd53) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
19:36:25.0879 1208 MAUSBFASTTRACK - ok
19:36:25.0942 1208 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:36:25.0957 1208 Mcx2Svc - ok
19:36:26.0020 1208 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:36:26.0020 1208 megasas - ok
19:36:26.0082 1208 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:26.0098 1208 MegaSR - ok
19:36:26.0160 1208 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:26.0222 1208 MMCSS - ok
19:36:26.0316 1208 mod7700 (8075a313a5a4e0c15e5a974e8a4eec66) C:\Windows\system32\DRIVERS\mod7700.sys
19:36:26.0347 1208 mod7700 - ok
19:36:26.0394 1208 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:36:26.0456 1208 Modem - ok
19:36:26.0488 1208 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:36:26.0519 1208 monitor - ok
19:36:26.0597 1208 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:36:26.0597 1208 mouclass - ok
19:36:26.0644 1208 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:26.0675 1208 mouhid - ok
19:36:26.0753 1208 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:36:26.0753 1208 mountmgr - ok
19:36:26.0893 1208 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:26.0909 1208 MozillaMaintenance - ok
19:36:26.0971 1208 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:36:26.0987 1208 mpio - ok
19:36:27.0049 1208 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:36:27.0096 1208 mpsdrv - ok
19:36:27.0174 1208 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:36:27.0190 1208 MRxDAV - ok
19:36:27.0252 1208 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:27.0314 1208 mrxsmb - ok
19:36:27.0377 1208 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:27.0424 1208 mrxsmb10 - ok
19:36:27.0439 1208 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:27.0470 1208 mrxsmb20 - ok
19:36:27.0564 1208 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:36:27.0564 1208 msahci - ok
19:36:27.0626 1208 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:36:27.0642 1208 msdsm - ok
19:36:27.0704 1208 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:36:27.0736 1208 MSDTC - ok
19:36:27.0782 1208 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:36:27.0814 1208 Msfs - ok
19:36:27.0829 1208 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:27.0876 1208 mshidkmdf - ok
19:36:27.0892 1208 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:36:27.0907 1208 msisadrv - ok
19:36:27.0970 1208 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:36:28.0016 1208 MSiSCSI - ok
19:36:28.0032 1208 msiserver - ok
19:36:28.0048 1208 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:28.0110 1208 MSKSSRV - ok
19:36:28.0157 1208 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:28.0204 1208 MSPCLOCK - ok
19:36:28.0219 1208 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:36:28.0235 1208 MSPQM - ok
19:36:28.0266 1208 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:36:28.0282 1208 MsRPC - ok
19:36:28.0328 1208 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:36:28.0344 1208 mssmbios - ok
19:36:28.0344 1208 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:36:28.0375 1208 MSTEE - ok
19:36:28.0422 1208 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:28.0438 1208 MTConfig - ok
19:36:28.0453 1208 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:36:28.0453 1208 Mup - ok
19:36:28.0531 1208 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:36:28.0594 1208 napagent - ok
19:36:28.0672 1208 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:28.0687 1208 NativeWifiP - ok
19:36:28.0765 1208 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:36:28.0796 1208 NDIS - ok
19:36:28.0843 1208 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:28.0874 1208 NdisCap - ok
19:36:28.0906 1208 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:28.0952 1208 NdisTapi - ok
19:36:29.0030 1208 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:29.0093 1208 Ndisuio - ok
19:36:29.0140 1208 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:29.0171 1208 NdisWan - ok
19:36:29.0233 1208 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:36:29.0280 1208 NDProxy - ok
19:36:29.0358 1208 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:36:29.0405 1208 NetBIOS - ok
19:36:29.0467 1208 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:36:29.0514 1208 NetBT - ok
19:36:29.0561 1208 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:29.0576 1208 Netlogon - ok
19:36:29.0639 1208 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:36:29.0701 1208 Netman - ok
19:36:29.0717 1208 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:36:29.0764 1208 netprofm - ok
19:36:29.0920 1208 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:29.0920 1208 NetTcpPortSharing - ok
19:36:29.0982 1208 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:29.0998 1208 nfrd960 - ok
19:36:30.0060 1208 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:36:30.0107 1208 NlaSvc - ok
19:36:30.0154 1208 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:36:30.0200 1208 Npfs - ok
19:36:30.0247 1208 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:36:30.0278 1208 nsi - ok
19:36:30.0278 1208 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:36:30.0341 1208 nsiproxy - ok
19:36:30.0450 1208 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
19:36:30.0497 1208 Ntfs - ok
19:36:30.0731 1208 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:36:30.0762 1208 Null - ok
19:36:30.0840 1208 NULOAD (366f29d481cce8fdb339580bb230521d) C:\Windows\system32\Drivers\bca2000ldr.sys
19:36:30.0871 1208 NULOAD ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0871 1208 NULOAD - detected UnsignedFile.Multi.Generic (1)
19:36:30.0949 1208 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
19:36:30.0965 1208 nvraid - ok
19:36:30.0980 1208 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
19:36:30.0996 1208 nvstor - ok
19:36:31.0058 1208 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:36:31.0074 1208 nv_agp - ok
19:36:31.0199 1208 NxpCap (6ed44348ca155a86a5b9802db2cebc69) C:\Windows\system32\DRIVERS\NxpCap.sys
19:36:31.0277 1208 NxpCap - ok
19:36:31.0448 1208 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:36:31.0480 1208 odserv - ok
19:36:31.0776 1208 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:36:31.0823 1208 ohci1394 - ok
19:36:31.0870 1208 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:31.0885 1208 ose - ok
19:36:31.0948 1208 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:31.0994 1208 p2pimsvc - ok
19:36:32.0041 1208 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:36:32.0057 1208 p2psvc - ok
19:36:32.0150 1208 paeusbaudio (6bd1e796b0c7a2f6a128584ad4a0301b) C:\Windows\system32\DRIVERS\paeusbaudio.sys
19:36:32.0166 1208 paeusbaudio - ok
19:36:32.0197 1208 paeusbaudiodsp (4d4cef421581f69078215c19966daf50) C:\Windows\system32\DRIVERS\paeusbaudiodsp.sys
19:36:32.0213 1208 paeusbaudiodsp - ok
19:36:32.0228 1208 paeusbaudioks (1bab9cd064c3d807931f52fc4a4aa221) C:\Windows\system32\DRIVERS\paeusbaudioks.sys
19:36:32.0244 1208 paeusbaudioks - ok
19:36:32.0291 1208 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:36:32.0322 1208 Parport - ok
19:36:32.0369 1208 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:36:32.0369 1208 partmgr - ok
19:36:32.0400 1208 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:36:32.0431 1208 Parvdm - ok
19:36:32.0478 1208 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:36:32.0494 1208 PcaSvc - ok
19:36:32.0556 1208 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:36:32.0572 1208 pci - ok
19:36:32.0587 1208 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:36:32.0603 1208 pciide - ok
19:36:32.0650 1208 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:32.0665 1208 pcmcia - ok
19:36:32.0728 1208 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:36:32.0743 1208 pcw - ok
19:36:32.0790 1208 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:36:32.0852 1208 PEAUTH - ok
19:36:32.0962 1208 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:36:33.0040 1208 pla - ok
19:36:33.0242 1208 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:36:33.0274 1208 PlugPlay - ok
19:36:33.0320 1208 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:36:33.0352 1208 PNRPAutoReg - ok
19:36:33.0398 1208 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:33.0414 1208 PNRPsvc - ok
19:36:33.0476 1208 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:36:33.0508 1208 PolicyAgent - ok
19:36:33.0570 1208 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:36:33.0601 1208 Power - ok
19:36:33.0710 1208 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:33.0742 1208 PptpMiniport - ok
19:36:33.0788 1208 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:36:33.0835 1208 Processor - ok
19:36:33.0882 1208 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:36:33.0913 1208 ProfSvc - ok
19:36:33.0960 1208 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:33.0960 1208 ProtectedStorage - ok
19:36:34.0022 1208 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:36:34.0085 1208 Psched - ok
19:36:34.0225 1208 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:36:34.0225 1208 PSI_SVC_2 - ok
19:36:34.0350 1208 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:34.0397 1208 ql2300 - ok
19:36:34.0631 1208 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:34.0646 1208 ql40xx - ok
19:36:34.0709 1208 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:36:34.0740 1208 QWAVE - ok
19:36:34.0787 1208 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:36:34.0802 1208 QWAVEdrv - ok
19:36:34.0818 1208 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:34.0865 1208 RasAcd - ok
19:36:34.0943 1208 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:34.0990 1208 RasAgileVpn - ok
19:36:35.0036 1208 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:36:35.0068 1208 RasAuto - ok
19:36:35.0068 1208 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:35.0130 1208 Rasl2tp - ok
19:36:35.0177 1208 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:36:35.0239 1208 RasMan - ok
19:36:35.0317 1208 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:35.0364 1208 RasPppoe - ok
19:36:35.0395 1208 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:35.0442 1208 RasSstp - ok
19:36:35.0504 1208 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:35.0567 1208 rdbss - ok
19:36:35.0614 1208 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:35.0629 1208 rdpbus - ok
19:36:35.0676 1208 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:35.0723 1208 RDPCDD - ok
19:36:35.0801 1208 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:36:35.0848 1208 RDPENCDD - ok
19:36:35.0848 1208 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:36:35.0879 1208 RDPREFMP - ok
19:36:35.0941 1208 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:36:35.0972 1208 RDPWD - ok
19:36:36.0050 1208 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:36:36.0066 1208 rdyboost - ok
19:36:36.0113 1208 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:36:36.0144 1208 RemoteAccess - ok
19:36:36.0206 1208 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:36:36.0269 1208 RemoteRegistry - ok
19:36:36.0300 1208 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:36:36.0347 1208 RpcEptMapper - ok
19:36:36.0394 1208 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:36:36.0425 1208 RpcLocator - ok
19:36:36.0487 1208 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:36:36.0518 1208 RpcSs - ok
19:36:36.0581 1208 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:36.0612 1208 rspndr - ok
19:36:36.0659 1208 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
19:36:36.0674 1208 RSUSBSTOR - ok
19:36:36.0768 1208 rtl8192se (7ac9f43613cd0ee40bebbf150ff3a189) C:\Windows\system32\DRIVERS\rtl8192se.sys
19:36:36.0799 1208 rtl8192se - ok
19:36:36.0862 1208 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:36.0862 1208 SamSs - ok
19:36:37.0049 1208 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:36:37.0049 1208 SASDIFSV - ok
19:36:37.0096 1208 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:36:37.0111 1208 SASKUTIL - ok
19:36:37.0174 1208 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:36:37.0189 1208 sbp2port - ok
19:36:37.0252 1208 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:36:37.0283 1208 SCardSvr - ok
19:36:37.0330 1208 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:37.0376 1208 scfilter - ok
19:36:37.0454 1208 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:36:37.0517 1208 Schedule - ok
19:36:37.0564 1208 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:36:37.0595 1208 SCPolicySvc - ok
19:36:37.0642 1208 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:36:37.0673 1208 SDRSVC - ok
19:36:37.0751 1208 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:36:37.0766 1208 secdrv - ok
19:36:37.0829 1208 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:36:37.0876 1208 seclogon - ok
19:36:37.0907 1208 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:36:37.0938 1208 SENS - ok
19:36:37.0954 1208 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:36:37.0985 1208 SensrSvc - ok
19:36:38.0063 1208 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:36:38.0110 1208 Serenum - ok
19:36:38.0141 1208 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:36:38.0172 1208 Serial - ok
19:36:38.0250 1208 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:38.0281 1208 sermouse - ok
19:36:38.0328 1208 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:36:38.0390 1208 SessionEnv - ok
19:36:38.0437 1208 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:36:38.0468 1208 sffdisk - ok
19:36:38.0484 1208 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:38.0500 1208 sffp_mmc - ok
19:36:38.0515 1208 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:36:38.0531 1208 sffp_sd - ok
19:36:38.0609 1208 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:38.0624 1208 sfloppy - ok
19:36:38.0687 1208 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:36:38.0749 1208 ShellHWDetection - ok
19:36:38.0812 1208 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:36:38.0827 1208 sisagp - ok
19:36:38.0890 1208 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:38.0905 1208 SiSRaid2 - ok
19:36:38.0921 1208 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:38.0921 1208 SiSRaid4 - ok
19:36:39.0061 1208 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
19:36:39.0061 1208 SkypeUpdate - ok
19:36:39.0124 1208 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:36:39.0155 1208 Smb - ok
19:36:39.0217 1208 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:36:39.0233 1208 SNMPTRAP - ok
19:36:39.0264 1208 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:36:39.0264 1208 spldr - ok
19:36:39.0342 1208 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:36:39.0389 1208 Spooler - ok
19:36:39.0560 1208 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:36:39.0654 1208 sppsvc - ok
19:36:39.0841 1208 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:36:39.0888 1208 sppuinotify - ok
19:36:39.0997 1208 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:36:40.0060 1208 srv - ok
19:36:40.0091 1208 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:36:40.0122 1208 srv2 - ok
19:36:40.0153 1208 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:40.0184 1208 srvnet - ok
19:36:40.0231 1208 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:36:40.0294 1208 SSDPSRV - ok
19:36:40.0387 1208 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:40.0387 1208 ssmdrv - ok
19:36:40.0418 1208 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:36:40.0465 1208 SstpSvc - ok
19:36:40.0512 1208 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:40.0512 1208 stexstor - ok
19:36:40.0590 1208 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:36:40.0637 1208 StiSvc - ok
19:36:40.0684 1208 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:36:40.0699 1208 swenum - ok
19:36:40.0762 1208 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:36:40.0808 1208 swprv - ok
19:36:40.0871 1208 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
19:36:40.0886 1208 SynTP - ok
19:36:40.0996 1208 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:36:41.0027 1208 SysMain - ok
19:36:41.0074 1208 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:36:41.0120 1208 TabletInputService - ok
19:36:41.0183 1208 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:36:41.0214 1208 TapiSrv - ok
19:36:41.0276 1208 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:36:41.0308 1208 TBS - ok
19:36:41.0464 1208 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:36:41.0495 1208 Tcpip - ok
19:36:41.0807 1208 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:41.0838 1208 TCPIP6 - ok
19:36:41.0932 1208 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:36:41.0994 1208 tcpipreg - ok
19:36:42.0041 1208 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:36:42.0088 1208 TDPIPE - ok
19:36:42.0103 1208 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:36:42.0150 1208 TDTCP - ok
19:36:42.0181 1208 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:36:42.0228 1208 tdx - ok
19:36:42.0244 1208 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:36:42.0259 1208 TermDD - ok
19:36:42.0306 1208 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:36:42.0353 1208 TermService - ok
19:36:42.0400 1208 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:36:42.0415 1208 Themes - ok
19:36:42.0478 1208 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:42.0509 1208 THREADORDER - ok
19:36:42.0618 1208 TPkd (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
19:36:42.0618 1208 TPkd ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0618 1208 TPkd - detected UnsignedFile.Multi.Generic (1)
19:36:42.0634 1208 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:36:42.0680 1208 TrkWks - ok
19:36:42.0774 1208 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:36:42.0836 1208 TrustedInstaller - ok
19:36:42.0868 1208 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:42.0899 1208 tssecsrv - ok
19:36:42.0961 1208 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:36:42.0977 1208 TsUsbFlt - ok
19:36:43.0039 1208 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:43.0102 1208 tunnel - ok
19:36:43.0148 1208 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:43.0148 1208 uagp35 - ok
19:36:43.0226 1208 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:36:43.0273 1208 udfs - ok
19:36:43.0336 1208 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:36:43.0367 1208 UI0Detect - ok
19:36:43.0445 1208 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:36:43.0460 1208 uliagpkx - ok
19:36:43.0507 1208 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:36:43.0523 1208 umbus - ok
19:36:43.0585 1208 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:36:43.0616 1208 UmPass - ok
19:36:43.0975 1208 UNS (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:36:44.0038 1208 UNS - ok
19:36:44.0209 1208 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:36:44.0240 1208 upnphost - ok
19:36:44.0350 1208 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
19:36:44.0365 1208 USBAAPL - ok
19:36:44.0428 1208 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:36:44.0459 1208 usbaudio - ok
19:36:44.0490 1208 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:44.0537 1208 usbccgp - ok
19:36:44.0568 1208 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:36:44.0599 1208 usbcir - ok
19:36:44.0677 1208 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
19:36:44.0693 1208 usbehci - ok
19:36:44.0724 1208 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
19:36:44.0755 1208 usbhub - ok
19:36:44.0786 1208 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
19:36:44.0818 1208 usbohci - ok
19:36:44.0896 1208 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:44.0911 1208 usbprint - ok
19:36:44.0974 1208 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:36:44.0989 1208 usbscan - ok
19:36:45.0052 1208 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
19:36:45.0067 1208 USBSTOR - ok
19:36:45.0083 1208 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
19:36:45.0114 1208 usbuhci - ok
19:36:45.0161 1208 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:36:45.0208 1208 usbvideo - ok
19:36:45.0254 1208 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:36:45.0317 1208 UxSms - ok
19:36:45.0348 1208 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:45.0364 1208 VaultSvc - ok
19:36:45.0442 1208 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:36:45.0457 1208 vdrvroot - ok
19:36:45.0520 1208 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:36:45.0582 1208 vds - ok
19:36:45.0660 1208 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:45.0676 1208 vga - ok
19:36:45.0676 1208 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:36:45.0707 1208 VgaSave - ok
19:36:45.0722 1208 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:36:45.0738 1208 vhdmp - ok
19:36:45.0800 1208 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:36:45.0816 1208 viaagp - ok
19:36:45.0832 1208 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:36:45.0847 1208 ViaC7 - ok
19:36:45.0878 1208 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:36:45.0878 1208 viaide - ok
19:36:45.0894 1208 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:36:45.0910 1208 volmgr - ok
19:36:45.0941 1208 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:36:45.0956 1208 volmgrx - ok
19:36:45.0972 1208 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:36:45.0988 1208 volsnap - ok
19:36:46.0066 1208 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:46.0066 1208 vsmraid - ok
19:36:46.0159 1208 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:36:46.0222 1208 VSS - ok
19:36:46.0268 1208 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:46.0300 1208 vwifibus - ok
19:36:46.0331 1208 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:46.0346 1208 vwififlt - ok
19:36:46.0378 1208 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:36:46.0393 1208 vwifimp - ok
19:36:46.0471 1208 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:36:46.0534 1208 W32Time - ok
19:36:46.0580 1208 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:46.0612 1208 WacomPen - ok
19:36:46.0690 1208 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0752 1208 WANARP - ok
19:36:46.0752 1208 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0783 1208 Wanarpv6 - ok
19:36:46.0877 1208 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:36:46.0908 1208 wbengine - ok
19:36:46.0955 1208 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:36:46.0970 1208 WbioSrvc - ok
19:36:47.0048 1208 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:36:47.0095 1208 wcncsvc - ok
19:36:47.0126 1208 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:36:47.0158 1208 WcsPlugInService - ok
19:36:47.0251 1208 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:36:47.0267 1208 Wd - ok
19:36:47.0329 1208 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:36:47.0360 1208 Wdf01000 - ok
19:36:47.0376 1208 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0407 1208 WdiServiceHost - ok
19:36:47.0423 1208 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0438 1208 WdiSystemHost - ok
19:36:47.0485 1208 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:36:47.0501 1208 WebClient - ok
19:36:47.0548 1208 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:36:47.0579 1208 Wecsvc - ok
19:36:47.0594 1208 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:36:47.0641 1208 wercplsupport - ok
19:36:47.0672 1208 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:36:47.0704 1208 WerSvc - ok
19:36:47.0735 1208 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:47.0766 1208 WfpLwf - ok
19:36:47.0828 1208 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:36:47.0828 1208 WIMMount - ok
19:36:47.0844 1208 WinHttpAutoProxySvc - ok
19:36:47.0953 1208 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0016 1208 Winmgmt - ok
19:36:48.0109 1208 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:36:48.0187 1208 WinRM - ok
19:36:48.0328 1208 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0359 1208 WinUsb - ok
19:36:48.0530 1208 WisLMSvc (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files\Launch Manager\WisLMSvc.exe
19:36:48.0546 1208 WisLMSvc - ok
19:36:48.0640 1208 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:36:48.0686 1208 Wlansvc - ok
19:36:48.0889 1208 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:48.0936 1208 wlidsvc - ok
19:36:49.0170 1208 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0186 1208 WmiAcpi - ok
19:36:49.0295 1208 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0326 1208 wmiApSrv - ok
19:36:49.0498 1208 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0529 1208 WMPNetworkSvc - ok
19:36:49.0716 1208 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:36:49.0747 1208 WPCSvc - ok
19:36:49.0794 1208 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:36:49.0810 1208 WPDBusEnum - ok
19:36:49.0919 1208 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0981 1208 ws2ifsl - ok
19:36:49.0981 1208 WSearch - ok
19:36:50.0106 1208 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:36:50.0168 1208 wuauserv - ok
19:36:50.0402 1208 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:36:50.0434 1208 WudfPf - ok
19:36:50.0496 1208 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:50.0527 1208 WUDFRd - ok
19:36:50.0574 1208 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:36:50.0605 1208 wudfsvc - ok
19:36:50.0668 1208 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:36:50.0699 1208 WwanSvc - ok
19:36:50.0777 1208 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
19:36:50.0792 1208 X10Hid - ok
19:36:50.0933 1208 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:36:50.0933 1208 x10nets ( UnsignedFile.Multi.Generic ) - warning
19:36:50.0933 1208 x10nets - detected UnsignedFile.Multi.Generic (1)
19:36:51.0011 1208 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
19:36:51.0011 1208 XUIF - ok
19:36:51.0073 1208 MBR (0x1B8) (2e0fe7fc299470e30383716b164cf901) \Device\Harddisk0\DR0
19:36:53.0975 1208 \Device\Harddisk0\DR0 - ok
19:36:53.0975 1208 Boot (0x1200) (3077d2422fbc886b8a450275f1264c95) \Device\Harddisk0\DR0\Partition0
19:36:53.0975 1208 \Device\Harddisk0\DR0\Partition0 - ok
19:36:54.0006 1208 Boot (0x1200) (d3dbe3ace1da0c70b3f97db81e15c396) \Device\Harddisk0\DR0\Partition1
19:36:54.0006 1208 \Device\Harddisk0\DR0\Partition1 - ok
19:36:54.0037 1208 Boot (0x1200) (7d3b8b28f175e6798ff316d400457adf) \Device\Harddisk0\DR0\Partition2
19:36:54.0037 1208 \Device\Harddisk0\DR0\Partition2 - ok
19:36:54.0037 1208 ============================================================
19:36:54.0037 1208 Scan finished
19:36:54.0037 1208 ============================================================
19:36:54.0053 3144 Detected object count: 6
19:36:54.0053 3144 Actual detected object count: 6
19:37:05.0862 3144 BCA2000 ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 BCA2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144 BCA2000WDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 BCA2000WDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144 NULOAD ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 NULOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.08.2012, 19:29
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2012, 20:33
| #21 |
| | Live Security Platinum Virus - wirklich entfernt? Hier ist der Log: Code:
ATTFilter ComboFix 12-08-13.01 - Anne 13.08.2012 21:20:30.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.2091 [GMT 2:00]
ausgeführt von:: c:\users\Anne\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-13 bis 2012-08-13 ))))))))))))))))))))))))))))))
.
.
2012-08-13 19:27 . 2012-08-13 19:29 -------- d-----w- c:\users\Anne\AppData\Local\temp
2012-08-13 15:39 . 2012-08-13 15:39 -------- d-----w- C:\_OTL
2012-08-11 10:34 . 2012-08-11 10:34 -------- d-----w- c:\program files\ESET
2012-08-09 12:39 . 2012-08-09 12:39 -------- d-----w- c:\users\Anne\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 12:38 . 2012-08-09 12:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-09 12:38 . 2012-08-09 12:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-09 09:23 . 2012-08-09 09:23 -------- d-----w- c:\program files\Common Files\Skype
2012-08-09 09:23 . 2012-08-09 09:23 -------- d-----r- c:\program files\Skype
2012-08-06 09:52 . 2012-08-06 09:52 -------- d-----w- c:\windows\system32\SPReview
2012-08-06 09:36 . 2012-08-06 09:36 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-06 09:34 . 2012-08-06 09:34 -------- d-----w- c:\program files\Common Files\Java
2012-08-06 09:34 . 2012-08-06 09:34 -------- d-----w- c:\program files\Oracle
2012-08-06 09:33 . 2012-07-05 20:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-06 09:31 . 2012-08-06 09:31 -------- d-----w- c:\users\Anne\AppData\Local\Macromedia
2012-08-06 09:29 . 2012-08-06 09:29 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-06 09:29 . 2012-08-06 09:29 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-06 09:29 . 2012-08-06 09:29 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-08-06 09:29 . 2012-08-06 09:29 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-06 09:29 . 2012-08-06 09:29 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-06 08:58 . 2012-08-06 08:58 -------- d-----w- c:\program files\7-Zip
2012-08-05 08:18 . 2012-08-05 08:18 -------- d-----w- c:\users\Anne\AppData\Local\Downloaded Installations
2012-08-04 16:31 . 2012-08-04 16:31 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes
2012-08-04 16:31 . 2012-08-04 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 16:31 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 16:31 . 2012-08-04 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 12:09 . 2012-08-04 12:09 259072 ----a-w- c:\windows\system32\services.exe
2012-08-01 13:04 . 2012-08-04 18:07 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-30 13:13 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCDF5C89-77DB-45AF-A00E-F0E210EC2414}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 10:36 . 2012-05-22 16:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 10:36 . 2012-05-22 16:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-06 09:59 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-05 09:43 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe.AOSS
2012-07-23 08:14 . 2010-07-08 08:05 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-23 08:14 . 2010-07-08 07:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-23 08:14 . 2010-07-08 07:51 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-05 20:06 . 2010-04-22 14:19 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-01 08:58 . 2012-07-01 19:05 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-01 08:58 . 2012-07-01 08:58 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-01 08:58 . 2012-07-01 08:58 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-01 08:58 . 2012-07-01 08:58 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-01 08:58 . 2012-07-01 08:58 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-01 08:58 . 2012-07-01 19:05 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-01 08:58 . 2012-07-01 19:05 116736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-07-01 08:58 . 2012-07-01 19:05 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-01 08:58 . 2012-07-01 08:58 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-01 08:58 . 2012-07-01 08:58 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-01 08:58 . 2012-07-01 08:58 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-01 08:58 . 2012-07-01 08:58 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-12 02:40 . 2012-07-12 15:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-12 15:50 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-12 15:50 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-12 15:50 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-25 16:51 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 16:51 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 16:51 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 16:51 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 16:51 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 16:51 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 16:51 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 16:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-25 16:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 15:51 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 15:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 15:51 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 15:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 15:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-12 15:50 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-12 15:50 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-12 15:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-12 15:50 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-12 15:50 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-04-22 11:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 16:46 . 2010-07-01 08:00 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 16:45 . 2010-07-01 08:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 16:45 . 2010-07-01 08:00 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-06 09:29 . 2012-01-02 17:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-7-1 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCA2000]
2010-07-29 15:47 946176 ----a-w- c:\windows\System32\bca2kcpan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 12:21 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 NULOAD;Behringer BCA2000 Bootloader;c:\windows\system32\Drivers\bca2000ldr.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BCA2000;Behringer BCA2000 V2.1.0.6;c:\windows\system32\Drivers\BCA2000.SYS [x]
R3 BCA2000WDM;Behringer BCA2000WDM V2.1.0.6;c:\windows\system32\Drivers\BCA2000WDM.SYS [x]
R3 CLAVIAUSB;CLAVIAUSB;c:\windows\system32\DRIVERS\ClaviaUSB.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
R3 paeusbaudio;paeusbaudio;c:\windows\system32\DRIVERS\paeusbaudio.sys [x]
R3 paeusbaudiodsp;paeusbaudiodsp;c:\windows\system32\DRIVERS\paeusbaudiodsp.sys [x]
R3 paeusbaudioks;paeusbaudioks;c:\windows\system32\DRIVERS\paeusbaudioks.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 10:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AudioBox VSL - (no file)
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
SafeBoot-BsScanner
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Arturia.Minimoog.V.v1.5-DAC - c:\progra~1\Arturia\MINIMO~1\UNWISE.EXE
AddRemove-M30 Reverb - c:\program files\TC Electronic\M30 Reverb\Native\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-13 21:34:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-13 19:34
.
Vor Suchlauf: 11 Verzeichnis(se), 32.588.107.776 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.250.806.272 Bytes frei
.
- - End Of File - - 679425D39E33BBEEDC0D410EB14496CD
|
|
14.08.2012, 14:22
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt? Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.08.2012, 19:57
| #23 |
| | Live Security Platinum Virus - wirklich entfernt? So alles ist gescannt GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 20:20:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: 7jwgcmr3.exe; Driver: C:\Users\Anne\AppData\Local\Temp\pwldrpow.sys
---- System - GMER 1.0.15 ----
SSDT 913D78A6 ZwCreateSection
SSDT 913D78B0 ZwRequestWaitReplyPort
SSDT 913D78AB ZwSetContextThread
SSDT 913D78B5 ZwSetSecurityObject
SSDT 913D78BA ZwSystemDebugControl
SSDT 913D7847 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8323E3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83277D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8327EEAC 4 Bytes [A6, 78, 3D, 91] {CMPSB ; JS 0x40; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 8327F208 4 Bytes [B0, 78, 3D, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8327F24C 4 Bytes [AB, 78, 3D, 91] {STOSD ; JS 0x40; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 8327F2C8 4 Bytes [B5, 78, 3D, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8327F31C 4 Bytes [BA, 78, 3D, 91]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B16E5000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B16E5123 629 Bytes [05, 6E, B1, FE, 05, 34, 05, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B16E5399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B16E53FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B16E54AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:29:33 on 14.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "M-AudioFastTrackControlPanelApplet.cpl" - "M-Audio, a division of Avid Technology, Inc." - C:\Windows\system32\M-AudioFastTrackControlPanelApplet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "Behringer BCA2000 Bootloader" (NULOAD) - ? - C:\Windows\System32\Drivers\bca2000ldr.sys (File found, but it contains no detailed information) "Behringer BCA2000 V2.1.0.6" (BCA2000) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCA2000.SYS "Behringer BCA2000WDM V2.1.0.6" (BCA2000WDM) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCA2000WDM.SYS "catchme" (catchme) - ? - C:\Users\Anne\AppData\Local\Temp\catchme.sys (File not found) "Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\Windows\System32\DRIVERS\ewusbdev.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\TPkd.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Launcher.lnk" - ? - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "M-Audio Taskbar Icon" - "Avid Technology, Inc." - C:\Windows\system32\M-AudioTaskBarIcon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ALDITALKVerbindungsassistent_Service" (ALDITALKVerbindungsassistent_Service) - ? - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe (File found, but it contains no detailed information) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:31:55
-----------------------------
20:31:55.124 OS Version: Windows 6.1.7601 Service Pack 1
20:31:55.124 Number of processors: 4 586 0x2502
20:31:55.124 ComputerName: ANNE-PC UserName: Anne
20:32:08.524 Initialize success
20:32:52.953 AVAST engine defs: 12081400
20:33:05.324 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:33:05.324 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:33:05.324 Disk 0 MBR read successfully
20:33:05.339 Disk 0 MBR scan
20:33:05.339 Disk 0 unknown MBR code
20:33:05.355 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:33:05.371 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848
20:33:05.402 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904
20:33:05.417 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
20:33:05.433 Disk 0 scanning sectors +625139712
20:33:05.480 Disk 0 scanning C:\Windows\system32\drivers
20:33:22.921 Service scanning
20:34:08.519 Modules scanning
20:34:24.993 Disk 0 trace - called modules:
20:34:25.009 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:34:25.024 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883ce948]
20:34:25.024 3 CLASSPNP.SYS[8bb8559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8685e028]
20:34:25.913 AVAST engine scan C:\Windows
20:34:29.221 AVAST engine scan C:\Windows\system32
20:37:38.777 AVAST engine scan C:\Windows\system32\drivers
20:37:56.561 AVAST engine scan C:\Users\Anne
20:53:47.367 AVAST engine scan C:\ProgramData
20:55:15.866 Scan finished successfully
20:56:27.189 Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
20:56:27.189 The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:58:29
-----------------------------
20:58:29.579 OS Version: Windows 6.1.7601 Service Pack 1
20:58:29.579 Number of processors: 4 586 0x2502
20:58:29.579 ComputerName: ANNE-PC UserName: Anne
20:58:30.858 Initialize success
20:58:36.256 AVAST engine defs: 12081400
20:58:39.126 The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR.txt"
|
|
15.08.2012, 13:13
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.08.2012, 14:31
| #25 |
| | Live Security Platinum Virus - wirklich entfernt? Habe den MRBFix Button gedrückt. Hat aber nicht lange gedauert, hoffe das ist alles richtig so. Hier der Log des anschließenden Scans: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 15:01:39
-----------------------------
15:01:39.592 OS Version: Windows 6.1.7601 Service Pack 1
15:01:39.592 Number of processors: 4 586 0x2502
15:01:39.607 ComputerName: ANNE-PC UserName: Anne
15:01:42.181 Initialize success
15:01:48.624 AVAST engine defs: 12081400
15:01:52.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:01:52.524 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
15:01:52.540 Disk 0 MBR read successfully
15:01:52.555 Disk 0 MBR scan
15:01:52.555 Disk 0 Windows 7 default MBR code
15:01:52.571 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:01:52.587 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848
15:01:52.618 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904
15:01:52.633 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
15:01:52.649 Disk 0 scanning sectors +625139712
15:01:52.696 Disk 0 scanning C:\Windows\system32\drivers
15:02:04.911 Service scanning
15:02:38.747 Modules scanning
15:03:05.657 Disk 0 trace - called modules:
15:03:05.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:03:05.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883cd618]
15:03:05.704 3 CLASSPNP.SYS[8bb7359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86457028]
15:03:06.765 AVAST engine scan C:\Windows
15:03:10.743 AVAST engine scan C:\Windows\system32
15:06:01.111 AVAST engine scan C:\Windows\system32\drivers
15:06:14.792 AVAST engine scan C:\Users\Anne
15:21:43.571 AVAST engine scan C:\ProgramData
15:25:21.612 Scan finished successfully
15:31:27.339 Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
15:31:27.339 The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR2.txt"
Tim |
|
15.08.2012, 20:29
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 12:25
| #27 |
| | Live Security Platinum Virus - wirklich entfernt? So habe beide Scans gemacht. Hier die Logs: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Anne :: ANNE-PC [Administrator] 16.08.2012 09:44:28 mbam-log-2012-08-16 (09-44-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 411119 Laufzeit: 1 Stunde(n), 47 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Superantispyware: ( habe die 20 Cookies entfernen lassen ) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 01:01 PM
Application Version : 5.5.1012
Core Rules Database Version : 9067
Trace Rules Database Version: 6879
Scan type : Quick Scan
Total Scan Time : 00:49:52
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 27536
Registry threats detected : 0
File items scanned : 26694
File threats detected : 20
Adware.Tracking Cookie
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\7E1ZVGW2.txt [ /c.atdmt.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\U3D13YSQ.txt [ /imrworldwide.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\KGOL62ZU.txt [ /adfarm1.adition.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\D8B02B6N.txt [ /fastclick.net ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\VI108S8Y.txt [ /apmebf.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0O8DU195.txt [ /ad.zanox.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\YAPXA9Z7.txt [ /atdmt.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\8WVT3US1.txt [ /zanox.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\19CJ8BTM.txt [ /mediaplex.com ]
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\NKVGLNPH.txt [ /ad1.adfarm1.adition.com ]
C:\USERS\ANNE\Cookies\7E1ZVGW2.txt [ Cookie:anne@c.atdmt.com/ ]
C:\USERS\ANNE\Cookies\U3D13YSQ.txt [ Cookie:anne@imrworldwide.com/cgi-bin ]
C:\USERS\ANNE\Cookies\KGOL62ZU.txt [ Cookie:anne@adfarm1.adition.com/ ]
C:\USERS\ANNE\Cookies\D8B02B6N.txt [ Cookie:anne@fastclick.net/ ]
C:\USERS\ANNE\Cookies\VI108S8Y.txt [ Cookie:anne@apmebf.com/ ]
C:\USERS\ANNE\Cookies\0O8DU195.txt [ Cookie:anne@ad.zanox.com/ ]
C:\USERS\ANNE\Cookies\YAPXA9Z7.txt [ Cookie:anne@atdmt.com/ ]
C:\USERS\ANNE\Cookies\8WVT3US1.txt [ Cookie:anne@zanox.com/ ]
C:\USERS\ANNE\Cookies\19CJ8BTM.txt [ Cookie:anne@mediaplex.com/ ]
C:\USERS\ANNE\Cookies\NKVGLNPH.txt [ Cookie:anne@ad1.adfarm1.adition.com/ ]Su
Tim |
|
16.08.2012, 13:52
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Live Security Platinum Virus - wirklich entfernt?Code:
ATTFilter UAC On - Limited User
Code:
ATTFilter Scan type : Quick Scan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.08.2012, 13:53
| #29 |
| | Live Security Platinum Virus - wirklich entfernt? Ja, einfach mit Doppelklick. Oh den letzten Satz hab ich grade erst gelesen. Hab ich mich wohl verguckt ^^ Ich mach gleich nochmal einen Vollscan als Administrator Öh.  Da wurde ja jetzt ne ganze Menge mehr gefunden ^^Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 05:38 PM
Application Version : 5.5.1012
Core Rules Database Version : 9068
Trace Rules Database Version: 6880
Scan type : Complete Scan
Total Scan Time : 02:26:05
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 35882
Registry threats detected : 0
File items scanned : 176925
File threats detected : 325
Trojan.Agent/Gen-FraudTool[Tiny]
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1370@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1DC@1F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1084@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1438@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D0AC@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11994@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15A5D8@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1240@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1350@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@103C@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A8@1632770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C9B8@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16E8@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@27E0C@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F8@2C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1268@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF40@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11C018@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1660@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10474@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14E8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10BC@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2DC0@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143C@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@164654@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C84A4@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16D8@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2BAC@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12748@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C0AD8@662770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11E4@15E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@898@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1708@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C4@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6DB8@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10AC@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@15F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1088@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D64@1302770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13684@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12E8@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10EFC@1312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E7608@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1360@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F59C@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF18@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C050@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17A3F8@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1710@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DDF78@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C4@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F9DC@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1038@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F05C@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CAD0@2F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@159C38@1692770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C7E30@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C30@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12C0@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1634@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CCA0@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15924C@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@16A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@100C@792770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@762770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F958@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1094@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1020@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@782C0@1652770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@162044@652770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10D8@2E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@138C@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1320@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17B0@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F58@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF050@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@112C@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@894@772770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@174C@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17C8@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@1312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1684@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DFC@13A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@153900@7A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A8@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F714@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1224@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1354@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F0@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1778@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@1682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14C@622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CE94@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11898@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143A7C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1090@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1318@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1718@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1314@222770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A810@2F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F70@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1600@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12558C@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A88@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1010@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1040@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1120@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1180@1352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@1622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12AC@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13F4@1502770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1474@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15EC@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1648@2B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F0@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1764@612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17D8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1B0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@198AC@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1A52D0@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1AC08@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1BC@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C57C@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C8@1352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D3A4@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D4@2B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F1888@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F5D0@13D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@220@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2053C@362770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@215348@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@21FC8@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A4@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@231C@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@23A1C@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@25C4@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2637C@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@26C90@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@270@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@278C@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2AD2B4@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B0@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B4@1322770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C1C@272770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C8@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D98@2E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E504@1502770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FC78@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FD48@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3018@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@304@282770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3230C@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@32360@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@34188@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3480@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@37558@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@378@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3AC@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3BDF4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3D8@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F0@772770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F34C@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@459C4@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@1422770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@6A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@41C@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@434@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@44EF4@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CC@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@468@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@46C38@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@48C@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@498@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CD4@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@558@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4DC@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4F40@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@514@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5330C@1662770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@53380@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5CC@1632770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@564@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@598@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@59C@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5E60@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5ECC@672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F0@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F64@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@60A2C@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@634@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@689FC@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6998@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6BC@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6C8@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@718@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@720@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@72C@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@748@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@75C@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@784@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@78@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A0@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A708@6F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7C@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7D288@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@878@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E8@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7F3A4@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81ADC@262770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81CF0@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@850@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@854@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@86C@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@890@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@89C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8C220@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8DC@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8FC@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@978@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9120@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@94E84@3D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A74@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@980@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9B4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9F8@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A098@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A1C@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AE4@1612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A80@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A84@782770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AA5BC@2C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AB0@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@ABC@3A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AC8@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AD4@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BC8@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B00@672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B24@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B48@15F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B7C@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BA4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BD4@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BE0@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C14@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C1C@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C4C@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C548@792770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C80@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C8AE8@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C9008@352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CBC@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CDC@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D14@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D28@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D2C@13F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D304@1342770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D4C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D60@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6C@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD0@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D70@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D84@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D98@13D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DAC@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DB0@1422770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DBC08@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DC220@7B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD8@15D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DEC@352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF0@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E5C@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF8@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E00@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E28@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E2E1C@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE8@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E8150@312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EA0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EC0@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EF0@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F28@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F2C@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F40C@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9C@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F4C@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F78@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F88@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9A90@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FA4@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@302770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FCC@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FD4@622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FEC@1E2770.###
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 08/16/2012 at 05:38 PM
Application Version : 5.5.1012
Core Rules Database Version : 9068
Trace Rules Database Version: 6880
Scan type : Complete Scan
Total Scan Time : 02:26:05
Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 701
Memory threats detected : 0
Registry items scanned : 35882
Registry threats detected : 0
File items scanned : 176925
File threats detected : 325
Trojan.Agent/Gen-FraudTool[Tiny]
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1370@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1DC@1F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1084@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1438@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D0AC@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11994@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15A5D8@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1240@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1350@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@103C@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A8@1632770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C9B8@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16E8@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@27E0C@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F8@2C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1268@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF40@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11C018@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1660@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10474@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14E8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10BC@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2DC0@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143C@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@164654@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C84A4@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16D8@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2BAC@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12748@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C0AD8@662770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11E4@15E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@898@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1708@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C4@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6DB8@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10AC@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@15F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1088@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D64@1302770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13684@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12E8@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10EFC@1312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E7608@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1360@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F59C@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF18@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C050@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17A3F8@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1710@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DDF78@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C4@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F9DC@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1038@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F05C@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CAD0@2F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@159C38@1692770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C7E30@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C30@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12C0@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1634@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CCA0@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15924C@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@16A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@100C@792770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@762770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F958@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1094@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1020@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@782C0@1652770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@162044@652770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10D8@2E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@138C@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1320@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17B0@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F58@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF050@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@112C@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@894@772770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@174C@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17C8@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@1312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1684@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DFC@13A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@153900@7A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A8@13E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F714@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1224@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1354@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F0@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1778@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@1682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14C@622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CE94@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11898@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143A7C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1090@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1318@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1718@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1314@222770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A810@2F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F70@202770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1600@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12558C@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A88@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1010@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1040@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1120@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1180@1352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@1622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12AC@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13F4@1502770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1474@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15EC@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1648@2B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F0@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1764@612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17D8@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1B0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@198AC@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1A52D0@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1AC08@1532770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1BC@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C57C@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C8@1352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D3A4@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D4@2B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F1888@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F5D0@13D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@220@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2053C@362770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@215348@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@21FC8@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A4@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@231C@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@23A1C@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@25C4@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2637C@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@26C90@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@270@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@278C@3B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2AD2B4@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B0@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B4@1322770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C1C@272770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C8@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D98@2E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1402770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E504@1502770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FC78@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FD48@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3018@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@304@282770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3230C@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@32360@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@34188@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3480@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@37558@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@378@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3AC@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3BDF4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3D8@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F0@772770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F34C@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@459C4@1442770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@1422770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@6A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@41C@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@434@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@44EF4@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CC@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@468@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@46C38@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@48C@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@498@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CD4@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@558@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4DC@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4F40@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@514@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5330C@1662770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@53380@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5CC@1632770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@564@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@598@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@59C@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5E60@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5ECC@672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F0@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F64@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@60A2C@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@634@732770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@689FC@1392770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6998@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6BC@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6C8@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@718@13B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@720@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@72C@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@748@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@75C@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@784@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@78@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A0@1482770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A708@6F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7C@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7D288@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@878@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E8@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7F3A4@1E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81ADC@262770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81CF0@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@850@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@854@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@86C@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@890@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@89C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8C220@1462770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8DC@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8FC@1452770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@978@14C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9120@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@94E84@3D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A74@1372770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@980@232770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9B4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9F8@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A098@742770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A1C@682770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AE4@1612770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A80@14E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A84@782770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AA5BC@2C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AB0@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@ABC@3A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AC8@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AD4@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BC8@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B00@672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B24@1432770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B48@15F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B7C@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BA4@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BD4@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BE0@13C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C14@14A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C1C@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C4C@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C548@792770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C80@1512770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C8AE8@3C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C9008@352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CBC@15C2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CDC@6D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D14@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D28@1562770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D2C@13F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D304@1342770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D4C@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D60@252770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6C@1382770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD0@242770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D70@15A2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D84@1592770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D98@13D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DAC@1672770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DB0@1422770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DBC08@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DC220@7B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD8@15D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DEC@352770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF0@1582770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E5C@1412770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF8@752770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E00@3E2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E28@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E2E1C@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE8@15B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E8150@312770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EA0@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EC0@1542770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE4@1552770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EF0@1572770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F28@14B2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F2C@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F40C@1602770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9C@1472770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F4C@1522770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F78@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F88@3F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9A90@1492770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FA4@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@212770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@302770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FCC@14F2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FD4@622770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@14D2770.###
C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FEC@1E2770.###
Also den Log habe ich schon in meinem vorherigen Beitrag gepostet, ich habe bei SUPERAntiSpyware auf "Remove Threads" geklickt. Gruß, Tim Noch ein Versuch von einem anderen Rechner. Sollte jetzt ein neues Post entstehen siehe vorheriges Post von mir. Und noch ein Postingversuch - vielleicht klappts ja jetzt. Siehe vorheriges Post. Und noch ein Versuch Und noch ein Versuch ein neues Post zu machen. Erklärung siehe vorherigen Post. Geändert von BlegJakun (16.08.2012 um 14:07 Uhr) |
|
17.08.2012, 16:57
| #30 |
| | Live Security Platinum Virus - wirklich entfernt? Und noch ein Versuch. Edit: Ah es hat geklappt! Ichn konnte bis grade keine Antworten mehr schreiben. Immer wenn ich eine Antwort geschrieben hatte, wurde nur mein vorheriger Beitrag editiert. Also der Log von SUPERAntiSpyware ist oben Gruß, Tim |
|
| Themen zu Live Security Platinum Virus - wirklich entfernt? |
| audacity, autorun, avira, bho, bonjour, booten, chip.de, error, excel, explorer, fehler, firefox, flash player, format, home, infizierte, infizierte dateien, install.exe, live security platinum, locker, logfile, ntdll.dll, office 2007, opera, plug-in, realtek, registry, richtlinie, rundll, security, software, super, superantispyware, system, trojaner, usb 2.0, virus, windows |
Linear-Darstellung
