|
Plagegeister aller Art und deren Bekämpfung: Home.sweetim.com und Norton AntivirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.10.2012, 10:41 | #1 |
| Home.sweetim.com und Norton Antivirus Hallo Ihr Lieben, ich sitze im Moment an dem PC meiner Eltern und hier stimmen mal wieder ein paar Sachen nicht. Erstens kommt bei Google Chrome immer die Seite Home.sweetim.com, da würde mich interessieren wie ich diese los werde! Zweitens hatten meine Eltern den Norton AV drauf, dieser ist mittlerweile abgelaufen und sie haben Avast drauf. Trotzdem spukt der Norton noch herum, wenn meine Mutter von der Arbeit eine .doc Datei auf ihre Yahoo Emailadresse bekommt behauptet Norton es handle sich um einen Virus und die Datei werde gelöscht - diese lässt sich dann also weder speichern noch aufmachen. Wobei sie auch ganz sicher kein Virus ist oder beinhaltet. Kann mir hier bitte jemand helfen? Ich bin bis Dienstag Früh hier, danach fahren wir wieder nach Hause (300 km). LG Rapunzel |
28.10.2012, 12:54 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton AntivirusZitat:
Von allein verschwindet das Programm nicht auch wenn es abgelaufen ist! Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
28.10.2012, 14:11 | #3 |
| Home.sweetim.com und Norton Antivirus Den Norton haben wir deinstalliert, er findet sich nicht mehr in der Liste der Programme.
__________________Zum OTL. ich hab das kleine Problem, dass ich den gar nicht erst runterladen kann, da kommt die Fehlermeldung: C:\\Users\Edith\Downloads\OTL.exe konnte nicht gefunden werden. Stellen sie sicher, dass sie den richtigen Namen eingegeben haben und wiederholen sie den Vorgang. Die Meldung krieg ich wenn ich es mit GoogleChrome versuche, wenn ich es mit dem InternetExplorer versuche wird behauptet das Dokument hätte einen Virus enthalten und wurde gelöscht (genauso wie bei dem Word Dokument meiner Mutter) Ich hatte auch grad versucht den Malewarebytes runter zu laden, da passiert das gleiche... Geändert von Rapunzel (28.10.2012 um 14:21 Uhr) |
28.10.2012, 15:07 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton AntivirusZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.10.2012, 15:18 | #5 |
| Home.sweetim.com und Norton Antivirus Ich erkläre mir das gar nicht, er ist in der Liste der Programme nicht mehr zu finden. Meine Mutter wollte mir gestern zeigen, dass sich Downloads nicht öffnen lassen, ist in ihr Yahoo Postfach rein, hat eine Word datei angeklickt und es kam die Meldung dass die Datei angeblich einen Virus enthalten würde, da stand dann in dem Fenster auf der rechten Seite der Norton dabei, allerdings tauchte das Norton Symbol heut nicht mehr auf als ich versucht hab OTL zu downloaden. Ich hab keine Ahnung welches Programm oder welche Einstellung das downloaden verhindert. Gibt es noch eine andere Möglichkeit? |
28.10.2012, 15:36 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton Antivirus Damit Norton bitte entfernen => https://www-secure.symantec.com/nort...=1&lg=en&ct=us
__________________ --> Home.sweetim.com und Norton Antivirus |
28.10.2012, 18:38 | #7 |
| Home.sweetim.com und Norton Antivirus anbei das OTL Logfile, Norton Deinstaller hab ich drüber laufen lassen - Danke OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 18:05:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,79% Memory free 6,20 Gb Paging File | 4,66 Gb Available in Paging File | 75,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 115,77 Gb Free Space | 49,77% Space Free | Partition Type: NTFS Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 12,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Edith\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe () PRC - C:\Programme\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter7\npfirefoxprocessor.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter7\npwmi.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter7\npsurvey.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter7\npsp1.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter7\communication.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\nsmmc.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\Acer\Empowering Technology\SysMonitor.exe () MOD - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe () MOD - C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll () MOD - C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll () MOD - C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) SRV - (NielsenUpdate) -- C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (nnfwdk) -- C:\Programme\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys (The Nielsen Company) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201 IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\prxtbBig0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2843456 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes\{181DC6FE-6D1D-4817-A41E-8BBBAB8A0928}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Edith\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Edith\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions [2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - homepage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A} CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Edith\AppData\Local\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Edith\AppData\Local\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Edith\AppData\Local\Google\Chrome\Application\22.0.1229.96\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: NielsenOnline (Enabled) = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\chrometracker.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll CHR - plugin: Google Update (Enabled) = C:\Users\Edith\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: AT_EdwardMonkton = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\booflobnmaoihdbknliaicjbfdndgamf\2_0\ CHR - Extension: Google-Suche = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Nielsen = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.2_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Google Mail = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: AT_EdwardMonkton = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\booflobnmaoihdbknliaicjbfdndgamf\2_0\ CHR - Extension: Google-Suche = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Nielsen = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.2_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\ CHR - Extension: Google Mail = C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\prxtbBig0.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (Bigpoint Games DE Toolbar) - {0e3dbc69-a682-48da-84e1-82c63a5d678e} - C:\Programme\Bigpoint_Games_DE\prxtbBig0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O3 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\Toolbar\WebBrowser: (Bigpoint Games DE Toolbar) - {0E3DBC69-A682-48DA-84E1-82C63A5D678E} - C:\Programme\Bigpoint_Games_DE\prxtbBig0.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NielsenOnline] C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - Startup: C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\EROPROJ.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..Trusted Domains: localhost ([]http in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} hxxp://acerde.oberon-media.com/online/online2/zuma/oberongamesloader.cab (OberongamesLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96895559-8754-4D3B-8B4B-1A2717C5CBFC}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG O24 - Desktop BackupWallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell - "" = AutoRun O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell\AutoRun\command - "" = L:\Password.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 18:03:42 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Edith\Desktop\mbam-setup-1.65.1.1000.exe [2012.10.28 18:03:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Edith\Desktop\OTL.exe [2012.10.28 10:30:39 | 000,000,000 | ---D | C] -- C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.10.22 09:33:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.10 08:37:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 08:36:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 08:36:45 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.28 18:00:13 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Edith.job [2012.10.28 17:50:22 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Edith\Desktop\mbam-setup-1.65.1.1000.exe [2012.10.28 17:47:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edith\Desktop\OTL.exe [2012.10.28 17:27:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1523784361-1419484075-2864972026-1000UA.job [2012.10.28 17:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 16:30:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 16:30:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 14:09:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.10.28 14:00:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 10:36:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.28 10:36:15 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.28 10:36:15 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.28 10:36:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.28 10:30:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.10.28 10:30:20 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.10.28 09:26:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1523784361-1419484075-2864972026-1000Core.job [2012.10.27 14:58:25 | 000,000,104 | ---- | M] () -- C:\Users\Edith\Desktop\Papierkorb - Verknüpfung.lnk [2012.10.23 12:18:34 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.10.23 12:18:34 | 000,360,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.10.23 12:18:34 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.10.23 12:18:34 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.10.23 12:18:33 | 000,199,320 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys [2012.10.23 12:18:33 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.10.23 12:18:32 | 000,106,560 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys [2012.10.23 12:18:32 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.10.23 12:18:32 | 000,020,624 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys [2012.10.23 12:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.10.23 12:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.10.22 09:31:30 | 000,000,232 | ---- | M] () -- C:\Users\Edith\Desktop\Search the Web.url [2012.10.16 12:11:54 | 000,010,752 | ---- | M] () -- C:\Users\Edith\Documents\Nachhilfeschüler.xlr [2012.10.16 12:11:54 | 000,004,962 | ---- | M] () -- C:\Users\Edith\AppData\Roaming\wklnhst.dat [2012.10.09 08:19:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 08:19:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.27 14:58:25 | 000,000,104 | ---- | C] () -- C:\Users\Edith\Desktop\Papierkorb - Verknüpfung.lnk [2012.10.22 09:31:30 | 000,000,232 | ---- | C] () -- C:\Users\Edith\Desktop\Search the Web.url [2012.05.28 08:16:45 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini [2011.03.06 15:08:24 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.29 13:13:59 | 000,000,680 | ---- | C] () -- C:\Users\Edith\AppData\Local\d3d9caps.dat [2010.05.29 19:09:18 | 002,316,435 | ---- | C] () -- C:\Users\Edith\schmehle2.jpg [2010.05.29 19:08:52 | 002,026,392 | ---- | C] () -- C:\Users\Edith\schmehle1.jpg [2010.05.29 19:08:21 | 002,139,614 | ---- | C] () -- C:\Users\Edith\schmehle.jpg [2009.08.20 19:19:21 | 000,052,224 | ---- | C] () -- C:\Users\Edith\Zeitungsliste.xlr [2009.05.26 10:40:31 | 000,004,962 | ---- | C] () -- C:\Users\Edith\AppData\Roaming\wklnhst.dat [2009.05.14 20:10:21 | 000,027,648 | ---- | C] () -- C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.13 23:40:24 | 000,007,090 | ---- | C] () -- C:\Users\Edith\AppData\Local\slot1.mm1 ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 407 bytes -> C:\ProgramData\TEMP:B890E098 @Alternate Data Stream - 405 bytes -> C:\ProgramData\TEMP:80873EE2 @Alternate Data Stream - 403 bytes -> C:\ProgramData\TEMP:AB985F7C @Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:F0A4F95E @Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:3A35C29C @Alternate Data Stream - 400 bytes -> C:\ProgramData\TEMP:C72E5875 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:E1A68E67 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:CB66E9B7 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:9A071EA2 @Alternate Data Stream - 396 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 395 bytes -> C:\ProgramData\TEMP:D4CD7005 @Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:94C8B75E @Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:44B5FE44 @Alternate Data Stream - 393 bytes -> C:\ProgramData\TEMP:28A1F3CB @Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:CE1DA626 @Alternate Data Stream - 391 bytes -> C:\ProgramData\TEMP:E96C83D4 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:BE03B635 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:92B1F486 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:5177EEE7 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:387A6F49 @Alternate Data Stream - 388 bytes -> C:\ProgramData\TEMP:A060A953 @Alternate Data Stream - 385 bytes -> C:\ProgramData\TEMP:1F3EEC32 @Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:F85284EA @Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:02067B2A @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:D6BDD51E @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:B01C2351 @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:4C96DCB8 @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:453C1FA2 @Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:3CC5A5D1 @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FEE5129B @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FBC7D82D @Alternate Data Stream - 379 bytes -> C:\ProgramData\TEMP:9060A47A @Alternate Data Stream - 376 bytes -> C:\ProgramData\TEMP:804A4210 @Alternate Data Stream - 369 bytes -> C:\ProgramData\TEMP:E5E4A530 @Alternate Data Stream - 367 bytes -> C:\ProgramData\TEMP:4B476508 @Alternate Data Stream - 365 bytes -> C:\ProgramData\TEMP:5A05820A @Alternate Data Stream - 361 bytes -> C:\ProgramData\TEMP:8BC965A1 @Alternate Data Stream - 357 bytes -> C:\ProgramData\TEMP:1D32EC29 @Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:DE3A8059 @Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:83FDB6DC @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:94B65E3C @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:BA660D25 @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:EF20E652 @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:07E55929 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C7F76735 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:9F9D57FD @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:2C16E576 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:20D0F267 @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:E1B0CF05 @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:5690D76E @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:A2FC7F08 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:92298B59 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:683BD5A8 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:65AAB2AD @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:26B7B9EA @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0B32B6C9 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E779F65A @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C0601E00 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:874EE5CB @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:7A30DA6A @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E1031541 @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:9959803A @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1E3397DC @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1DECED1B @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1C93E55E @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1960DAF2 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9AB338B9 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9A7901A9 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9756362E @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:7CACEF61 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4CD2D817 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:3D11302A @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:2D6D1D25 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:21637AEC @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1B1330FD @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1A60DE96 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05816AFA @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05650B69 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0105A66F @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDE8EA85 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:E189EC1B @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:CD6978FC @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ACFD5043 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:AC57032B @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A5808D58 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A118E9A3 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9CD61266 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9A842F5C @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:942BD321 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:61FB58C9 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3EEE7620 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3B9582E0 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF919E6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E7F71472 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E35A81F4 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DB4758C6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:BAE8784F @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:A967571A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:9F36615A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8FF962C6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7FB8A209 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7F66BF58 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:68C4BECC @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:3C75E5BE @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:2FF4577A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:049C87B7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F62CAE78 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EF4B1DA9 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EDED3240 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC36F550 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D8A7F3FF @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D16E7091 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C9F873D0 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C5C5F2F2 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B1B9AE56 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B110897C @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AE78B77A @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:99A72E3A @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:81C88EA7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7991541F @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:700B8E2E @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5E0617AC @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:21745EE1 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:01D3D7F4 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ECB488E5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E6E9EB6C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E10DCAF3 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DB365884 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D16A56DE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BA4AE5FC @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ACDADE10 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AB554F94 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9BE4A88F @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:948CDB3D @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6B9828AE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E748D4C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E4A7758 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:56530ABD @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4EB84EC1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:41326804 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2E0A3B1D @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:26EE282C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:24AB14E7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:23A1F55B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:20FFCF0B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1D9ED8F7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:158CC5FF @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:0EC9720B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:05113FB9 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FC89CE5A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EC4E61E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CD9B334A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:BD8705CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ABD3B354 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A68B9D77 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8FC027DE @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:88BFF41D @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:794BB94F @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:742F1EE5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4D3513A5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3BAD46F6 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:26C2E4B1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:17FF6514 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:0AE8FC60 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FDAF118C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD20BDA6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F59916B9 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DE22D45C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABA71843 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:730BC923 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5A27D490 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:53992C73 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3612C9BE @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2D1BE4C6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24DC7949 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2085D07D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EBE4F6FC @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E463CA56 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E3AFC61E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1069F99 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CF2C26D2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEED62ED @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BAD88AD2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8D79965B @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AD1F2E0 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:82C50600 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:77271429 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6B5A665E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:53F381F1 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:531637AD @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:442B1B91 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3EA1C214 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:29DA7FEE @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:18295838 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0651F96C @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:06253D7D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0207454C @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FA8ADCCD @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F19EC797 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CBCE0A92 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C226A7C2 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B8B102B9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:7C4DCB5B @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:765C6A14 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:593E515D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:43ABA97D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:375B96CE @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:34BCB6A9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:226A6E31 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C5A6770 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F79DAA38 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E60D24D7 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8E9D804 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C104B0EF @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9B750A13 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:97AB2056 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7E100A8C @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60D0CFE2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:48529647 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:45BC0AAA @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3965C4E8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:37CE0F2E @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:204BEE0F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:16A2C6C0 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E37A445 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FF818E2B @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FB914833 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EF2D54F9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E90251A2 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DD3F5AF4 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D74C2847 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C44E62F1 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BB24555F @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B9775780 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:ADE91125 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB5B8755 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9CB2B6C5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8A026284 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:860D9052 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:81F83028 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7E26B7DC @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EAE3ABC @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6BD1DCDD @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5D2DC0A6 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35632DDA @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:232300C2 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1D60AEC3 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1CE3DF80 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FE144218 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E7700065 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E31D4564 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCDE7C60 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE0A077E @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C70C12CF @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:ACCFB883 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9C7B545 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9B2AAD0 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A362A045 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9B9441A5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9AB9ECE0 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8C443193 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:69FA7876 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6051163F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5A13AEC2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A48591F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:195E9213 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:18AE7C5A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:100384F2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0D864221 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:003A85AC @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F565FB91 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DBA1A307 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DB563BE7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B5D277AB @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9C504A4D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BCE9E9B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9658F8A2 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93CE17D1 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91CF76E3 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8E6845BC @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8BBD1F9A @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:80A70180 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7EE43C06 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:74456BF5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5304CF6F @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F8BECB9 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:46545F5C @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2B059D79 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:268F887D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:13B137AF @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E0CDAF60 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D93DCF15 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D77C0A61 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D417F0D5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:792C1D5C @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:61AF91EC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3FF8D96E @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3F22DA14 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A615C9C @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0E341035 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0256104B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E62BE020 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E40BF3ED @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E22211E1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C40E212B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B79388B4 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B310C233 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:ADCBD4B1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A13E0480 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9C5E2795 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9296EC11 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8F76671E @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6720DF40 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:49F896E9 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1DFC024D @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:19AD1878 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FE4E15B1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F68CB977 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D478F292 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C71DF9C6 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36E5828 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:956EC010 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:92D18A5E @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:898C038B @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:84744B34 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798F4CE4 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7079A696 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:687D1056 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:52FE3CCD @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4C33F119 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:45A334DD @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:404C30E3 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:20B17557 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:18FCA3F2 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17C6C557 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:072B9E55 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F82CA780 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F2F115B4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F1FE38D7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D8EA2847 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D3930F74 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:940ECC98 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:858D9994 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80234CE0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6A7B7A50 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:50A11A00 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4EAD6852 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4B112591 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:386E239F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:38317199 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:30F1AD86 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:029E021F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:02573978 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:023F0743 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:002640E3 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDD78BE5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E4EAA06A @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE38CB5F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D61069DE @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CDA9D806 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C8EAE2CC @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C2E33402 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54102AD @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7DFDF9DF @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:72E546C1 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:651AC260 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3A29D202 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:39294FE1 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B154164 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1AD5880D @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:174B11D8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:15FA1ECB @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C9B93CC4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B83BF1A6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:91DFBB4A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8F7ECF6A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:87F524B2 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8599F087 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7C0CBD4C @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7B227418 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:76986D86 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6CFD36EA @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:54997B77 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4890C28A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:322EAACD @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2E0BE9CA @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CBB1EC8 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2504A086 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:225C4FFC @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E640041 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:09DC8014 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FACC16FC @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FA45F5FF @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F4BE8180 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F42CF153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D0397AE3 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C762A926 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C4AAD3E4 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:97A03D0F @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:902B6A44 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8FBE0E9C @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8DCF53BE @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5E3FBF9D @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:541F9F51 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:47317C33 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:42275BC2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:373C6DC2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2FAFBD6A @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2A5BC0A9 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26140299 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1FDDA142 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1ECB0F6C @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1DDD0008 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:128A6DC9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F131B2B8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E6B1AD87 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E55CE2D1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3FFFBA9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B837C568 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A6A9036 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:73CCE32D @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6FCD73D7 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:63A71C6F @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:55781AF7 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:516FF8A1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3E424252 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3D4CCD1E @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:22C80839 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1AE68282 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EB3A09D6 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA43B001 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DDE7FCF4 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5E0BCE9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:949E3D1B @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:90E60569 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7D49B96B @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:700CD00E @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64A7B9DE @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:51F17074 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5199C971 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:017D5143 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F65733F1 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E8F2A400 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BC521608 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:AA9519A6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A3F4C22C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:98A71B94 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:95B8F7F6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:74699137 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:595E476D @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:45E33ED2 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39F44D9C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A8CD561 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A0E0B9F @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:20B9E63F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D20FFA63 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C5B70C5D @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:88555A1F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8750DCE4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70F0A2F4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6C22B38A @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:62197B73 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4D7FCCD3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48070A48 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4300D829 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2F46E9A6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1AF93AF4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A18093F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:01453AF3 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F86CC73E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F854B030 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E8E51D31 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6C2C750 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D5C1AF61 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CCF42AF8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C0D722EB @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A9D9351A @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4AD016E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:98104906 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8DD623B3 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8C885EDD @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7D2C5D65 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:799B8AA7 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:793ABD2B @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6C3B96F0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:51C0853C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C97EF04 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3E7C402E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:087D1C56 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:01EDA307 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E71141D2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D091E13E @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C6DBBC03 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B8EA2C49 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:981884E7 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8F925134 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8D8F3340 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B502CB @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5425B7F5 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52A42F4C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4DBBB4EA @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4B1807BE @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:369A9F46 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:30376ACC @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2CFBE2D1 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0503B6B8 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F6E5C7FB @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E89EDC52 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D30CE047 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CCBF0D67 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B358A070 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8F5346F2 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5D458568 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51387F29 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:07A75CBF @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F9CEBD79 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EAB1AD1B @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E9CB5ECC @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D43ACD11 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C7D36B80 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B42328DE @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:92209557 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90FE524C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:895798AD @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:85B53F5F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E68DD27 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:756C8543 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:741CA49D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5743A858 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DE8C719 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3867977D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2A8A3140 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:02C1CB6D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FDA8D6AE @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F84F494D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E7AD9690 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E749BCD7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DF3D49ED @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C77DCC63 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A86C3734 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A0405560 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9E64EBA6 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8C84073F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:857692EC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:85526F54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:77B90F12 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:726A7C8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6C81A062 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5B111056 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:551E1CB4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:54F7A151 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:53546330 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2E964D2D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1AAEFD5D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1013B07C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DF5BAC78 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DE29D4A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DAFAF1BF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C8D1C36C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BE9A1C90 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A833FADB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3857D86 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:981349EA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:93F6D130 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:864A52B8 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5EBA4934 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4ABFB16D @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3FBB88CF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3CA18B6B @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38788EA7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3095BD69 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1BC99E01 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1941675B @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F01E7F17 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ED66F190 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E6433F27 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E2C7E93F @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D44D0CA3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B3B92717 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ABCD2B94 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9950163C @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E158DDD @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:478FEFC3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:409F27A9 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33C7F7F2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0A9883D3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D5458F6B @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4EDDC66F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6BE1CEA @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F538558 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5EC637CB @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFA00BA4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:74BB299D @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D723B3A @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F791B5EF @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D68C96C3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C4F2D2B @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C458D50 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81365633 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:56AB0B90 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:45E74272 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:147DA06A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F7124EAF @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A78FEBF9 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93C494CA @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:40DEEFF7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D226F1A4 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2411B07C @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CFE0B346 < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 18:06:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,79% Memory free 6,20 Gb Paging File | 4,66 Gb Available in Paging File | 75,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 115,77 Gb Free Space | 49,77% Space Free | Partition Type: NTFS Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 12,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006954EA-33EB-4662-842D-0ED75DD46D48}" = rport=138 | protocol=17 | dir=out | app=system | "{076F689E-8ECD-49E8-A6B7-2C378EFA8001}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{158A323B-9C9C-49CC-88F6-9CD905A9329C}" = lport=445 | protocol=6 | dir=in | app=system | "{1C9DCB09-DDC2-4518-B255-B85D904D8A16}" = rport=445 | protocol=6 | dir=out | app=system | "{378D3547-7232-430F-BB97-950712323872}" = rport=139 | protocol=6 | dir=out | app=system | "{64760F7B-A695-459C-8A9F-DA03B5794472}" = lport=137 | protocol=17 | dir=in | app=system | "{6E1202A5-ACBB-434E-BA4D-CDD4028A90E6}" = lport=138 | protocol=17 | dir=in | app=system | "{713027EE-D076-43AF-922B-152A5683D367}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare | "{9153DF09-CB74-44B5-9907-3A5408B5B33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B226DB71-3A87-47DD-91DF-79157A395E3F}" = lport=139 | protocol=6 | dir=in | app=system | "{EAC019C5-CB53-4DF6-AB6B-176CFF971BC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{EE0D3293-F606-4D14-A416-7A2174A78452}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C0300E0-A979-4BAF-99B6-D1E1A16B62FD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{0F4BC87E-4228-4DAF-A68C-0B4ADE147DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{12A2D350-28D1-4D9D-8529-AB016AB1C531}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{29FF0134-CA76-4EA9-A866-900368701297}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3C88ADDF-D00B-47B0-A939-6529FAB84096}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{44F6BF40-064A-4511-A88A-11F2346325B6}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{450833A5-9B15-4522-A5B8-DAB59789A67C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{5F0717ED-4813-42AF-B6C4-0FC5D9F9227F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{725B2B26-300D-42E2-BC4D-FDCD06C164CD}" = protocol=17 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe | "{78F19545-1C99-4A05-8C12-DC0A101ED625}" = protocol=6 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe | "{7FC539DC-5998-4546-ABC2-AD96E2392336}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{842CF817-E40C-4A33-B135-30D12DC90F21}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{984D4E27-97C0-4E6A-811E-CF5BBEB3E983}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{B0C4A9FA-72B1-4FBB-B296-24B4A5D03155}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{C33B3561-5982-4C24-ACA4-945964DAD405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4C37BC7-AB14-42D3-BAB2-2C8502F01D02}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CBD20412-4AE2-410E-B5BF-E26CD4BCBDCD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D4C0F7E0-D2A5-4F32-BD66-7F5C599ADD23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D7DD609E-67B8-4721-A1F7-AAFEB4DA645A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E612B596-AA13-4AD5-8501-7C1BE788A785}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E7FE9AAF-B804-4E40-B0B7-8B72E9B91ECA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{EC48B1AF-1698-461C-9F67-6C2A96872912}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F849A470-A959-46AE-909C-AF15096DB7A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FFFCBA17-1084-478B-AD4A-BB469A226CD1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04440141-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Professional 2004 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1BA978E7-2F4C-442F-BB58-6DCCC6BB0074}" = Haushaltsbuch8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 7.0 with 5.1ch "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114039310}" = Turbo Subs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114669510}" = Egyptian Ball "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115050127}" = Mystery PI The Vegas Heist "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115430860}" = Amazing Adventures Around The World "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116609607}" = Undiscovered World The Incan Sun "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117327560}" = Kuros "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117398253}" = Build a Lot 4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117673440}" = Hide and Secret 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117770767}" = Every Day Genius Square Logic "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117779147}" = Age of Oracles TM Tara’s Journey "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118514767}" = Youda Fairy "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118753180}" = Agatha Christie Bundle - 3 in 1 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "510005827" = Crazy Rings "510005835" = Oddly Enough - Pied Piper "510006725" = Worlds Greatest Temples Mahjong "510006975" = Amulet of Time: Shadow of la Rochelle "510006978" = Sticky Linky "510006983" = Hide & Secret - The Lost World "510006995" = Isla Dorada The sands of Ephranis "Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "amelie'scafedeluxe" = Amelie's Cafe Deluxe "avast" = avast! Internet Security "Bigpoint_Games_DE Toolbar" = Bigpoint Games DE Toolbar "d0ad26f8b4c2bbee98449bb9fe537b08" = Mystic Emporium "Diamond Caves 3" = Diamond Caves 3 "ElsterFormular 11.2.0.4074" = ElsterFormular "Google Desktop" = Google Desktop "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT) "king.com" = king.com (remove only) "LHTTSGED" = L&H TTS3000 Deutsch "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NetSight" = Nielsen Online "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Online Games Manager" = Online Games Manager v1.10 "Shockwave" = Shockwave "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.8.3.2499 "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Gemini Lost Deluxe" = Gemini Lost Deluxe "Google Chrome" = Google Chrome "Wandering Willows Deluxe" = Wandering Willows Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.04.2012 03:04:47 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.04.2012 03:04:47 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.04.2012 03:04:53 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.04.2012 03:04:53 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.04.2012 03:05:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.04.2012 03:05:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.04.2012 18:00:16 | Computer Name = Edith-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Lara Gates. The Lost Talisman.exe, Version 1.5.0.0, Zeitstempel 0x4e5f5619, fehlerhaftes Modul Lara Gates. The Lost Talisman.exe, Version 1.5.0.0, Zeitstempel 0x4e5f5619, Ausnahmecode 0xc0000005, Fehleroffset 0x00131de0, Prozess-ID 0x12b4, Anwendungsstartzeit 01cd13704caf6380. Error - 06.04.2012 03:54:28 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.04.2012 03:54:28 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 06.04.2012 03:56:03 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 28.10.2012 13:09:05 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:05 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:05 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:06 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 28.10.2012 13:09:07 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. < End of report > Hier auch der eben durchgeführte Scan von Malwarbytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.28.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Edith :: EDITH-PC [Administrator] Schutz: Aktiviert 28.10.2012 18:43:20 mbam-log-2012-10-28 (19-32-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354806 Laufzeit: 48 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.28.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Edith :: EDITH-PC [Administrator] Schutz: Aktiviert 28.10.2012 18:43:20 mbam-log-2012-10-28 (19-32-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354806 Laufzeit: 48 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.28.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Edith :: EDITH-PC [Administrator] Schutz: Aktiviert 28.10.2012 18:43:20 mbam-log-2012-10-28 (19-32-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354806 Laufzeit: 48 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
29.10.2012, 08:28 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton Antivirus Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2012, 14:37 | #9 |
| Home.sweetim.com und Norton Antivirus Gmer ist abgestürzt und beim aswMBR kam ebenfalls die Fehlermeldung (hab ich dann so eingestellt wie du gesagt hast), hier also das Logfile. Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-29 14:33:08 ----------------------------- 14:33:08.177 OS Version: Windows 6.0.6002 Service Pack 2 14:33:08.177 Number of processors: 2 586 0x6B02 14:33:08.177 ComputerName: EDITH-PC UserName: Edith 14:33:09.004 Initialize success 14:33:09.113 AVAST engine defs: 12102900 14:34:00.948 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:34:00.948 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3 14:34:00.980 Disk 0 MBR read successfully 14:34:00.980 Disk 0 MBR scan 14:34:00.995 Disk 0 unknown MBR code 14:34:01.011 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63 14:34:01.026 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238170 MB offset 30734336 14:34:01.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 357302 MB offset 518506496 14:34:01.089 Disk 0 scanning sectors +1250260992 14:34:01.167 Disk 0 scanning C:\Windows\system32\drivers 14:34:13.349 Service scanning 14:34:26.875 Modules scanning 14:34:38.497 Disk 0 trace - called modules: 14:34:38.996 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 14:34:38.996 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c10030] 14:34:39.011 3 CLASSPNP.SYS[8ab9e8b3] -> nt!IofCallDriver -> [0x85c12918] 14:34:39.011 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85bf7030] 14:34:39.027 Scan finished successfully 14:34:49.900 Disk 0 MBR has been saved successfully to "C:\Users\Edith\Desktop\MBR.dat" 14:34:49.900 The log file has been saved successfully to "C:\Users\Edith\Desktop\aswMBR.txt" |
29.10.2012, 15:11 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton Antivirus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2012, 15:40 | #11 |
| Home.sweetim.com und Norton AntivirusCode:
ATTFilter 15:37:23.0292 5916 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 15:37:23.0587 5916 ============================================================ 15:37:23.0587 5916 Current date / time: 2012/10/29 15:37:23.0587 15:37:23.0587 5916 SystemInfo: 15:37:23.0587 5916 15:37:23.0587 5916 OS Version: 6.0.6002 ServicePack: 2.0 15:37:23.0587 5916 Product type: Workstation 15:37:23.0587 5916 ComputerName: EDITH-PC 15:37:23.0587 5916 UserName: Edith 15:37:23.0587 5916 Windows directory: C:\Windows 15:37:23.0587 5916 System windows directory: C:\Windows 15:37:23.0588 5916 Processor architecture: Intel x86 15:37:23.0588 5916 Number of processors: 2 15:37:23.0588 5916 Page size: 0x1000 15:37:23.0588 5916 Boot type: Normal boot 15:37:23.0588 5916 ============================================================ 15:37:24.0736 5916 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:37:24.0852 5916 ============================================================ 15:37:24.0852 5916 \Device\Harddisk0\DR0: 15:37:24.0852 5916 MBR partitions: 15:37:24.0853 5916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x1D12D000 15:37:24.0853 5916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1EE7C800, BlocksNum 0x2B9DB000 15:37:24.0853 5916 ============================================================ 15:37:24.0902 5916 C: <-> \Device\Harddisk0\DR0\Partition1 15:37:24.0929 5916 D: <-> \Device\Harddisk0\DR0\Partition2 15:37:24.0929 5916 ============================================================ 15:37:24.0930 5916 Initialize success 15:37:24.0930 5916 ============================================================ 15:37:37.0713 3908 ============================================================ 15:37:37.0713 3908 Scan started 15:37:37.0713 3908 Mode: Manual; SigCheck; TDLFS; 15:37:37.0713 3908 ============================================================ 15:37:38.0495 3908 ================ Scan system memory ======================== 15:37:38.0495 3908 System memory - ok 15:37:38.0495 3908 ================ Scan services ============================= 15:37:38.0631 3908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:37:38.0734 3908 ACPI - ok 15:37:38.0808 3908 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:37:38.0834 3908 AdobeFlashPlayerUpdateSvc - ok 15:37:38.0867 3908 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:37:38.0888 3908 adp94xx - ok 15:37:38.0909 3908 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:37:38.0926 3908 adpahci - ok 15:37:38.0950 3908 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:37:38.0964 3908 adpu160m - ok 15:37:38.0982 3908 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:37:38.0997 3908 adpu320 - ok 15:37:39.0015 3908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:37:39.0122 3908 AeLookupSvc - ok 15:37:39.0166 3908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 15:37:39.0197 3908 AFD - ok 15:37:39.0212 3908 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:37:39.0228 3908 agp440 - ok 15:37:39.0251 3908 [ 0DEE2B628D4C6E23285BB91EFFDABFDE ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys 15:37:39.0273 3908 ahcix86s - ok 15:37:39.0285 3908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:37:39.0299 3908 aic78xx - ok 15:37:39.0311 3908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:37:39.0386 3908 ALG - ok 15:37:39.0401 3908 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:37:39.0412 3908 aliide - ok 15:37:39.0428 3908 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:37:39.0440 3908 amdagp - ok 15:37:39.0449 3908 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:37:39.0460 3908 amdide - ok 15:37:39.0480 3908 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:37:39.0519 3908 AmdK7 - ok 15:37:39.0531 3908 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:37:39.0562 3908 AmdK8 - ok 15:37:39.0590 3908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:37:39.0611 3908 Appinfo - ok 15:37:39.0626 3908 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:37:39.0637 3908 arc - ok 15:37:39.0647 3908 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:37:39.0660 3908 arcsas - ok 15:37:39.0684 3908 [ 598DAF89E7B2AD88FF6511CB9C4BA61A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 15:37:39.0694 3908 aswFsBlk - ok 15:37:39.0726 3908 [ 1F0A5DE979684ECCA5D3EADC1FD08EC9 ] aswFW C:\Windows\system32\drivers\aswFW.sys 15:37:39.0738 3908 aswFW - ok 15:37:39.0781 3908 [ 026A545EACA7DAC6421D76A81061F5DE ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 15:37:39.0792 3908 aswKbd - ok 15:37:39.0815 3908 [ 7233224B8A2081CDB684826056B89561 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 15:37:39.0827 3908 aswMonFlt - ok 15:37:39.0839 3908 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 15:37:39.0848 3908 aswNdis - ok 15:37:39.0862 3908 [ 3B3BD66FB53E13D1076258408E31BE69 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 15:37:39.0875 3908 aswNdis2 - ok 15:37:39.0884 3908 [ 816C6DCD6BF930C8FD8F68137E1BDDC4 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 15:37:39.0895 3908 AswRdr - ok 15:37:39.0919 3908 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 15:37:39.0948 3908 aswSnx - ok 15:37:39.0974 3908 [ 437E3F4B4529AA616D4979A2B74CF8C5 ] aswSP C:\Windows\system32\drivers\aswSP.sys 15:37:40.0013 3908 aswSP - ok 15:37:40.0020 3908 [ BD07C8162C7FAD38FE4AAAE18E835216 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 15:37:40.0032 3908 aswTdi - ok 15:37:40.0065 3908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:37:40.0098 3908 AsyncMac - ok 15:37:40.0123 3908 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 15:37:40.0135 3908 atapi - ok 15:37:40.0156 3908 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 15:37:40.0181 3908 AtiPcie - ok 15:37:40.0217 3908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:37:40.0249 3908 AudioEndpointBuilder - ok 15:37:40.0267 3908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:37:40.0292 3908 Audiosrv - ok 15:37:40.0337 3908 [ FB05FF189FC5F57DE636315B1F5E56DB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:37:40.0350 3908 avast! Antivirus - ok 15:37:40.0394 3908 [ 353D1D0F7AE900EE8C1FF1A30DE13AF5 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 15:37:40.0408 3908 avast! Firewall - ok 15:37:40.0460 3908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:37:40.0503 3908 Beep - ok 15:37:40.0534 3908 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 15:37:40.0571 3908 BFE - ok 15:37:40.0630 3908 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 15:37:40.0725 3908 BITS - ok 15:37:40.0759 3908 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:37:40.0799 3908 blbdrive - ok 15:37:40.0820 3908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:37:40.0846 3908 bowser - ok 15:37:40.0862 3908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:37:40.0894 3908 BrFiltLo - ok 15:37:40.0912 3908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:37:40.0953 3908 BrFiltUp - ok 15:37:40.0972 3908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:37:41.0017 3908 Browser - ok 15:37:41.0040 3908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:37:41.0179 3908 Brserid - ok 15:37:41.0201 3908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:37:41.0267 3908 BrSerWdm - ok 15:37:41.0286 3908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:37:41.0357 3908 BrUsbMdm - ok 15:37:41.0375 3908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:37:41.0443 3908 BrUsbSer - ok 15:37:41.0469 3908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:37:41.0525 3908 BTHMODEM - ok 15:37:41.0563 3908 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 15:37:41.0577 3908 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning 15:37:41.0577 3908 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1) 15:37:41.0600 3908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:37:41.0623 3908 cdfs - ok 15:37:41.0642 3908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:37:41.0660 3908 cdrom - ok 15:37:41.0689 3908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 15:37:41.0715 3908 CertPropSvc - ok 15:37:41.0729 3908 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 15:37:41.0762 3908 circlass - ok 15:37:41.0803 3908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 15:37:41.0819 3908 CLFS - ok 15:37:41.0899 3908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:37:41.0912 3908 clr_optimization_v2.0.50727_32 - ok 15:37:41.0975 3908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:37:41.0988 3908 clr_optimization_v4.0.30319_32 - ok 15:37:42.0006 3908 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:37:42.0017 3908 cmdide - ok 15:37:42.0028 3908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:37:42.0040 3908 Compbatt - ok 15:37:42.0047 3908 COMSysApp - ok 15:37:42.0057 3908 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:37:42.0069 3908 crcdisk - ok 15:37:42.0083 3908 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:37:42.0111 3908 Crusoe - ok 15:37:42.0154 3908 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:37:42.0180 3908 CryptSvc - ok 15:37:42.0222 3908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:37:42.0311 3908 DcomLaunch - ok 15:37:42.0346 3908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:37:42.0367 3908 DfsC - ok 15:37:42.0428 3908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 15:37:42.0533 3908 DFSR - ok 15:37:42.0560 3908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:37:42.0595 3908 Dhcp - ok 15:37:42.0627 3908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 15:37:42.0640 3908 disk - ok 15:37:42.0659 3908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:37:42.0701 3908 Dnscache - ok 15:37:42.0722 3908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:37:42.0757 3908 dot3svc - ok 15:37:42.0783 3908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:37:42.0826 3908 DPS - ok 15:37:42.0855 3908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:37:42.0887 3908 drmkaud - ok 15:37:42.0949 3908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:37:42.0982 3908 DXGKrnl - ok 15:37:43.0019 3908 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:37:43.0055 3908 E1G60 - ok 15:37:43.0081 3908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:37:43.0108 3908 EapHost - ok 15:37:43.0131 3908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:37:43.0150 3908 Ecache - ok 15:37:43.0208 3908 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 15:37:43.0233 3908 eDataSecurity Service - ok 15:37:43.0256 3908 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:37:43.0282 3908 elxstor - ok 15:37:43.0320 3908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:37:43.0356 3908 EMDMgmt - ok 15:37:43.0368 3908 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:37:43.0391 3908 ErrDev - ok 15:37:43.0447 3908 [ 27D2754314D12EB27D81D462FD0D86C0 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 15:37:43.0479 3908 ETService ( UnsignedFile.Multi.Generic ) - warning 15:37:43.0479 3908 ETService - detected UnsignedFile.Multi.Generic (1) 15:37:43.0500 3908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 15:37:43.0524 3908 EventSystem - ok 15:37:43.0552 3908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 15:37:43.0586 3908 exfat - ok 15:37:43.0615 3908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:37:43.0650 3908 fastfat - ok 15:37:43.0666 3908 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:37:43.0696 3908 fdc - ok 15:37:43.0716 3908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:37:43.0740 3908 fdPHost - ok 15:37:43.0798 3908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:37:43.0895 3908 FDResPub - ok 15:37:43.0921 3908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:37:43.0934 3908 FileInfo - ok 15:37:43.0943 3908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:37:43.0971 3908 Filetrace - ok 15:37:43.0988 3908 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:37:44.0019 3908 flpydisk - ok 15:37:44.0059 3908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:37:44.0076 3908 FltMgr - ok 15:37:44.0118 3908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 15:37:44.0190 3908 FontCache - ok 15:37:44.0255 3908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:37:44.0269 3908 FontCache3.0.0.0 - ok 15:37:44.0286 3908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:37:44.0308 3908 Fs_Rec - ok 15:37:44.0326 3908 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:37:44.0340 3908 gagp30kx - ok 15:37:44.0398 3908 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 15:37:44.0409 3908 GoogleDesktopManager-051210-111108 - ok 15:37:44.0443 3908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 15:37:44.0526 3908 gpsvc - ok 15:37:44.0567 3908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:37:44.0620 3908 HdAudAddService - ok 15:37:44.0655 3908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:37:44.0745 3908 HDAudBus - ok 15:37:44.0767 3908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:37:44.0831 3908 HidBth - ok 15:37:44.0845 3908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 15:37:44.0893 3908 HidIr - ok 15:37:44.0911 3908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 15:37:44.0928 3908 hidserv - ok 15:37:44.0941 3908 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:37:44.0963 3908 HidUsb - ok 15:37:44.0981 3908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:37:45.0012 3908 hkmsvc - ok 15:37:45.0024 3908 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:37:45.0035 3908 HpCISSs - ok 15:37:45.0065 3908 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:37:45.0133 3908 HTTP - ok 15:37:45.0163 3908 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:37:45.0175 3908 i2omp - ok 15:37:45.0197 3908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:37:45.0221 3908 i8042prt - ok 15:37:45.0237 3908 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:37:45.0253 3908 iaStorV - ok 15:37:45.0297 3908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:37:45.0354 3908 idsvc - ok 15:37:45.0392 3908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:37:45.0403 3908 iirsp - ok 15:37:45.0448 3908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 15:37:45.0476 3908 IKEEXT - ok 15:37:45.0523 3908 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys 15:37:45.0534 3908 int15 - ok 15:37:45.0594 3908 [ 8A4341616976E47712B60F18C7049DCC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:37:45.0701 3908 IntcAzAudAddService - ok 15:37:45.0732 3908 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:37:45.0744 3908 intelide - ok 15:37:45.0760 3908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:37:45.0792 3908 intelppm - ok 15:37:45.0808 3908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:37:45.0852 3908 IPBusEnum - ok 15:37:45.0875 3908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:37:45.0910 3908 IpFilterDriver - ok 15:37:45.0936 3908 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:37:45.0962 3908 iphlpsvc - ok 15:37:45.0968 3908 IpInIp - ok 15:37:45.0988 3908 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:37:46.0023 3908 IPMIDRV - ok 15:37:46.0036 3908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:37:46.0072 3908 IPNAT - ok 15:37:46.0090 3908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:37:46.0129 3908 IRENUM - ok 15:37:46.0146 3908 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:37:46.0162 3908 isapnp - ok 15:37:46.0186 3908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:37:46.0203 3908 iScsiPrt - ok 15:37:46.0225 3908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:37:46.0239 3908 iteatapi - ok 15:37:46.0263 3908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:37:46.0277 3908 iteraid - ok 15:37:46.0290 3908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:37:46.0306 3908 kbdclass - ok 15:37:46.0322 3908 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:37:46.0364 3908 kbdhid - ok 15:37:46.0381 3908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 15:37:46.0405 3908 KeyIso - ok 15:37:46.0444 3908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:37:46.0470 3908 KSecDD - ok 15:37:46.0503 3908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:37:46.0566 3908 KtmRm - ok 15:37:46.0597 3908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 15:37:46.0620 3908 LanmanServer - ok 15:37:46.0649 3908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:37:46.0674 3908 LanmanWorkstation - ok 15:37:46.0722 3908 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 15:37:46.0736 3908 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 15:37:46.0736 3908 LightScribeService - detected UnsignedFile.Multi.Generic (1) 15:37:46.0747 3908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:37:46.0782 3908 lltdio - ok 15:37:46.0809 3908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:37:46.0860 3908 lltdsvc - ok 15:37:46.0874 3908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:37:46.0936 3908 lmhosts - ok 15:37:46.0957 3908 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:37:46.0969 3908 LSI_FC - ok 15:37:46.0984 3908 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:37:46.0997 3908 LSI_SAS - ok 15:37:47.0019 3908 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:37:47.0032 3908 LSI_SCSI - ok 15:37:47.0048 3908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:37:47.0077 3908 luafv - ok 15:37:47.0091 3908 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:37:47.0102 3908 MBAMProtector - ok 15:37:47.0145 3908 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:37:47.0163 3908 MBAMScheduler - ok 15:37:47.0185 3908 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 15:37:47.0217 3908 MBAMService - ok 15:37:47.0248 3908 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:37:47.0260 3908 megasas - ok 15:37:47.0287 3908 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:37:47.0313 3908 MegaSR - ok 15:37:47.0376 3908 Microsoft SharePoint Workspace Audit Service - ok 15:37:47.0401 3908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:37:47.0440 3908 MMCSS - ok 15:37:47.0451 3908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:37:47.0488 3908 Modem - ok 15:37:47.0504 3908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:37:47.0549 3908 monitor - ok 15:37:47.0559 3908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:37:47.0571 3908 mouclass - ok 15:37:47.0587 3908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:37:47.0619 3908 mouhid - ok 15:37:47.0632 3908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:37:47.0645 3908 MountMgr - ok 15:37:47.0671 3908 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 15:37:47.0685 3908 mpio - ok 15:37:47.0699 3908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:37:47.0722 3908 mpsdrv - ok 15:37:47.0749 3908 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 15:37:47.0786 3908 MpsSvc - ok 15:37:47.0811 3908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:37:47.0823 3908 Mraid35x - ok 15:37:47.0852 3908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:37:47.0875 3908 MRxDAV - ok 15:37:47.0897 3908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:37:47.0934 3908 mrxsmb - ok 15:37:47.0964 3908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:37:47.0990 3908 mrxsmb10 - ok 15:37:48.0012 3908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:37:48.0026 3908 mrxsmb20 - ok 15:37:48.0044 3908 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 15:37:48.0057 3908 msahci - ok 15:37:48.0069 3908 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:37:48.0084 3908 msdsm - ok 15:37:48.0101 3908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:37:48.0148 3908 MSDTC - ok 15:37:48.0172 3908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:37:48.0201 3908 Msfs - ok 15:37:48.0223 3908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:37:48.0237 3908 msisadrv - ok 15:37:48.0266 3908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:37:48.0311 3908 MSiSCSI - ok 15:37:48.0319 3908 msiserver - ok 15:37:48.0356 3908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:37:48.0399 3908 MSKSSRV - ok 15:37:48.0414 3908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:37:48.0456 3908 MSPCLOCK - ok 15:37:48.0473 3908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:37:48.0502 3908 MSPQM - ok 15:37:48.0527 3908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:37:48.0546 3908 MsRPC - ok 15:37:48.0561 3908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:37:48.0576 3908 mssmbios - ok 15:37:48.0590 3908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:37:48.0619 3908 MSTEE - ok 15:37:48.0638 3908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 15:37:48.0654 3908 Mup - ok 15:37:48.0669 3908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 15:37:48.0715 3908 napagent - ok 15:37:48.0737 3908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:37:48.0765 3908 NativeWifiP - ok 15:37:48.0795 3908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:37:48.0828 3908 NDIS - ok 15:37:48.0870 3908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:37:48.0897 3908 NdisTapi - ok 15:37:48.0915 3908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:37:48.0950 3908 Ndisuio - ok 15:37:48.0967 3908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:37:48.0995 3908 NdisWan - ok 15:37:49.0013 3908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:37:49.0040 3908 NDProxy - ok 15:37:49.0052 3908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:37:49.0083 3908 NetBIOS - ok 15:37:49.0106 3908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:37:49.0136 3908 netbt - ok 15:37:49.0151 3908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 15:37:49.0164 3908 Netlogon - ok 15:37:49.0189 3908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:37:49.0227 3908 Netman - ok 15:37:49.0240 3908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:37:49.0269 3908 netprofm - ok 15:37:49.0282 3908 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:37:49.0294 3908 NetTcpPortSharing - ok 15:37:49.0313 3908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:37:49.0324 3908 nfrd960 - ok 15:37:49.0385 3908 [ 56E7999EE68837453B177298542F5A75 ] NielsenUpdate C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe 15:37:49.0432 3908 NielsenUpdate - ok 15:37:49.0465 3908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:37:49.0499 3908 NlaSvc - ok 15:37:49.0539 3908 [ 59D2B30A1B3D56AE543FEB44D02D22BB ] nnfwdk C:\Program Files\NetRatingsNetSight\NetSight\meter7\nnfwdk.sys 15:37:49.0549 3908 nnfwdk - ok 15:37:49.0573 3908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:37:49.0600 3908 Npfs - ok 15:37:49.0607 3908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:37:49.0636 3908 nsi - ok 15:37:49.0658 3908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:37:49.0689 3908 nsiproxy - ok 15:37:49.0729 3908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:37:49.0787 3908 Ntfs - ok 15:37:49.0823 3908 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 15:37:49.0840 3908 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning 15:37:49.0841 3908 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1) 15:37:49.0860 3908 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys 15:37:49.0871 3908 NTIDrvr - ok 15:37:49.0900 3908 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 15:37:49.0911 3908 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning 15:37:49.0911 3908 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1) 15:37:49.0933 3908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:37:49.0978 3908 ntrigdigi - ok 15:37:50.0000 3908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:37:50.0037 3908 Null - ok 15:37:50.0232 3908 [ 73A70F1D89C942EEDD99A3F10459B051 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:37:51.0286 3908 nvlddmkm - ok 15:37:51.0305 3908 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:37:51.0318 3908 nvraid - ok 15:37:51.0332 3908 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:37:51.0344 3908 nvstor - ok 15:37:51.0372 3908 [ 342FCBF0B293DBEC54B055418DF1EE7E ] nvsvc C:\Windows\system32\nvvsvc.exe 15:37:51.0399 3908 nvsvc - ok 15:37:51.0417 3908 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:37:51.0430 3908 nv_agp - ok 15:37:51.0436 3908 NwlnkFlt - ok 15:37:51.0444 3908 NwlnkFwd - ok 15:37:51.0488 3908 [ 0182074B2B8915C8371EA5A006BAC44E ] ogmservice C:\Program Files\Online Games Manager\ogmservice.exe 15:37:51.0509 3908 ogmservice - ok 15:37:51.0608 3908 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 15:37:51.0642 3908 ohci1394 - ok 15:37:51.0692 3908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:37:51.0705 3908 ose - ok 15:37:51.0812 3908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:37:51.0991 3908 osppsvc - ok 15:37:52.0037 3908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:37:52.0108 3908 p2pimsvc - ok 15:37:52.0120 3908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 15:37:52.0160 3908 p2psvc - ok 15:37:52.0207 3908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:37:52.0269 3908 Parport - ok 15:37:52.0286 3908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:37:52.0300 3908 partmgr - ok 15:37:52.0314 3908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:37:52.0361 3908 Parvdm - ok 15:37:52.0377 3908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:37:52.0403 3908 PcaSvc - ok 15:37:52.0423 3908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 15:37:52.0437 3908 pci - ok 15:37:52.0448 3908 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 15:37:52.0459 3908 pciide - ok 15:37:52.0477 3908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:37:52.0490 3908 pcmcia - ok 15:37:52.0520 3908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:37:52.0614 3908 PEAUTH - ok 15:37:52.0678 3908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:37:52.0732 3908 pla - ok 15:37:52.0782 3908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:37:52.0806 3908 PlugPlay - ok 15:37:52.0820 3908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:37:52.0869 3908 PNRPAutoReg - ok 15:37:52.0881 3908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:37:52.0922 3908 PNRPsvc - ok 15:37:52.0972 3908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:37:53.0041 3908 PolicyAgent - ok 15:37:53.0067 3908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:37:53.0092 3908 PptpMiniport - ok 15:37:53.0111 3908 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:37:53.0147 3908 Processor - ok 15:37:53.0169 3908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 15:37:53.0196 3908 ProfSvc - ok 15:37:53.0203 3908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 15:37:53.0219 3908 ProtectedStorage - ok 15:37:53.0235 3908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:37:53.0259 3908 PSched - ok 15:37:53.0283 3908 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys 15:37:53.0296 3908 PSDFilter - ok 15:37:53.0308 3908 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\drivers\PSDNServ.sys 15:37:53.0319 3908 PSDNServ - ok 15:37:53.0332 3908 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\drivers\psdvdisk.sys 15:37:53.0343 3908 psdvdisk - ok 15:37:53.0385 3908 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:37:53.0443 3908 ql2300 - ok 15:37:53.0477 3908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:37:53.0491 3908 ql40xx - ok 15:37:53.0538 3908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:37:53.0575 3908 QWAVE - ok 15:37:53.0588 3908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:37:53.0614 3908 QWAVEdrv - ok 15:37:53.0627 3908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:37:53.0657 3908 RasAcd - ok 15:37:53.0673 3908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:37:53.0711 3908 RasAuto - ok 15:37:53.0733 3908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:37:53.0770 3908 Rasl2tp - ok 15:37:53.0800 3908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 15:37:53.0849 3908 RasMan - ok 15:37:53.0874 3908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:37:53.0904 3908 RasPppoe - ok 15:37:53.0929 3908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:37:53.0942 3908 RasSstp - ok 15:37:53.0965 3908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:37:53.0991 3908 rdbss - ok 15:37:54.0009 3908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:37:54.0032 3908 RDPCDD - ok 15:37:54.0056 3908 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:37:54.0081 3908 rdpdr - ok 15:37:54.0087 3908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:37:54.0109 3908 RDPENCDD - ok 15:37:54.0144 3908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:37:54.0158 3908 RDPWD - ok 15:37:54.0186 3908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:37:54.0220 3908 RemoteAccess - ok 15:37:54.0246 3908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:37:54.0271 3908 RemoteRegistry - ok 15:37:54.0314 3908 [ A035A7BF5132682F53F1E7B955690CE7 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe 15:37:54.0328 3908 RichVideo ( UnsignedFile.Multi.Generic ) - warning 15:37:54.0328 3908 RichVideo - detected UnsignedFile.Multi.Generic (1) 15:37:54.0351 3908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:37:54.0365 3908 RpcLocator - ok 15:37:54.0388 3908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 15:37:54.0417 3908 RpcSs - ok 15:37:54.0423 3908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:37:54.0449 3908 rspndr - ok 15:37:54.0456 3908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 15:37:54.0471 3908 SamSs - ok 15:37:54.0487 3908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:37:54.0499 3908 sbp2port - ok 15:37:54.0533 3908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:37:54.0562 3908 SCardSvr - ok 15:37:54.0592 3908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 15:37:54.0618 3908 Schedule - ok 15:37:54.0638 3908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:37:54.0658 3908 SCPolicySvc - ok 15:37:54.0684 3908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:37:54.0714 3908 SDRSVC - ok 15:37:54.0734 3908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:37:54.0789 3908 secdrv - ok 15:37:54.0802 3908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:37:54.0836 3908 seclogon - ok 15:37:54.0851 3908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 15:37:54.0896 3908 SENS - ok 15:37:54.0911 3908 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:37:54.0970 3908 Serenum - ok 15:37:54.0989 3908 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:37:55.0037 3908 Serial - ok 15:37:55.0059 3908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:37:55.0082 3908 sermouse - ok 15:37:55.0099 3908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:37:55.0126 3908 SessionEnv - ok 15:37:55.0138 3908 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:37:55.0156 3908 sffdisk - ok 15:37:55.0168 3908 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:37:55.0190 3908 sffp_mmc - ok 15:37:55.0203 3908 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:37:55.0225 3908 sffp_sd - ok 15:37:55.0242 3908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:37:55.0282 3908 sfloppy - ok 15:37:55.0298 3908 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:37:55.0336 3908 SharedAccess - ok 15:37:55.0362 3908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:37:55.0380 3908 ShellHWDetection - ok 15:37:55.0397 3908 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:37:55.0410 3908 sisagp - ok 15:37:55.0421 3908 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:37:55.0433 3908 SiSRaid2 - ok 15:37:55.0450 3908 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:37:55.0463 3908 SiSRaid4 - ok 15:37:55.0540 3908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 15:37:55.0739 3908 slsvc - ok 15:37:55.0802 3908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:37:55.0826 3908 SLUINotify - ok 15:37:55.0863 3908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:37:55.0941 3908 Smb - ok 15:37:55.0977 3908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:37:55.0994 3908 SNMPTRAP - ok 15:37:56.0006 3908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:37:56.0020 3908 spldr - ok 15:37:56.0046 3908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 15:37:56.0074 3908 Spooler - ok 15:37:56.0101 3908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:37:56.0136 3908 srv - ok 15:37:56.0158 3908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:37:56.0181 3908 srv2 - ok 15:37:56.0206 3908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:37:56.0228 3908 srvnet - ok 15:37:56.0249 3908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:37:56.0291 3908 SSDPSRV - ok 15:37:56.0311 3908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:37:56.0332 3908 SstpSvc - ok 15:37:56.0364 3908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 15:37:56.0404 3908 stisvc - ok 15:37:56.0452 3908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:37:56.0466 3908 swenum - ok 15:37:56.0494 3908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 15:37:56.0525 3908 swprv - ok 15:37:56.0535 3908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:37:56.0549 3908 Symc8xx - ok 15:37:56.0568 3908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:37:56.0583 3908 Sym_hi - ok 15:37:56.0603 3908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:37:56.0618 3908 Sym_u3 - ok 15:37:56.0647 3908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 15:37:56.0736 3908 SysMain - ok 15:37:56.0763 3908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:37:56.0787 3908 TabletInputService - ok 15:37:56.0821 3908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:37:56.0866 3908 TapiSrv - ok 15:37:56.0879 3908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:37:56.0927 3908 TBS - ok 15:37:56.0969 3908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:37:57.0031 3908 Tcpip - ok 15:37:57.0085 3908 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:37:57.0123 3908 Tcpip6 - ok 15:37:57.0143 3908 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:37:57.0169 3908 tcpipreg - ok 15:37:57.0190 3908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:37:57.0234 3908 TDPIPE - ok 15:37:57.0257 3908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:37:57.0303 3908 TDTCP - ok 15:37:57.0330 3908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:37:57.0372 3908 tdx - ok 15:37:57.0390 3908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:37:57.0408 3908 TermDD - ok 15:37:57.0431 3908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 15:37:57.0506 3908 TermService - ok 15:37:57.0537 3908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 15:37:57.0562 3908 Themes - ok 15:37:57.0575 3908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:37:57.0611 3908 THREADORDER - ok 15:37:57.0657 3908 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 15:37:57.0672 3908 TomTomHOMEService - ok 15:37:57.0693 3908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:37:57.0742 3908 TrkWks - ok 15:37:57.0780 3908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:37:57.0813 3908 TrustedInstaller - ok 15:37:57.0830 3908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:37:57.0868 3908 tssecsrv - ok 15:37:57.0884 3908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:37:57.0900 3908 tunmp - ok 15:37:57.0932 3908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:37:57.0953 3908 tunnel - ok 15:37:57.0973 3908 [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport C:\Windows\system32\drivers\tvicport.sys 15:37:57.0980 3908 tvicport ( UnsignedFile.Multi.Generic ) - warning 15:37:57.0981 3908 tvicport - detected UnsignedFile.Multi.Generic (1) 15:37:57.0999 3908 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:37:58.0017 3908 uagp35 - ok 15:37:58.0043 3908 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 15:37:58.0056 3908 UBHelper - ok 15:37:58.0092 3908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:37:58.0120 3908 udfs - ok 15:37:58.0147 3908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:37:58.0198 3908 UI0Detect - ok 15:37:58.0214 3908 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:37:58.0232 3908 uliagpkx - ok 15:37:58.0252 3908 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:37:58.0268 3908 uliahci - ok 15:37:58.0279 3908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:37:58.0290 3908 UlSata - ok 15:37:58.0304 3908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:37:58.0318 3908 ulsata2 - ok 15:37:58.0327 3908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:37:58.0363 3908 umbus - ok 15:37:58.0384 3908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:37:58.0424 3908 upnphost - ok 15:37:58.0442 3908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:37:58.0469 3908 usbccgp - ok 15:37:58.0483 3908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:37:58.0530 3908 usbcir - ok 15:37:58.0549 3908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:37:58.0573 3908 usbehci - ok 15:37:58.0591 3908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:37:58.0621 3908 usbhub - ok 15:37:58.0633 3908 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:37:58.0653 3908 usbohci - ok 15:37:58.0663 3908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:37:58.0695 3908 usbprint - ok 15:37:58.0705 3908 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:37:58.0727 3908 usbscan - ok 15:37:58.0738 3908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:37:58.0782 3908 USBSTOR - ok 15:37:58.0803 3908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:37:58.0833 3908 usbuhci - ok 15:37:58.0859 3908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 15:37:58.0880 3908 UxSms - ok 15:37:58.0909 3908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 15:37:58.0959 3908 vds - ok 15:37:58.0986 3908 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:37:59.0021 3908 vga - ok 15:37:59.0039 3908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:37:59.0063 3908 VgaSave - ok 15:37:59.0082 3908 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:37:59.0094 3908 viaagp - ok 15:37:59.0110 3908 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:37:59.0134 3908 ViaC7 - ok 15:37:59.0152 3908 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:37:59.0164 3908 viaide - ok 15:37:59.0180 3908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:37:59.0192 3908 volmgr - ok 15:37:59.0219 3908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:37:59.0235 3908 volmgrx - ok 15:37:59.0266 3908 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:37:59.0281 3908 volsnap - ok 15:37:59.0298 3908 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:37:59.0313 3908 vsmraid - ok 15:37:59.0351 3908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 15:37:59.0417 3908 VSS - ok 15:37:59.0459 3908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 15:37:59.0485 3908 W32Time - ok 15:37:59.0503 3908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:37:59.0547 3908 WacomPen - ok 15:37:59.0569 3908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:37:59.0598 3908 Wanarp - ok 15:37:59.0603 3908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:37:59.0625 3908 Wanarpv6 - ok 15:37:59.0642 3908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:37:59.0688 3908 wcncsvc - ok 15:37:59.0723 3908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:37:59.0765 3908 WcsPlugInService - ok 15:37:59.0783 3908 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:37:59.0797 3908 Wd - ok 15:37:59.0829 3908 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:37:59.0865 3908 Wdf01000 - ok 15:37:59.0901 3908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:37:59.0942 3908 WdiServiceHost - ok 15:37:59.0948 3908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:37:59.0976 3908 WdiSystemHost - ok 15:38:00.0003 3908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 15:38:00.0021 3908 WebClient - ok 15:38:00.0041 3908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:38:00.0060 3908 Wecsvc - ok 15:38:00.0070 3908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:38:00.0092 3908 wercplsupport - ok 15:38:00.0110 3908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 15:38:00.0133 3908 WerSvc - ok 15:38:00.0164 3908 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:38:00.0178 3908 WinDefend - ok 15:38:00.0185 3908 WinHttpAutoProxySvc - ok 15:38:00.0217 3908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:38:00.0236 3908 Winmgmt - ok 15:38:00.0278 3908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:38:00.0379 3908 WinRM - ok 15:38:00.0435 3908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:38:00.0475 3908 Wlansvc - ok 15:38:00.0500 3908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 15:38:00.0524 3908 WmiAcpi - ok 15:38:00.0556 3908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:38:00.0579 3908 wmiApSrv - ok 15:38:00.0605 3908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:38:00.0677 3908 WMPNetworkSvc - ok 15:38:00.0707 3908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:38:00.0732 3908 WPCSvc - ok 15:38:00.0752 3908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:38:00.0783 3908 WPDBusEnum - ok 15:38:00.0843 3908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:38:00.0879 3908 WPFFontCache_v0400 - ok 15:38:00.0902 3908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:38:00.0938 3908 ws2ifsl - ok 15:38:00.0972 3908 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 15:38:00.0989 3908 wscsvc - ok 15:38:00.0994 3908 WSearch - ok 15:38:01.0160 3908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:38:01.0302 3908 wuauserv - ok 15:38:01.0325 3908 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:38:01.0354 3908 wudfsvc - ok 15:38:01.0389 3908 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 15:38:01.0417 3908 yukonwlh - ok 15:38:01.0439 3908 [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport C:\Windows\system32\drivers\zntport.sys 15:38:01.0452 3908 zntport ( UnsignedFile.Multi.Generic ) - warning 15:38:01.0452 3908 zntport - detected UnsignedFile.Multi.Generic (1) 15:38:01.0456 3908 ================ Scan global =============================== 15:38:01.0474 3908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:38:01.0502 3908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:38:01.0536 3908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:38:01.0569 3908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 15:38:01.0586 3908 [Global] - ok 15:38:01.0586 3908 ================ Scan MBR ================================== 15:38:01.0601 3908 [ EF9CDC51B437D322D54016B68F003416 ] \Device\Harddisk0\DR0 15:38:03.0942 3908 \Device\Harddisk0\DR0 - ok 15:38:03.0943 3908 ================ Scan VBR ================================== 15:38:03.0946 3908 [ E248D45138BE7EE37337D9281B61475A ] \Device\Harddisk0\DR0\Partition1 15:38:03.0948 3908 \Device\Harddisk0\DR0\Partition1 - ok 15:38:03.0972 3908 [ 7F832EBCCC8E8ECF76AD66C893C5BC8D ] \Device\Harddisk0\DR0\Partition2 15:38:03.0974 3908 \Device\Harddisk0\DR0\Partition2 - ok 15:38:03.0974 3908 ============================================================ 15:38:03.0974 3908 Scan finished 15:38:03.0974 3908 ============================================================ 15:38:03.0991 4728 Detected object count: 8 15:38:03.0991 4728 Actual detected object count: 8 15:38:36.0461 4728 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0461 4728 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0464 4728 ETService ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0465 4728 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0468 4728 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0468 4728 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0471 4728 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0471 4728 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0474 4728 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0475 4728 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0478 4728 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0478 4728 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0482 4728 tvicport ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0482 4728 tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:38:36.0485 4728 zntport ( UnsignedFile.Multi.Generic ) - skipped by user 15:38:36.0485 4728 zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip |
31.10.2012, 14:32 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton Antivirus adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
03.01.2013, 15:07 | #13 |
| Home.sweetim.com und Norton Antivirus Hi Cosinus, so nachdem ich mal wieder bei meinen Eltern bin und feststellen musste, dass sich mein Bruder nicht wie gebeten um ihren Rechner gekümmert hat... bin ich mal wieder dabei. Dein letzter Post sagt ich soll den ADW Cleaner downloaden, muss ich jetzt vorher nochmal was anderes machen, oder können wir an dem punkt weiter machen? Der Rechner zeigt noch die gleichen symptome wie beim letzen mal. ich hab den AdwCleaner nun mal laufen lassen und poste dir das Ergebnis nun schon mal ohne deine Antwort zu kennen. Code:
ATTFilter # AdwCleaner v2.104 - Datei am 03/01/2013 um 15:17:39 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : Edith - EDITH-PC # Bootmodus : Normal # Ausgeführt unter : E:\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Edith\Desktop\Search The Web.url Datei Gefunden : C:\Windows\system32\conduitEngine.tmp Ordner Gefunden : C:\Program Files\Bigpoint_Games_DE Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\ProgramData\iWin Ordner Gefunden : C:\ProgramData\Trymedia Ordner Gefunden : C:\Users\Edith\AppData\Local\Conduit Ordner Gefunden : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Ordner Gefunden : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Ordner Gefunden : C:\Users\Edith\AppData\LocalLow\Bigpoint_Games_DE Ordner Gefunden : C:\Users\Edith\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Edith\AppData\LocalLow\ConduitEngine Ordner Gefunden : C:\Users\Edith\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Edith\AppData\Roaming\iWin ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Bigpoint_Games_DE Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FB697452-8CA4-46B4-98B1-165C922A2EF3} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bigpoint_Games_DE Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} Schlüssel Gefunden : HKCU\Software\SweetIM Schlüssel Gefunden : HKLM\Software\Bigpoint_Games_DE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0D6377AE-E658-438B-86CB-3E391E222697} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2843456 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E1BF2A3-E2F2-42D6-8D53-5E91145FFAA5} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91B40B02-2E6E-4ABA-B801-394F7FB67252} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E3DBC69-A682-48DA-84E1-82C63A5D678E} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D6377AE-E658-438B-86CB-3E391E222697} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00e1b559ced624f1a3ef930630c2d865 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\014247aa6684667a1a6cb0649a76f2b1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\02bf65d645994df0ab711ea0e293f29d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0376013e604e0b4b294e2c4dee4619ee Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\04220b3d475d34046c07d6c88393c6ae Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\057c882e103cd9589befac1883d55afa Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\05a245f300cbbd4d08570a384a12266a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\05ea5bdc3f82769bb2eeb89a386bc782 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\07d6cf989c5f059b3f8bcdfe40ef602c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\08ab9cbf5344299c7d466bd8e94d7e0a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\09edeccd5d83ce98357d9c9991943252 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0adcb073481050cbb1b7b4175b8e6588 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0af1005bb5d169e13b87405110fa5ef6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0c6992c24d5411a5081752bd53f1477e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0d493cf1ad29a3b70fa8ed923dcd00cf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0e246099ed902dfce12f78e15c73590f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0f99af491aff00c16d849d3fe4096272 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0fd0f6b44956cb2766bbd2c1777f3eb8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\106b85ae83d539b13f7d9b3d85969b2f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\10888a5b8643982a1f8e7de8c303ccbd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11325312fbcca72c44e7b1d79ff1d91a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1162837562abe15d1f81648f0bf48c9a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1165ec625d3e139776a56cf67f3d6120 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\124154c710f34c2474907671b8f8d183 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\13049109b58c0d3b0b2dde8ad176c8be Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\139391eab118382ba57764aed1efc415 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\13992c6e5ee111d5353a87e99437fe05 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\151910def50927b17077484b701c0e7d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16029eb9b71484ce74db737c7af8be19 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16e88445017ad311f6ee00aa68ad2f53 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\17435ae919ade1a7a5ad799e118be3ff Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\17687044a0d8ac2e646c61a964a4b542 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\176aa715340657344ab3186f2a18bc6f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\181b963359067c16a71d29c79f05dcc0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\18278aee4149e8f4ef69c5850e7520cf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\182cbaeb29e16344e6068a8f7880ee1f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\18fde4a01007ce9439cb02fb04abeb36 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1a6860eb24d1408da168a07da9d8fbdb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1b7bca932e8e58197c81aef12b0aeb51 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1cc8d8bd45a3736808a050a1ec834a7f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1daa2201c34811fab931e7d9e24e8bab Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1f61e7ec2576786d48806290a053bfc4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1f94e3503efccce0a4a7b6aaa3e4966e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2158fc2337e2d7fc47cbdfe0e2d81acc Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\22ae7ae20bca60d6b860e5b4c7b732da Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\234f2db111d5257db058c4a7a67bbdf8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\253042ea9cb0f11924b0565b43ad207a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2546bbc711ce5fa2f9007029f8f41a40 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\26262d06e9eb8c338e30052561cdebf9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\269bc42580c75874604de6aabd7493b1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\271fd06e44020a7a4aeaf9c9e14f84d9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\289a1f7f4e306bd2cfd29deb7953aaf2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\28a30c291dd46a8ea81af217e55f07d0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\291f2434253d459d7bccc321e67eecec Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\296ecb9fc13764e0230ab0c5473bcbdd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2997096f191e156e0bd9d4b2df6615f2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b51f04928bae3f46132cd762d65793e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b6ef53c8be587bac43502dbd99083d3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2c403620cd48401a3145a4d7e035a8be Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2d7b387535d20c673575b79c6f81e85b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2e73ddef438329af74a9f65da2854cf8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2e76f555ba3c48d5febe6f629efe4b04 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2f67f0bcfdb22734dcc9aeb05adc571f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2ff5c2a2a6aedcc826318e2ff538b3ba Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\306339fc7e9aaa3081845b0fafe0a749 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\30d1f9df6e6bc9f26b2b50f5c59a2dfb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3117e5a058258a628389ce9ce6e48899 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\32299b1241ce153602d531040bd52cd4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\325569938ff50c58c55f13c8ab650131 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\33b709e6d787d5e9ad13c6d2e7561ee9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\34eaf87e3d1c24ff16de0a4f63ebf4d5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\351e339326ab9d6f3dd0d8125eae7347 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3569f141f918485bad7c95db3c5634f9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3579ddfd54c5f785ab5b7ad236e820d2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\35aefe586be6c37117d9ba273996dd43 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\37e10e4eaf44e0b4f634b76a940b6c2d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\392ba32b43af5a364c6b8a1860db5821 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3b39a580e29238f298e9acef5ee89895 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3bd6085ebcbece804b58ed374c123eed Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3c1e9102e37066ea59a11eb8e457c538 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3c5ae2f8642e34b5ed77d3a9ce2f38aa Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3c6518896eaed5bca9bc15359c93214f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3c8f832a24987a30adf8e9147475f954 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3cb1e59e3f781367097efff509bd1537 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3cf9394bb563d58bfa5096cb7f7afbc8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3d240b89e6b43faa69c1111923dcfa2d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3d25bed01b591f56276c095686a8cbac Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3d6a0fd7d50d9d5415e8469c14994675 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3d9bb6f7c8c05e39b710a5f836304e5a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3dce5944431156c5fe7e1b7de9b8349c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3ddd5ff4440c4d302b788f62232b6777 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\40cc73d9b0e87fa550d9782c60c15533 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\413e9c1f7ba7850ebd0333569b38edc5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\41aa27a9faf6b15693cebb87ccf93d67 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\423ec29fab27f6e2f661c7bb6c1da0c8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\42b10e78bfce371ba8e27bf741d8f884 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\43553c524e6061eba688e14da37a60c0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\43a2de983fdf705ec26cae90d18ae727 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\43dce29cfe68202d94002ef8c63c0fbe Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45b3610e9ea2612f552fc6d784acaa36 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45c023a4ea225afc375e1c5d3c061dcb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e12825b160579182be32e117908b5c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\46d948619265fe329bdcead717ccea2f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\471ba6cd33131738cf23e42fb0ab4663 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\477ddef69c1f5f948c934c84eb573b5e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\47f3fb5508a5d1441e6fe813b4135c5f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\48f6e89a797a5cfede263da0af1b2b9e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\49a213cae8c161bbc6283bb92a2911cb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4aeffab8a8c3ec7a5a93e7cf705ab2af Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4c11b52be6506492b1916ad45d6be024 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4c2650c511b32052b3ea2f2bc2ada406 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4c8bcaea192ff95078a4791d7d80e13d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4e22301604a3a670489ec087182c3f06 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4e23c238b344d82a7faaf1494690f46f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4e37bd09df0b501e93734444fb8cdc07 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4eed420afb59b307ce0db3d79b957aef Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4effc537753f11aa3e22e5e228023e7c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\50116be4cf279d7647d17eb0c3223d70 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\522905884c7f43e562d60cb52a53ffc9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5230c37c45a6b65fb90ac0e374480681 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\55a745e2adb3fde72f09d82e3f341b08 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5639b1fad48fcb9c53127645315023fd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56a33af394bc3377592ce7cb81fc57d0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\57326bc7834f0e00393c951940d1434b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\57ba3f53445489d370f4fd720039d66b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5836b121df832989d8645df4169ace0a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5b301c8ce8ee9659ef55dbc14703bf44 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5cbcf11a490d1678b3560e8983c718a7 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5e0945296ba275875c8dd1e439d3edbf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5e5ff56847becc5026ea09356e60c70c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5f99b19701411b5b611d3bb2ee2d2b68 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5ff194752835a6fc03805ee8491efcc2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\60cd22a3127c1cc8fd38a8d878c7071f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\60cedf44a24ae5bc6c4ff75e86f36b06 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\61cbfe06316f53e1c8518aee65463f2d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\61f6d19a00f59fc4d27e8eb21f84b843 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\635f4d5c8f14d472ee7b8f16b2e99bbe Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6397f6165463b131a2b4942ad60a5df8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6446c312450fd427c4f7551cf20ce3ae Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\65df6446db757f428ab8c929827ab03b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\666888ec6a50632cb5dd620f18da86cc Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\66db8e62cf0f1ce07680a7bc11555b35 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6705ae1f3da4b4f6b0111b3b060d6e9b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6708a40481812f7b6411c106621ddd31 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6729c8094a6a3b5a6abc86f976924cbe Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\678d7e1d45224cab05717f206d3fb25b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\67e5d2ae09a0f7f7e8a0d2766fb5acb7 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\68a0880c89e76dd899e0dbc4efe1cda1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\697b5ff6c1ec62038e8d61209bc5b894 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\69e2f5cc670c6e6287f53adfe469fbb2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6a6097d0dea833d0214ccfa7c5cd7176 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6ad7899c318eaf3ec3c5fdb85ece0524 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afe50de9e18cca03f159da105f3dc10 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6c75f92a6dfe86ddccc56157a58bf4e9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6e9626d7f3447702b5661b801c9fbc95 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70b76023a3ddc11710578e44672821c2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\713520d164215414124cf835cf12f18a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\718d12a9362689dd7bb4e6467d30994d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7290350c215a1c496a9dcc5bdb4f18b5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\72baa5516b21d0e55eb8ddff53046e92 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\73e8da76c041545a75a93a83ac3b7c43 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\73fdc4e3610f9d8ceb6657563a4edaa7 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7466c8e5f9dbf3dc2c9340b688c393b3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\747195eaea84191f99837a0096920c62 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\74d96a04121039bc879021757c9779d8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7678f2885f11f24562a4f5a474e8c0a6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\76b63e7fe0fc8747db2c74e2b5aec244 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\770f4fed8b0399cde2b6c8829b750439 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\772ca1b4cfec1273789e8ea562455ac1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\786908f419ff1a7e4c2b7eb1bf2ec204 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78a6b53ed6faf3bd24ac28dbeb5cde01 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\78dc5179eaa99267fa9b0d3b99562fa0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\79445319d1160bb762f86e17d5887e1b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7992daaf908e8e9d112e37a4588a4c4e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7a89af5716b75390b9bbc95d4ed03a4a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7b279fce8b9d0ab06093a67a8a794224 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7c9c1bffb57f1000a4e856bc3ac10962 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7dd60215c3d8cffbd06672b0367fb333 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7dd85f6e307e66d9ac9603da5b928215 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7e11af21bcb249877171dd973aa23cf6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7efeb9935159a92ad4e101276c2a02bb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7f7c3e80a2874a12de71660ab6b64cf3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ff0b1b72a74bdf5488c7464ef1b606e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8207cdb33866eea9d9b08268c0d61fa2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\826ab6f0395d85256a88547e0cd988bf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\827bc50d929d3142db3db7d83e32ee38 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\82bc3cbda6901a08f61c03cdf2301e70 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8352ffee66421e4f1f82228ec726498a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\835602981aae4bf1bc1ff3a182ab991c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8397e6a20ce644b4673f26d56b4b7f31 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\83c898e9263916123458b0e2f3518c62 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8457237efec07770b6e3b130aaa0ec9d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\84cb41c798293c618d90d611dcf85607 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8617b280ce3d8581e46e17e0197f18ad Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\86dcd08c485560adeb3e20f4268c273e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\88f158cb2805a52a4032207bec2bd9c9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8b567f6f25e6a3d6abf028aeb1d36a31 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8b9f129ce2fc50581550300def4096fc Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8ba0281c26cce311ea8876194c2cca4b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8c73f5764e9fe1888d67d186db4df253 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8d010cd5a14870411b985b9380d151f1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8d34dcbf4d969d9461fc5f65d73c6c57 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8f4eeb8f19c703c870e9805dfadc343c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92e6403d1dd3b3d683753ae3cbc5c9a0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\93089dc81e08bdcfc15fb39117c66117 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\94026ad2e6d719179a68f94cb9fb25f4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\94a888f0cc14f46f31dbe64760d265e3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\951e8e9b5071a0be49c3397471682c1c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\970422b33ac557118989a5a968fba920 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\97aa6660c2eb5d7678ec45247eba5328 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\97c729204bb11c03f1a73996b7eeab21 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9827693c674f0e9c022217c8990a70bc Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\989488a56fa041e1f64e1f57f1c35f9d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\991f99f096d8e5496b7bc09fa0270ff4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\997f0cf6c175a5a902a9b866c3367672 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\998a6e19dcb96681ff0907f0379d97b6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9a0330bf9b61721724f9d5ce6a50fbb4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9ac1643eb7e8f26282321d12c5baf3bb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9bfa59cd9387022c9df48f096691c809 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9c9c5338e0567bbe27cc20b4e137575c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9e355f5d79e9bfe6c16a3c3e03255ace Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a0a2618df2ff10438b6252fd72cf47b1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a16c96001b7336d3f47b42e6e9f29eb3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a17fb27351279b6fe4586668f874a341 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a1a101f30f5b601361515c8f8f1ff2a5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a271cc6b77ac1a656f0ce84536bd92fd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a2d4cc8b39cb20b9d1ac5da7e5d9ae89 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a32bdc26715a658db8a3a83728f65a6d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a4e02b1a3f0af5eacacb28fd9ec66a68 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a5c20e9a5fdba5e0e7c53cd440c0f550 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a5ca1c6c4feb0b356ccfb636f44b4f77 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a63cb40de598f8262bd8ace6002eda2e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a69062b89c30ed42468ecdfcceb1ff58 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a6fd6c4342f11477142aa13a2d4a6901 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a74bf894030acb7ac2bd7564ff2d97a5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a777c78c9146e4f45fe2f83e9aed40e6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a78dac81f21286a9f5ebf5e45939c7ee Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a7d6a8b7310cd2714b7cd7402a53c2a8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a825afb2697bb77a7d4b3642dac0df8f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a8f1d0bcd4b9b29c92d0e8dc4789ae27 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a90308deb488b90b0543ff928e822886 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a94cfec0f7ba1b87f53f8e28012731f7 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa47603f119b46e5131391fb9bfb05cf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aab6280399726c8989597e722cf7d817 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ab4453330c5c346fb68c5aeb893ec52a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\acb4d43cb13748f0de98ee93a416e523 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ada537fcf303021844317a63bfda5913 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ade3fe09e36103d093c6645eeb8f4e7c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adfb4a5cc879860f0bed0174db0d1be3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aef5a9657cfa26e443c05396ad19fd45 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aefc89c74a022e0ea17e0b0162a69c28 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\afb0d8a873f1310ba3407f1f7b63f462 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b0410d01ae8e35678d1e63e8f89099aa Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b0e75ac12f880fb0187f87dd7ab867b8 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b18c34a406d214d888e13d82a8012b1c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b25edbb15a5d509921d3e65dec17a3ed Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b2da15c36e2b63d8436b7a24207fcd29 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b30f9ae43e897553d04c7f2cfac6f3ff Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b344d627364ac71e5c2cc5782c4aa312 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4291d6d7c9a1f520cfd708e28b2ba30 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b6496738c533a699d9fd84019cbbb409 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b66f63d81b4fe553a19b99f1c66ce1fd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b69241404897e9d5e82a784891295943 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b71e06c6295af9b9f75fcfc123e2928b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b78c8d913ae136387442e0609b8898e4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b863b10f162295618688a9fbd43f290f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b90ce29cf478a8fb9bbac8adf6878013 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b9a1d34ea5d250cf97c89f6259b235a2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b9c1511e23aafcf04319e3a1ffaa182a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b9c537df522b7530c37f545bf9e46f8e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ba26ac7b8de4f51a8bd11dee6334e370 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bab3573d4d9b902ade5e750cb61a6c3f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bc1946cb4508c2f2d50782d5b0ef9b50 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bc79366f42827fe0504765ca103ab3cd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bc824e8e93a63ff6625394a6ca700d2f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bcb57787f07de542295cdd37d7b208aa Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bd1a1f16cb175a721d7add372740fd2b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bd2f9de62eb6554c561207a752e73b85 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bddc84d8532d2a1cfc81cee637a2272d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be34dc910c6b59eef85bb3d69e6d4dcd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be6ab7ef2720f6472c3ca6535ec90e2f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bed362e778ff6452d844eb92def7ff8b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bf28585d035ebda81d8dad6bba4b578b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bfcba5e185dcadebf291762490f98a06 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bfe812881dce3f50b0b3a8a50ef99ae5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bigpoint_Games_DE Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c0208e2cd329954d4577af5927c2251f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c0d72b740a43567a06dfe7b5224cb107 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c0ddc7391c2206c4ef46a60e81fd7b22 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c1abac18d5e13c3266c8783d32b97e5c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c1e0825237035e41578235c690260f75 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c2df1ee061daacfe2a406dc3b3a3a3e9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c381d702bc2676a35e6dfb2e3dbc2136 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c40ba4951166b25188105b97864d7512 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c664cf804326a3d82a947929ca42bbed Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c6aa27fd20b4ce3bd40a6e91b5892168 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c7bdf000efa3f2f32977d770027a79b4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b68857e9c3ba1a5ed9a1c6b50209c0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9d31884ce42e5f1b44a7ee2534efc52 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9da0260b146f45e13d1f4130ff849df Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9fc4ddfc18ce28c6b91574e48c1ed01 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ca255af5cb6e1e0d58703a1c3cb68ab0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ca67c40049541084a074b894ebbd9339 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cb17b1142fa287e9a7421ae36c2d1cdf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cb190d64a8a5519d00c138dd283bc4b5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cb1a5afad7706cb07fe9f1c363f95469 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cd2687ed9cb8e326a2e0fd992f08c18c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cd50fcf2fa979c22ba6eff7bb7460b7a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cd7913543af33219d56ad2719d852e0c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cda6c19e0b22721a6a5512e6dd48fc8b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce6de3d80f47b5251fdc89bac7ce2493 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cee92db041d5906bf5d0aed40a5eea58 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf6e38019d336eeedc346759493bd1f6 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d0ad26f8b4c2bbee98449bb9fe537b08 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d0f64871084b88bc004f8a63130a691f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d29220003a0ea3b8d3f2a89b09479459 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d33cd9870bf3cfce8e8576a746fb4aff Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d3e34edbc4e705f32b1886f020982e50 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d4bf59ffab632c190ac4b5b18352daf2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d5a7490122d345d97667274c68c8a828 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d6114b77d0bfac9b2f3ff09a5766658b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d651238e74d032648955f69331eace22 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d76b76d8965ca413ab169999e07df4f2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7879d2f63b407e6e57379f06dc1aa78 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8070d7e8c4274252401fb288a234cd0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d81afa1ea41cb6f904a9dd1e78a7a567 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d826ecda1f039b32feb97b6d5cbbaa08 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8dcfd372189508fa2b61e7cd2357f50 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d93a1c6595d22217f20ed1c5e9653db9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d93b5ebe950ce6da0abf14a6dda77cde Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d98f52976e41632129699108bd8e3418 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\da4f42c103308f853d4bf9f8d74a3867 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dd557eeb5183d25fb04a56ad822c3892 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\df6388156c61ad40a17847927787c4bd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e021185b80aa484806a106e0f5a59d43 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e07659f36e65d6adb22c8f4b548bb42c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08c82c87e91a23ce17f319e290420fd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e17b8341209b0b0eed0c2d6a0efd16ee Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e39774d1ce03b1a97c606f8ed7d1a04d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e3b2ba44533323c1275d594a526fa9ee Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e4ca13f016c650b1f2072aee3cee37fd Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e50958c0e0cb7acb43f66d5398e0f258 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e5512dab491648d446cf7dc420d66387 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e5712b4fb8d990849dcf68488bfc982a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e5acbe65a254f8240b2d6cd1299a195e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e64b7c18a9cb9917f521c6e69f5b7fdf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e65f7f34c3d171b5ae11c4e3f8a0300b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e6aff4f81160413deb91cdeea0f98f4f Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e76a332bb178fecd32a78a3fffa62d0b Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e7b9ee1f8e59f55a9cbff28b7ddd7e73 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e8d5b7bf5a6bf65977cb25793049512e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e9cf750b4c09f6d0f569578192ee0511 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e9e5d26c9c08ebd9e5b3f7fd3ab6f04c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ea896d0011037d5c7d4ad5657b8283a0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb0afb25bbcbce3e9e03d77b4bc59e60 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb23d6bafee0a77e02ed8543c655bee2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eb5486530c957e82d3ca8661e6123465 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ec2e3c5059cc4f06bf348dbc34140a02 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ed9a0e8e507cf2dda83b5590a10a0072 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ee0f29c00e79d594917a793c52696436 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eef9c77abdce5b3d33dddd330d3fcfc3 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef0fb31eaa5898fd24dc211df0834426 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef1bf1ce152cd61e99dc9d012525be2c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef69b544b545c7245ca42205a62d0798 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ef88c8b4ccaf356b17a8914c0635327d Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f048260e844f3ab1d8076f640cec61bb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f053e4b1eb9a0cc9979846de731a38b1 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f06b690a072db37fa9eb3b87f7f3eaef Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f0f6700c4c9b31d495f856d81d17adcf Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f1333d154fc2c5fa31789e277660399c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f25e98477d07474ed38fe87208f4efab Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f31e70399eb1c9a997d4c5a67e1d75d5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f387904eb1812f6be4654d65d7065356 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f391612f1dc75ecfd794b51eda4d1db0 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f3b4252df963b5a5fae1199eb2930ae5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f442e5f870b74dfd00064ccbb016b378 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f44ec1c968f4678f57fdae0f94d4549a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f524540ae2b3e2ee8ce4c8b93d3412f4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f5a80829226b7d8ffa1fe30406caadf5 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f62f0718cd2d01b943368aebc900f204 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f75f14af08912bb4a95c45153399bd7e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7db434943edb3e4d1e50482e27c244c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f854b0771d0d1c61c32a7bd6548cef7a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94b86cd19427df95206fdb2aa9f428c Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f9586e355ae8c8fbd90eb14a01e12c3a Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fa70aa07058bd9864be8bbb5c52be07e Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fa7dedc709e5854130b511e314498b38 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb25fd262adb12672092f3827f355795 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbca83a76ff0906d6cf11296b6ec9449 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbe83e4b6f63f3e850ac3907350adb95 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc705c18cc104803845f923429661dcb Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fc9203299058725d5223b972754719ab Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fcb5ed2b348b175e662944cb9a497361 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fd31db37f368bf575c9eb3d51ef0b9a4 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fe2183dd58b677049b0a49ab442c4024 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fe75f177fb50a71d96b061e7d8cc4dff Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ff3df36df5d91f8b709a22f71ab1f052 Schlüssel Gefunden : HKLM\Software\SweetIM Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0E3DBC69-A682-48DA-84E1-82C63A5D678E}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v23.0.1271.97 Datei : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.13] : homepage = "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A}", Gefunden [l.17] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?st=2&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A}", "hxxp://www.google.de/" ] Gefunden [l.57] : keyword = "search.sweetim.com", Gefunden [l.60] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A}", Gefunden [l.1789] : homepage = "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A}", Gefunden [l.2147] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?st=2&barid={8EF9C8D5-6BBD-4F5F-A082-4CA5E908351A}", "hxxp://www.google.de/" ] ************************* AdwCleaner[R1].txt - [49765 octets] - [03/01/2013 15:17:39] ########## EOF - C:\AdwCleaner[R1].txt - [49826 octets] ########## |
03.01.2013, 15:32 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Home.sweetim.com und Norton Antivirus adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.01.2013, 18:37 | #15 |
| Home.sweetim.com und Norton AntivirusCode:
ATTFilter # AdwCleaner v2.104 - Datei am 03/01/2013 um 18:29:50 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : Edith - EDITH-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Edith\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Ordner Gelöscht : C:\Users\Edith\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [49896 octets] - [03/01/2013 15:17:39] AdwCleaner[R2].txt - [1069 octets] - [03/01/2013 18:29:30] AdwCleaner[S1].txt - [49039 octets] - [03/01/2013 18:18:59] AdwCleaner[S2].txt - [1003 octets] - [03/01/2013 18:29:50] ########## EOF - C:\AdwCleaner[S2].txt - [1063 octets] ########## Code:
ATTFilter OTL Extras logfile created on: 03.01.2013 18:41:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,88% Memory free 6,22 Gb Paging File | 5,10 Gb Available in Paging File | 81,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 116,33 Gb Free Space | 50,02% Space Free | Partition Type: NTFS Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 35,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{006954EA-33EB-4662-842D-0ED75DD46D48}" = rport=138 | protocol=17 | dir=out | app=system | "{076F689E-8ECD-49E8-A6B7-2C378EFA8001}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{158A323B-9C9C-49CC-88F6-9CD905A9329C}" = lport=445 | protocol=6 | dir=in | app=system | "{1C9DCB09-DDC2-4518-B255-B85D904D8A16}" = rport=445 | protocol=6 | dir=out | app=system | "{378D3547-7232-430F-BB97-950712323872}" = rport=139 | protocol=6 | dir=out | app=system | "{64760F7B-A695-459C-8A9F-DA03B5794472}" = lport=137 | protocol=17 | dir=in | app=system | "{6E1202A5-ACBB-434E-BA4D-CDD4028A90E6}" = lport=138 | protocol=17 | dir=in | app=system | "{713027EE-D076-43AF-922B-152A5683D367}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare | "{9153DF09-CB74-44B5-9907-3A5408B5B33D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B226DB71-3A87-47DD-91DF-79157A395E3F}" = lport=139 | protocol=6 | dir=in | app=system | "{EAC019C5-CB53-4DF6-AB6B-176CFF971BC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{EE0D3293-F606-4D14-A416-7A2174A78452}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C0300E0-A979-4BAF-99B6-D1E1A16B62FD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{0F4BC87E-4228-4DAF-A68C-0B4ADE147DC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{12A2D350-28D1-4D9D-8529-AB016AB1C531}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{29FF0134-CA76-4EA9-A866-900368701297}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3C88ADDF-D00B-47B0-A939-6529FAB84096}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{44F6BF40-064A-4511-A88A-11F2346325B6}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{450833A5-9B15-4522-A5B8-DAB59789A67C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{5F0717ED-4813-42AF-B6C4-0FC5D9F9227F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{725B2B26-300D-42E2-BC4D-FDCD06C164CD}" = protocol=17 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe | "{78F19545-1C99-4A05-8C12-DC0A101ED625}" = protocol=6 | dir=in | app=c:\users\edith\appdata\local\temp\7zsd11c.tmp\symnrt.exe | "{7FC539DC-5998-4546-ABC2-AD96E2392336}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{842CF817-E40C-4A33-B135-30D12DC90F21}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{984D4E27-97C0-4E6A-811E-CF5BBEB3E983}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{B0C4A9FA-72B1-4FBB-B296-24B4A5D03155}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{C33B3561-5982-4C24-ACA4-945964DAD405}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C4C37BC7-AB14-42D3-BAB2-2C8502F01D02}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CBD20412-4AE2-410E-B5BF-E26CD4BCBDCD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{D4C0F7E0-D2A5-4F32-BD66-7F5C599ADD23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D7DD609E-67B8-4721-A1F7-AAFEB4DA645A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E612B596-AA13-4AD5-8501-7C1BE788A785}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E7FE9AAF-B804-4E40-B0B7-8B72E9B91ECA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{EC48B1AF-1698-461C-9F67-6C2A96872912}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F849A470-A959-46AE-909C-AF15096DB7A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FFFCBA17-1084-478B-AD4A-BB469A226CD1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04440141-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Professional 2004 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{1BA978E7-2F4C-442F-BB58-6DCCC6BB0074}" = Haushaltsbuch8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 7.0 with 5.1ch "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114039310}" = Turbo Subs "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114669510}" = Egyptian Ball "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115050127}" = Mystery PI The Vegas Heist "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115430860}" = Amazing Adventures Around The World "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116555140}" = Farm Frenzy Pizza Party "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116609607}" = Undiscovered World The Incan Sun "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117327560}" = Kuros "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117398253}" = Build a Lot 4 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117673440}" = Hide and Secret 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117770767}" = Every Day Genius Square Logic "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117779147}" = Age of Oracles TM Tara’s Journey "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118514767}" = Youda Fairy "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118753180}" = Agatha Christie Bundle - 3 in 1 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "510005827" = Crazy Rings "510005835" = Oddly Enough - Pied Piper "510006725" = Worlds Greatest Temples Mahjong "510006975" = Amulet of Time: Shadow of la Rochelle "510006978" = Sticky Linky "510006983" = Hide & Secret - The Lost World "510006995" = Isla Dorada The sands of Ephranis "Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "amelie'scafedeluxe" = Amelie's Cafe Deluxe "avast" = avast! Internet Security "Diamond Caves 3" = Diamond Caves 3 "ElsterFormular 11.2.0.4074" = ElsterFormular "Google Desktop" = Google Desktop "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector (Acer DT) "king.com" = king.com (remove only) "LHTTSGED" = L&H TTS3000 Deutsch "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NetSight" = Nielsen Online "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Online Games Manager" = Online Games Manager v1.10 "Shockwave" = Shockwave "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.8.3.2499 "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Gemini Lost Deluxe" = Gemini Lost Deluxe "Wandering Willows Deluxe" = Wandering Willows Deluxe ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.04.2012 00:38:06 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.04.2012 00:39:24 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10 Description = Error - 18.04.2012 07:23:45 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.04.2012 07:23:46 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.04.2012 07:25:21 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10 Description = Error - 23.04.2012 16:36:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.04.2012 16:36:23 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.04.2012 16:37:57 | Computer Name = Edith-PC | Source = WinMgmt | ID = 10 Description = Error - 24.04.2012 03:16:38 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 24.04.2012 03:16:39 | Computer Name = Edith-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80U.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:29 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. Error - 03.01.2013 13:40:30 | Computer Name = Edith-PC | Source = cdrom | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden. < End of report > Code:
ATTFilter OTL logfile created on: 03.01.2013 18:41:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edith\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,88% Memory free 6,22 Gb Paging File | 5,10 Gb Available in Paging File | 81,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,59 Gb Total Space | 116,33 Gb Free Space | 50,02% Space Free | Partition Type: NTFS Drive D: | 348,93 Gb Total Space | 348,82 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive E: | 35,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EDITH-PC | User Name: Edith | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Edith\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe () PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\nsmmc.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npfirefoxprocessor.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npwmi.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npsurvey.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\npsp1.dll () MOD - C:\Programme\NetRatingsNetSight\NetSight\meter8\communication.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\Acer\Empowering Technology\SysMonitor.exe () MOD - C:\Programme\Acer\Empowering Technology\Framework.Launcher.exe () MOD - C:\Programme\Acer\Empowering Technology\Framework.Presenter.dll () MOD - C:\Programme\Acer\Empowering Technology\de\Framework.AppBar.resources.dll () MOD - C:\Programme\Acer\Empowering Technology\Framework.AppBar.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Programme\Acer\Empowering Technology\eSettings\eSettings.QuickMenu.dll () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV - (NielsenUpdate) -- C:\Programme\NetRatingsNetSight\NetSight\NielsenUpdate.exe (The Nielsen Company) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswNdis2) -- C:\Windows\System32\drivers\aswNdis2.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (nnfwdk) -- C:\Programme\NetRatingsNetSight\NetSight\meter8\nnfwdk.sys (The Nielsen Company) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0908&m=aspire_m1201 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\SearchScopes\{181DC6FE-6D1D-4817-A41E-8BBBAB8A0928}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) [2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions [2012.05.06 17:35:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edith\AppData\Roaming\mozilla\Extensions\home2@tomtom.com O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O3 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NielsenOnline] C:\Programme\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe () O4 - Startup: C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\EROPROJ.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1523784361-1419484075-2864972026-1000\..Trusted Domains: localhost ([]http in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} hxxp://acerde.oberon-media.com/online/online2/zuma/oberongamesloader.cab (OberongamesLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96895559-8754-4D3B-8B4B-1A2717C5CBFC}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msero {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Common Files\microsoft shared\Encarta Researcher\MSERO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG O24 - Desktop BackupWallPaper: C:\Users\Edith\Pictures\ApfelBrombeer[2].JPG O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell - "" = AutoRun O33 - MountPoints2\{ea62eb42-af7b-11e0-9a05-002268049f90}\Shell\AutoRun\command - "" = L:\Password.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD [2012.12.22 03:03:52 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 03:03:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.14 06:35:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.14 06:35:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.14 06:35:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.14 06:35:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.14 06:35:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.14 06:35:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.14 06:35:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.14 06:35:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.14 06:31:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.12.14 06:31:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2012.12.14 06:31:28 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.12.14 06:31:27 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.12.14 06:31:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.12.14 06:31:24 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.12.13 11:44:52 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.13 11:44:52 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012.12.13 11:44:51 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.13 11:44:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 30 Days ========== [2013.01.03 18:38:31 | 035,526,599 | ---- | M] () -- C:\Users\Edith\Desktop\Firefox 17.0.1.dmg [2013.01.03 18:31:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.01.03 18:31:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 18:31:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.03 18:31:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.03 18:31:24 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2013.01.03 18:24:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edith\Desktop\OTL.exe [2013.01.03 18:18:59 | 000,000,240 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.01.03 18:17:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.03 15:28:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.03 15:12:15 | 000,551,997 | ---- | M] () -- C:\Users\Edith\Desktop\adwcleaner.exe [2013.01.03 06:30:07 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Edith.job [2012.12.27 12:20:54 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.27 12:20:54 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.27 12:20:54 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.27 12:20:54 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.22 03:23:00 | 000,437,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.16 14:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.16 11:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.12 15:11:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.12 15:11:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.01.03 18:38:31 | 035,526,599 | ---- | C] () -- C:\Users\Edith\Desktop\Firefox 17.0.1.dmg [2013.01.03 18:29:11 | 000,551,997 | ---- | C] () -- C:\Users\Edith\Desktop\adwcleaner.exe [2013.01.03 18:18:59 | 000,000,240 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012.12.14 06:31:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 06:31:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.05.28 08:16:45 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini [2011.03.06 15:08:24 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.10.29 13:13:59 | 000,001,356 | ---- | C] () -- C:\Users\Edith\AppData\Local\d3d9caps.dat [2010.05.29 19:09:18 | 002,316,435 | ---- | C] () -- C:\Users\Edith\schmehle2.jpg [2010.05.29 19:08:52 | 002,026,392 | ---- | C] () -- C:\Users\Edith\schmehle1.jpg [2010.05.29 19:08:21 | 002,139,614 | ---- | C] () -- C:\Users\Edith\schmehle.jpg [2009.08.20 19:19:21 | 000,052,224 | ---- | C] () -- C:\Users\Edith\Zeitungsliste.xlr [2009.05.26 10:40:31 | 000,004,962 | ---- | C] () -- C:\Users\Edith\AppData\Roaming\wklnhst.dat [2009.05.14 20:10:21 | 000,027,648 | ---- | C] () -- C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.13 23:40:24 | 000,007,090 | ---- | C] () -- C:\Users\Edith\AppData\Local\slot1.mm1 ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 407 bytes -> C:\ProgramData\TEMP:B890E098 @Alternate Data Stream - 405 bytes -> C:\ProgramData\TEMP:80873EE2 @Alternate Data Stream - 403 bytes -> C:\ProgramData\TEMP:AB985F7C @Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:F0A4F95E @Alternate Data Stream - 402 bytes -> C:\ProgramData\TEMP:3A35C29C @Alternate Data Stream - 400 bytes -> C:\ProgramData\TEMP:C72E5875 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:E1A68E67 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:CB66E9B7 @Alternate Data Stream - 397 bytes -> C:\ProgramData\TEMP:9A071EA2 @Alternate Data Stream - 396 bytes -> C:\ProgramData\TEMP:B203B914 @Alternate Data Stream - 395 bytes -> C:\ProgramData\TEMP:D4CD7005 @Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:94C8B75E @Alternate Data Stream - 394 bytes -> C:\ProgramData\TEMP:44B5FE44 @Alternate Data Stream - 393 bytes -> C:\ProgramData\TEMP:28A1F3CB @Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:CE1DA626 @Alternate Data Stream - 391 bytes -> C:\ProgramData\TEMP:E96C83D4 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:BE03B635 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:92B1F486 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:5177EEE7 @Alternate Data Stream - 390 bytes -> C:\ProgramData\TEMP:387A6F49 @Alternate Data Stream - 388 bytes -> C:\ProgramData\TEMP:A060A953 @Alternate Data Stream - 385 bytes -> C:\ProgramData\TEMP:1F3EEC32 @Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:F85284EA @Alternate Data Stream - 384 bytes -> C:\ProgramData\TEMP:02067B2A @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:D6BDD51E @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:B01C2351 @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:4C96DCB8 @Alternate Data Stream - 382 bytes -> C:\ProgramData\TEMP:453C1FA2 @Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:3CC5A5D1 @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FEE5129B @Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:FBC7D82D @Alternate Data Stream - 379 bytes -> C:\ProgramData\TEMP:9060A47A @Alternate Data Stream - 376 bytes -> C:\ProgramData\TEMP:804A4210 @Alternate Data Stream - 369 bytes -> C:\ProgramData\TEMP:E5E4A530 @Alternate Data Stream - 367 bytes -> C:\ProgramData\TEMP:4B476508 @Alternate Data Stream - 365 bytes -> C:\ProgramData\TEMP:5A05820A @Alternate Data Stream - 361 bytes -> C:\ProgramData\TEMP:8BC965A1 @Alternate Data Stream - 357 bytes -> C:\ProgramData\TEMP:1D32EC29 @Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:DE3A8059 @Alternate Data Stream - 353 bytes -> C:\ProgramData\TEMP:83FDB6DC @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:94B65E3C @Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:BA660D25 @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:EF20E652 @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:07E55929 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:C7F76735 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:9F9D57FD @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:2C16E576 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:20D0F267 @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:E1B0CF05 @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:5690D76E @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:A2FC7F08 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:92298B59 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:683BD5A8 @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:65AAB2AD @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:26B7B9EA @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0B32B6C9 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:E779F65A @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C0601E00 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:874EE5CB @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:7A30DA6A @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:E1031541 @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:9959803A @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1E3397DC @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1DECED1B @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1C93E55E @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:1960DAF2 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9AB338B9 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9A7901A9 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:9756362E @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:7CACEF61 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4CD2D817 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:3D11302A @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:2D6D1D25 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:21637AEC @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1B1330FD @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:1A60DE96 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05816AFA @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:05650B69 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0105A66F @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDE8EA85 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:E189EC1B @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:CD6978FC @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:ACFD5043 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:AC57032B @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A5808D58 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A118E9A3 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9CD61266 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9A842F5C @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:942BD321 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8AB6C1D7 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:61FB58C9 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3EEE7620 @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:3B9582E0 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:FEF919E6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E7F71472 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:E35A81F4 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DB4758C6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:BAE8784F @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:A967571A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:9F36615A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:8FF962C6 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7FB8A209 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:7F66BF58 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:68C4BECC @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:580E04D8 @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:3C75E5BE @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:2FF4577A @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:049C87B7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:F62CAE78 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EF4B1DA9 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EDED3240 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:EC36F550 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D8A7F3FF @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:D16E7091 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C9F873D0 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:C5C5F2F2 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B1B9AE56 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B110897C @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:AE78B77A @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:99A72E3A @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:81C88EA7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7991541F @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:700B8E2E @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5E0617AC @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:21745EE1 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:01D3D7F4 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ECB488E5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E6E9EB6C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E10DCAF3 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DB365884 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D16A56DE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:BA4AE5FC @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:ACDADE10 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AB554F94 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9BE4A88F @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:948CDB3D @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:6B9828AE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E748D4C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5E4A7758 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:56530ABD @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4EB84EC1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:41326804 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2E0A3B1D @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:26EE282C @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:24AB14E7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:23A1F55B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:20FFCF0B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1D9ED8F7 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:158CC5FF @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:0EC9720B @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:05113FB9 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:FC89CE5A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:EC4E61E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CD9B334A @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:BD8705CE @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:ABD3B354 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:A68B9D77 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8FC027DE @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:88BFF41D @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:794BB94F @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:742F1EE5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:4D3513A5 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3BAD46F6 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:26C2E4B1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:17FF6514 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:0AE8FC60 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FDAF118C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD20BDA6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:F59916B9 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DE22D45C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABA71843 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:730BC923 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5A27D490 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:53992C73 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3612C9BE @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2D1BE4C6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24DC7949 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2085D07D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EBE4F6FC @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E463CA56 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E3AFC61E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1069F99 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CF2C26D2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEED62ED @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:C3A4217C @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BAD88AD2 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8D79965B @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AD1F2E0 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:82C50600 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:77271429 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6B5A665E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:53F381F1 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:531637AD @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:442B1B91 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3EA1C214 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:29DA7FEE @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:18295838 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0651F96C @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:06253D7D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0207454C @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FA8ADCCD @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F19EC797 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:CBCE0A92 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C226A7C2 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B8B102B9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:7C4DCB5B @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:765C6A14 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:593E515D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:43ABA97D @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:375B96CE @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:34BCB6A9 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:226A6E31 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0C5A6770 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F79DAA38 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E60D24D7 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8E9D804 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C104B0EF @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:9B750A13 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:97AB2056 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:7E100A8C @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:60D0CFE2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:48529647 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:45BC0AAA @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:3965C4E8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:37CE0F2E @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:204BEE0F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:16A2C6C0 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0E37A445 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FF818E2B @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FB914833 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:EF2D54F9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E90251A2 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DD3F5AF4 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D74C2847 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C44E62F1 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:BB24555F @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B9775780 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:ADE91125 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:AB5B8755 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:9CB2B6C5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:8A026284 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:860D9052 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:81F83028 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:7E26B7DC @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EAE3ABC @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6BD1DCDD @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5D2DC0A6 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:35632DDA @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:232300C2 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1D60AEC3 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1CE3DF80 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FE144218 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E7700065 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E31D4564 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCDE7C60 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:DCAF903C @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:CE0A077E @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C70C12CF @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:ACCFB883 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9C7B545 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A9B2AAD0 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A362A045 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9B9441A5 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:9AB9ECE0 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8C443193 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:69FA7876 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6051163F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:5A13AEC2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A48591F @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:195E9213 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:18AE7C5A @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:100384F2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0D864221 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:003A85AC @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F565FB91 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DBA1A307 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DB563BE7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B5D277AB @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9C504A4D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9BCE9E9B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9658F8A2 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:93CE17D1 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91CF76E3 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8E6845BC @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:8BBD1F9A @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:80A70180 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7EE43C06 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:74456BF5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5304CF6F @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F8BECB9 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:46545F5C @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:2B059D79 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:268F887D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:13B137AF @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E0CDAF60 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D93DCF15 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D77C0A61 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D417F0D5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:792C1D5C @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:61AF91EC @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3FF8D96E @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3F22DA14 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A615C9C @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0E341035 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0256104B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E62BE020 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E40BF3ED @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:E22211E1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C40E212B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B79388B4 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:B310C233 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:ADCBD4B1 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A13E0480 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9C5E2795 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:9296EC11 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:8F76671E @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6720DF40 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:49F896E9 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:3064D21D @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1DFC024D @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:19AD1878 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:FE4E15B1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F68CB977 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E36F5B57 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D478F292 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C71DF9C6 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:C36E5828 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:956EC010 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:92D18A5E @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:898C038B @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:84744B34 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:798F4CE4 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7079A696 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:687D1056 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:52FE3CCD @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4C33F119 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:45A334DD @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:404C30E3 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:20B17557 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:18FCA3F2 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17C6C557 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:131C0EE9 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:072B9E55 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F82CA780 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F2F115B4 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F1FE38D7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D8EA2847 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D3930F74 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:940ECC98 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:858D9994 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80234CE0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6A7B7A50 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:550179F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:50A11A00 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4EAD6852 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4B112591 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:386E239F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:38317199 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:30F1AD86 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:029E021F @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:02573978 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:023F0743 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:002640E3 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:FDD78BE5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E4EAA06A @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DE38CB5F @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:D61069DE @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CDA9D806 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C8EAE2CC @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C2E33402 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:B54102AD @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7DFDF9DF @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:72E546C1 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:651AC260 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3A29D202 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:39294FE1 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1B154164 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:1AD5880D @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:174B11D8 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:15FA1ECB @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C9B93CC4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B83BF1A6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:91DFBB4A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8F7ECF6A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:87F524B2 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8599F087 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7C0CBD4C @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7B227418 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:76986D86 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:6CFD36EA @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:54997B77 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4890C28A @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:322EAACD @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2E0BE9CA @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2CBB1EC8 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2504A086 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:225C4FFC @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:193426B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0E640041 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:09DC8014 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FACC16FC @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FA45F5FF @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F4BE8180 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F42CF153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D0397AE3 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C762A926 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C4AAD3E4 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:97A03D0F @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:902B6A44 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8FBE0E9C @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8DCF53BE @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5E3FBF9D @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:541F9F51 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:47317C33 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:42275BC2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:373C6DC2 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2FAFBD6A @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2A5BC0A9 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:26140299 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1FDDA142 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1ECB0F6C @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:1DDD0008 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:128A6DC9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F131B2B8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E6B1AD87 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E55CE2D1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3FFFBA9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B837C568 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A6A9036 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:73CCE32D @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6FCD73D7 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:63A71C6F @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:55781AF7 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:516FF8A1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3E424252 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3D4CCD1E @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:22C80839 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1AE68282 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EB3A09D6 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EA43B001 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DDE7FCF4 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A5E0BCE9 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:949E3D1B @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:90E60569 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7D49B96B @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:700CD00E @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:64A7B9DE @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:51F17074 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5199C971 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:017D5143 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F65733F1 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:E8F2A400 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BC521608 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:AA9519A6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:A3F4C22C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:98A71B94 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:95B8F7F6 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:74699137 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:595E476D @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:45E33ED2 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39F44D9C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A8CD561 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:2A0E0B9F @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:20B9E63F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D20FFA63 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C5B70C5D @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:88555A1F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8750DCE4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70F0A2F4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:6C22B38A @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:62197B73 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4D7FCCD3 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:48070A48 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4300D829 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2F46E9A6 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B99FE60 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1AF93AF4 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0A18093F @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:01453AF3 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F86CC73E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F854B030 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E8E51D31 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6C2C750 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D5C1AF61 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CCF42AF8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C0D722EB @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A9D9351A @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A4AD016E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:98104906 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8DD623B3 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8C885EDD @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:7D2C5D65 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:799B8AA7 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:793ABD2B @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:6C3B96F0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:51C0853C @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4C97EF04 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3E7C402E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:087D1C56 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:01EDA307 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E71141D2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D091E13E @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C6DBBC03 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B8EA2C49 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:981884E7 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8F925134 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8D8F3340 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:74B502CB @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5425B7F5 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52A42F4C @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4DBBB4EA @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4B1807BE @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:369A9F46 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:30376ACC @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:2CFBE2D1 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0503B6B8 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:F6E5C7FB @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E89EDC52 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D30CE047 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CCBF0D67 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B358A070 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8F5346F2 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:5D458568 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51387F29 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:07A75CBF @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F9CEBD79 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:EAB1AD1B @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E9CB5ECC @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D43ACD11 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C7D36B80 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B42328DE @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:92209557 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:90FE524C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:895798AD @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:85B53F5F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E68DD27 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:756C8543 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:741CA49D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5743A858 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4DE8C719 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3867977D @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:2A8A3140 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:02C1CB6D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FDA8D6AE @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:F84F494D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E7AD9690 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E749BCD7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DF3D49ED @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C77DCC63 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A86C3734 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A0405560 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9E64EBA6 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8C84073F @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:857692EC @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:85526F54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:77B90F12 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:726A7C8D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:6C81A062 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5B111056 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:551E1CB4 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:54F7A151 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:53546330 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2E964D2D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1AAEFD5D @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1013B07C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DF5BAC78 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DE29D4A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:DAFAF1BF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C8D1C36C @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BE9A1C90 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A833FADB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A3857D86 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:981349EA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:93F6D130 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:864A52B8 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5EBA4934 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:4ABFB16D @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3FBB88CF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3CA18B6B @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38788EA7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3095BD69 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1BC99E01 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:1941675B @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F01E7F17 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ED66F190 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E6433F27 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E2C7E93F @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D44D0CA3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B3B92717 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ABCD2B94 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:9950163C @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E158DDD @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:478FEFC3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:409F27A9 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33C7F7F2 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:0A9883D3 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D5458F6B @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4EDDC66F @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D6BE1CEA @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F538558 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5EC637CB @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:DFA00BA4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:74BB299D @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2D723B3A @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F791B5EF @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D68C96C3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C4F2D2B @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8C458D50 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:81365633 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:56AB0B90 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:45E74272 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:147DA06A @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F7124EAF @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A78FEBF9 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93C494CA @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:40DEEFF7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FC420CE6 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D226F1A4 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2411B07C @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CFE0B346 < End of report > Geändert von Rapunzel (03.01.2013 um 18:54 Uhr) |
Themen zu Home.sweetim.com und Norton Antivirus |
abgelaufen, antivirus, arbeit, avast, behauptet, datei, dienstag, emailadresse, fahren, gelöscht, google, handle, liebe, lieben, norton, sache, sachen, seite, sitze, speicher, speichern, stimmen, virus, würde, yahoo |