| |
| |||||||
Log-Analyse und Auswertung: Virus tr/psw.zbotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.01.2013, 15:16
| #16 |
 |  Virus tr/psw.zbot Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\pci \Device\NTPNP_PCI0021 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mouclass \Device\PointerClass1 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\RAW \Device\RawTape IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\secdrv \Device\Secdrv IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\0000005d IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\mwlPSDVDisk \Device\mwlPSDVDisk IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo9 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c3ed-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{9b49b272-5a3d-11e2-a38f-001fcf40c3ef} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\0000006d IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \FileSystem\FileInfo \Device\FileInfo IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys |
|
19.01.2013, 15:17
| #17 |
| | Virus tr/psw.zbot Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys
__________________Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PptpMiniport \Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\SstpDrv IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\NTIDrvr \Device\NTIDrvr1 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo5 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\Termdd IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000057 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\RasSstp \Device\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbhub \Device\USBPDO-8 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{3DE18B1F-ADF3-47BC-A6FC-9D93DDA134DD} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\vpcnfltr \Device\VPCNetS3_{EC11A37B-0DA5-4D82-A54E-490123FC15D8} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBFDO-6 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\TermDD \Device\RemoteVideo1 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy{3e26c2f1-6098-11e2-9b80-001fcf40c3ef} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000067 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000053 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\k57nd60a \Device\{AE3FEB77-5F62-46F7-A218-E9295E362423} IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\ACPI \Device\00000077 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\Tcpip \Device\WfpAle IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_CREATE ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_CREATE_NAMED_PIPE ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_CLOSE ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_READ ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_WRITE ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_QUERY_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SET_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_QUERY_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SET_EA ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_FLUSH_BUFFERS ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_QUERY_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SET_VOLUME_INFORMATION ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_DIRECTORY_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_FILE_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SHUTDOWN ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_LOCK_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_CLEANUP ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_CREATE_MAILSLOT ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_QUERY_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SET_SECURITY ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_POWER ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SYSTEM_CONTROL ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_DEVICE_CHANGE ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_QUERY_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\iaStor \Device\ScsiPort0 IRP_MJ_SET_QUOTA ws\system32\DRIVERS\kbdclass.sys Device \Driver\PnpManager \Device\00000063 IRP_MJ_CREATE Device \Driver\PnpManager \Device\00000063 IRP_MJ_CREATE_NAMED_PIPE Device \Driver\PnpManager \Device\00000063 IRP_MJ_CLOSE Device \Driver\PnpManager \Device\00000063 IRP_MJ_READ Device \Driver\PnpManager \Device\00000063 IRP_MJ_WRITE Device \Driver\PnpManager \Device\00000063 IRP_MJ_QUERY_INFORMATION Device \Driver\PnpManager \Device\00000063 IRP_MJ_SET_INFORMATION Device \Driver\PnpManager \Device\00000063 IRP_MJ_QUERY_EA Device \Driver\PnpManager \Device\00000063 IRP_MJ_SET_EA Device \Driver\PnpManager \Device\00000063 IRP_MJ_FLUSH_BUFFERS Device \Driver\PnpManager \Device\00000063 IRP_MJ_QUERY_VOLUME_INFORMATION Device \Driver\PnpManager \Device\00000063 IRP_MJ_SET_VOLUME_INFORMATION Device \Driver\PnpManager \Device\00000063 IRP_MJ_DIRECTORY_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_FILE_SYSTEM_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_DEVICE_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_INTERNAL_DEVICE_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_SHUTDOWN Device \Driver\PnpManager \Device\00000063 IRP_MJ_LOCK_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_CLEANUP Device \Driver\PnpManager \Device\00000063 IRP_MJ_CREATE_MAILSLOT Device \Driver\PnpManager \Device\00000063 IRP_MJ_QUERY_SECURITY Device \Driver\PnpManager \Device\00000063 IRP_MJ_SET_SECURITY Device \Driver\PnpManager \Device\00000063 IRP_MJ_POWER Device \Driver\PnpManager \Device\00000063 IRP_MJ_SYSTEM_CONTROL Device \Driver\PnpManager \Device\00000063 IRP_MJ_DEVICE_CHANGE Device \Driver\PnpManager \Device\00000063 IRP_MJ_QUERY_QUOTA Device \Driver\PnpManager \Device\00000063 IRP_MJ_SET_QUOTA Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CREATE Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CREATE_NAMED_PIPE Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CLOSE Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_READ Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_WRITE Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_INFORMATION Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_INFORMATION Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_EA Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_EA Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_FLUSH_BUFFERS Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_VOLUME_INFORMATION Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_VOLUME_INFORMATION Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_DIRECTORY_CONTROL Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_FILE_SYSTEM_CONTROL Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_DEVICE_CONTROL Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_INTERNAL_DEVICE_CONTROL Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SHUTDOWN Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_LOCK_CONTROL Hi Matthias, ich habe ein Problem ich bin irgendwie in der GMER Datei beim Kopieren verrutscht, da diese so groß ist. Weisst du eine Möglichkeit, wie ich die Zeile finde in der ich stehen geblieben bin? DANKE für Deine Hilfe!!! mkoch |
|
19.01.2013, 16:20
| #18 |
| /// TB-Ausbilder   | Virus tr/psw.zbot Servus,
__________________wir lassen das mit GMER und nehmen stattdessen aswMBR: Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. |
|
21.01.2013, 08:49
| #19 |
| | Virus tr/psw.zbot Hi Matthias, beim Ausführen der aswMBR.exe ist der Laptop in ein BluScreen gegangen. Folgendes Problem wurde ausgewiesen: Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: d1 BCP1: 0000000000000000 BCP2: 0000000000000002 BCP3: 0000000000000008 BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Habe Windows wieder normal gestartet. Was soll ich nun tun? Die aswMBR.exe nochmals ausführen? DANKE für Deine Hilfe!!! |
|
21.01.2013, 17:56
| #20 | |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, zuerst deinstallierst du zwei von deinen drei AV Programmen und dann starten wir ComboFix: Schritt 1 Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast: Code:
ATTFilter McAfee Anti-Virus und Anti-Spyware
Microsoft Security Essentials
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
21.01.2013, 19:26
| #21 |
| | Virus tr/psw.zbot Hi, ich habe mich für Avira entschieden und die anderen beiden entsprechend Deiner Angaben deinstalliert. Danach habe ich Combofix heruntergeladen und dieses gestartet. Es läuft soweit durch, bis ein Fenster (blauer Hintergrund) aufgeht und in diesem folgendes steht: Bitte warten. ComboFix wird vorbereitet, um ausgeführt zu werden. Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen Ich habe danach den PC nochmals neugestartet. Das AV Avira und Malware ausgeschaltet und nochmals ComboFix gestartet. Und wieder kommt o.g. Fenster mit dem Hinweis. Was nun? |
|
22.01.2013, 17:57
| #22 | |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, Zitat:
|
|
22.01.2013, 19:10
| #23 |
| | Virus tr/psw.zbot Hi, kann ich nicht mehr genau sagen. Einige Minuten?! |
|
22.01.2013, 19:41
| #24 |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe dort ComboFix nochmal aus. Warte mindestens 10 Minuten bei der genannten Meldung. |
|
22.01.2013, 20:03
| #25 |
| | Virus tr/psw.zbot Hi, Ich hatte zwischenzeitlich combofix nochmals gestartet und es ist durchgelaufen. Allerdings komme ich mit unserem Laptop nicht mehr über den Internet Explorer online. Es gibt ein Problem. Internet Explorer funktioniert nicht mehr. Hier bin ich mit dem tablet PC online. Kann ich die logdatei auf ein stick ziehen? Habe bedenken dass der Trojaner sich dadurch dann auch auf dem tablet breit macht. Vielen vielen dank für deine weitere Unterstützung. Combofix Logfile: Code:
ATTFilter ComboFix 13-01-21.04 - mkoch 22.01.2013 19:13:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2523 [GMT 1:00]
ausgeführt von:: c:\users\mkoch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\NVIDIA
c:\programdata\NVIDIA\NvApps.xml
c:\programdata\NVIDIA\NvStarted
c:\users\mkoch\4.0
c:\users\mkoch\AppData\Roaming\.#
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-22 bis 2013-01-22 ))))))))))))))))))))))))))))))
.
.
2013-01-22 18:20 . 2013-01-22 18:20 -------- d-----w- c:\users\tlang\AppData\Local\temp
2013-01-22 18:20 . 2013-01-22 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 08:54 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1EBE6D4-49B2-4846-A8DD-834D34B647AD}\mpengine.dll
2013-01-18 13:08 . 2013-01-18 13:09 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\users\mkoch\AppData\Roaming\Malwarebytes
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\programdata\Malwarebytes
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-18 08:07 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 08:06 . 2013-01-18 08:06 -------- d-----w- c:\users\mkoch\AppData\Local\Programs
2013-01-18 07:08 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-18 07:08 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-18 07:08 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-18 07:08 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-18 07:08 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-18 07:08 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-18 07:08 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-18 07:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-18 07:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-18 06:21 . 2013-01-18 06:20 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-18 06:21 . 2013-01-18 06:20 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-18 06:21 . 2013-01-18 06:20 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-18 06:21 . 2013-01-18 06:20 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-18 06:20 . 2013-01-18 06:20 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-18 06:20 . 2013-01-18 06:20 188832 ----a-w- c:\windows\system32\java.exe
2013-01-18 06:20 . 2013-01-18 06:20 -------- d-----w- c:\program files\Java
2013-01-14 20:38 . 2013-01-18 17:53 -------- d-----w- c:\users\mkoch\AppData\Roaming\Osul
2013-01-14 20:38 . 2013-01-17 12:27 -------- d-----w- c:\users\mkoch\AppData\Roaming\Namyne
2013-01-14 20:38 . 2013-01-14 20:38 -------- d-----w- c:\users\mkoch\AppData\Roaming\Tenayb
2013-01-09 09:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 09:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 09:36 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 09:36 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 09:36 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 09:36 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 09:36 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 09:36 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 09:36 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 09:36 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 09:36 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 09:36 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 09:36 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 09:36 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 09:34 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 09:34 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files\iPod
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files\iTunes
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files (x86)\iTunes
2012-12-27 12:01 . 2012-12-27 12:01 -------- d-----w- c:\program files (x86)\Cornelsen
2012-12-24 13:13 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-24 13:13 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-24 13:13 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-24 13:13 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 13:29 . 2010-01-28 13:09 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-09 09:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:14 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 14:38 . 2012-11-02 14:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-11-02 05:59 . 2012-12-12 09:12 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:12 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 18:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"pdfw"="c:\program files (x86)\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files (x86)\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-04-09 59392]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 21:18 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 18:26]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/tb2/ie_startpage
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110331053538
DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} - hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Honuuxgiex - c:\users\mkoch\AppData\Roaming\Osul\kyef.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22 19:23:32
ComboFix-quarantined-files.txt 2013-01-22 18:23
.
Vor Suchlauf: 13 Verzeichnis(se), 233.183.301.632 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 235.586.404.352 Bytes frei
.
- - End Of File - - FE1B49C608E516D778641F79D6125BD1
Hi, bin über InPrivate Browsen hierein. Internet Explorer funktioniert immer noch nicht. Kann das mit dem Trojaner zusammenhängen? |
|
23.01.2013, 17:49
| #26 | |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, Zitat:
Schritt 1 Combofix-Skript
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste mit deiner nächsten Antwort
|
|
23.01.2013, 20:56
| #27 |
| | Virus tr/psw.zbot Hallo, hier die Log von ComboFix Combofix Logfile: Code:
ATTFilter ComboFix 13-01-23.01 - mkoch 23.01.2013 20:32:00.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2780 [GMT 1:00]
ausgeführt von:: c:\users\mkoch\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\mkoch\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mkoch\AppData\Roaming\Namyne
c:\users\mkoch\AppData\Roaming\Osul
c:\users\mkoch\AppData\Roaming\Tenayb
c:\users\mkoch\AppData\Roaming\Tenayb\xyqu.upu
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-23 bis 2013-01-23 ))))))))))))))))))))))))))))))
.
.
2013-01-23 19:39 . 2013-01-23 19:39 -------- d-----w- c:\users\tlang\AppData\Local\temp
2013-01-23 19:39 . 2013-01-23 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 19:39 . 2013-01-23 19:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-22 18:35 . 2013-01-22 18:35 -------- d-----w- c:\programdata\NVIDIA
2013-01-22 08:54 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1EBE6D4-49B2-4846-A8DD-834D34B647AD}\mpengine.dll
2013-01-18 13:08 . 2013-01-18 13:09 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\users\mkoch\AppData\Roaming\Malwarebytes
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\programdata\Malwarebytes
2013-01-18 08:07 . 2013-01-18 08:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-18 08:07 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-18 08:06 . 2013-01-18 08:06 -------- d-----w- c:\users\mkoch\AppData\Local\Programs
2013-01-18 07:08 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-18 07:08 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-18 07:08 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-18 07:08 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-18 07:08 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-18 07:08 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-18 07:08 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-18 07:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-18 07:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-18 06:21 . 2013-01-18 06:20 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-18 06:21 . 2013-01-18 06:20 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-18 06:21 . 2013-01-18 06:20 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-18 06:21 . 2013-01-18 06:20 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-18 06:20 . 2013-01-18 06:20 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-18 06:20 . 2013-01-18 06:20 188832 ----a-w- c:\windows\system32\java.exe
2013-01-18 06:20 . 2013-01-18 06:20 -------- d-----w- c:\program files\Java
2013-01-09 09:38 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 09:38 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 09:36 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 09:36 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 09:36 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 09:36 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 09:36 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 09:36 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 09:36 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 09:36 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 09:36 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 09:36 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 09:36 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 09:36 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 09:34 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 09:34 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files\iPod
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files\iTunes
2013-01-04 15:17 . 2013-01-04 15:17 -------- d-----w- c:\program files (x86)\iTunes
2012-12-27 12:01 . 2012-12-27 12:01 -------- d-----w- c:\program files (x86)\Cornelsen
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 13:29 . 2010-01-28 13:09 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-24 13:13 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-24 13:13 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-24 13:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-24 13:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 09:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-14 08:26 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-14 08:26 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-14 08:26 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-14 08:26 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-14 08:26 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-14 08:26 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-14 08:26 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-14 08:26 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-14 08:26 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-14 08:26 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-14 08:26 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-14 08:26 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-14 08:26 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-14 08:26 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-14 08:26 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-14 08:26 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 08:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-14 08:26 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 08:26 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-14 08:26 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:14 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:14 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 14:38 . 2012-11-02 14:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 14:38 . 2012-11-02 14:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 14:38 . 2012-11-02 14:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-11-02 14:38 . 2012-11-02 14:38 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-11-02 05:59 . 2012-12-12 09:12 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:12 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 18:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"pdfw"="c:\program files (x86)\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files (x86)\IVT Corporation\BlueSoleil\gprs.exe [2007-12-27 43608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-04-09 59392]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-09 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-12-27 51816]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 21:18 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 18:26]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [BU]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/tb2/ie_startpage
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110331053538
DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} - hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-23 20:41:46
ComboFix-quarantined-files.txt 2013-01-23 19:41
ComboFix2.txt 2013-01-22 18:23
.
Vor Suchlauf: 18 Verzeichnis(se), 237.350.043.648 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 237.283.364.864 Bytes frei
.
- - End Of File - - 2DA554B3CE8C2601FD07B0414C15F550
Danach habe ich 3x versucht den adwcleaner zu starten. Jedesmal kam ein BlueScreen. Problemsignatur: Problemereignisname: BlueScreen Betriebsystemversion: 6.1.7601.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformationen zum Problem: BCCode: 3b BCP1: 00000000C0000046 BCP2: FFFFF80003AF4B80 BCP3: FFFFF880026C3020 BCP4: 0000000000000000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 768_1 Was nun? Vielen DANK für Deine weiter Hilfe und Geduld!!! |
|
24.01.2013, 19:39
| #28 |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, starte anstatt AdwCleaner bitte JRT: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Führe anschließend OTL wie in meiner letzten Antwort beschrieben aus und poste davon ebenfalls die Logdatei.  |
|
26.01.2013, 21:06
| #29 |
| | Virus tr/psw.zbot Hi, sorry für meine Verzögerung, war krank. Hier die Logdatei von JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.5.0 (01.23.2013:2) OS: Windows 7 Home Premium x64 Ran by mkoch on 26.01.2013 at 20:41:42,04 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8} ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\APNSTUB.EXE-5B731B15.pf ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo" ~~~ Chrome Successfully deleted: [Folder] C:\Users\mkoch\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.01.2013 at 20:49:29,51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und die Logdatei von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.01.2013 20:51:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkoch\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,90% Memory free 7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 221,09 Gb Free Space | 77,23% Space Free | Partition Type: NTFS Computer Name: MKOCH-PC | User Name: mkoch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 20:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 18:52:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.09.24 23:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.09.11 06:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.04 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007.12.27 15:39:28 | 000,706,056 | ---- | M] (IVT Corporation.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe PRC - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007.08.06 17:58:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsVistaCommon.dll ========== Services (SafeList) ========== SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 06:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.03.28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.09 11:55:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 11:55:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.04.09 03:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010.02.26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.21 22:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.05 01:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.07 02:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv) DRV:64bit: - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = WEB.DE Suche - die Suchmaschine IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{15FCC159-3EDF-4443-9283-D110C0B80167}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{28817DD8-5F08-482A-84B5-D4F11B1ACE9C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{49ADBA36-5634-41F8-86E7-A78FD7480B05}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE361 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BD51410-BAF3-42A8-AC29-51A582DFA833}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{A48FA5E8-3C16-44D0-B5A0-ACF7D661BED3}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{A56074C1-A7E3-42B5-B4CC-AF473E3CADCD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{D1FB190B-35DC-4586-B478-F23832F33BF2}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{E88F03F5-0D5E-4524-BBEF-0317FF0459FC}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\mkoch\Downloads\mp3 amazon\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - Extension: SiteAdvisor = C:\Users\mkoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ O1 HOSTS File: ([2013.01.23 20:39:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [pdfw] C:\Program Files (x86)\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110331053538 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab (Silverwire Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.26 20:41:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.26 20:41:28 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.26 20:34:16 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.23 20:43:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.23 20:41:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.23 20:22:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.23 20:18:16 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.22 19:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.21 19:10:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.21 19:10:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.21 19:10:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.21 19:10:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.21 19:10:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.21 08:37:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.01.18 14:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.18 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Roaming\Malwarebytes [2013.01.18 09:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.18 09:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.18 09:07:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.18 09:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.18 09:06:56 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Local\Programs [2013.01.18 08:14:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.01.18 08:14:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.18 08:14:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.01.18 08:14:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.01.18 08:14:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.01.18 08:14:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.01.18 08:14:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.01.18 08:14:32 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.01.18 08:14:32 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.01.18 08:14:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.01.18 08:14:32 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.01.18 08:14:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.01.18 08:14:32 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.01.18 08:14:32 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.01.18 08:14:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.01.18 08:14:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.01.18 08:14:32 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.01.18 08:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.01.18 08:14:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.01.18 08:14:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.01.18 08:14:31 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.01.18 08:14:31 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.01.18 08:14:31 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.01.18 08:14:30 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.01.18 08:08:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.01.18 08:08:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.01.18 08:08:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.01.18 08:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.18 07:21:16 | 000,960,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.18 07:21:14 | 001,081,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.18 07:21:14 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.18 07:21:00 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.18 07:20:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.18 07:20:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.18 07:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.09 10:38:09 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 10:38:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 10:37:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 10:37:35 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 10:37:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 10:37:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 10:37:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 10:37:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 10:37:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 10:37:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 10:37:19 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 10:37:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 10:37:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 10:37:18 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 10:37:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 10:37:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 10:37:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 10:37:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 10:37:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 10:37:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 10:37:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 10:37:16 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 10:37:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 10:37:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 10:37:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 10:37:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 10:37:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 10:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 10:37:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 10:37:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 10:37:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 10:37:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 10:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 10:36:08 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 10:36:05 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 10:36:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 10:36:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 10:36:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 10:36:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 10:36:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 10:36:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 10:36:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 10:36:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 10:36:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:35:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:35:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:35:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:35:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:35:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:35:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:35:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:35:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 10:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 10:35:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:35:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:35:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 10:34:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.04 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.04 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2009.10.29 06:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.26 20:34:16 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.26 20:17:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.26 19:54:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.26 19:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 17:33:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 17:33:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 17:25:51 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 20:52:33 | 431,819,840 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.23 20:50:58 | 000,574,315 | ---- | M] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 20:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.23 20:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.23 20:18:37 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.23 13:22:44 | 000,011,264 | -H-- | M] () -- C:\Users\mkoch\photothumb.db [2013.01.21 19:18:59 | 001,526,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.21 19:18:59 | 000,665,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.21 19:18:59 | 000,625,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.21 19:18:59 | 000,135,966 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.21 19:18:59 | 000,111,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.21 18:09:38 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.01.21 08:38:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 18:51:09 | 000,344,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.18 18:48:29 | 000,000,000 | ---- | M] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:05:02 | 000,365,568 | ---- | M] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:54 | 000,050,477 | ---- | M] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 13:03:08 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2013.01.18 13:03:01 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\71243AA61A.sys [2013.01.18 09:07:38 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:20:42 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.18 07:20:39 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.18 07:20:39 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.18 07:20:38 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.18 07:20:37 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.18 07:20:37 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.04 16:17:57 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.01.23 20:50:58 | 000,574,315 | ---- | C] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 13:22:43 | 000,011,264 | -H-- | C] () -- C:\Users\mkoch\photothumb.db [2013.01.21 19:10:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.21 19:10:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.21 19:10:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.21 19:10:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.21 19:10:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.18 18:48:29 | 000,000,000 | ---- | C] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:04:58 | 000,365,568 | ---- | C] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:53 | 000,050,477 | ---- | C] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 14:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 09:07:38 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:25:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.01.04 16:17:57 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.30 20:25:46 | 000,118,877 | ---- | C] () -- C:\Users\mkoch\Feuerwerk.jpg [2011.05.30 20:25:46 | 000,025,487 | ---- | C] () -- C:\Users\mkoch\JBJ Logo.jpg [2010.08.28 18:30:10 | 000,005,632 | ---- | C] () -- C:\Users\mkoch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.09 23:47:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
26.01.2013, 21:08
| #30 |
| | Virus tr/psw.zbot und die Logdatei von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 26.01.2013 20:51:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkoch\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,90% Memory free 7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 221,09 Gb Free Space | 77,23% Space Free | Partition Type: NTFS Computer Name: MKOCH-PC | User Name: mkoch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.23 20:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 18:52:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.09.24 23:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.09.11 06:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.04 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007.12.27 15:39:28 | 000,706,056 | ---- | M] (IVT Corporation.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe PRC - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007.08.06 17:58:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsVistaCommon.dll ========== Services (SafeList) ========== SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 06:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.03.28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.09 11:55:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 11:55:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.04.09 03:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010.02.26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.21 22:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.05 01:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.07 02:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv) DRV:64bit: - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb2/ie_startpage IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{15FCC159-3EDF-4443-9283-D110C0B80167}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{28817DD8-5F08-482A-84B5-D4F11B1ACE9C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{49ADBA36-5634-41F8-86E7-A78FD7480B05}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE361 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BD51410-BAF3-42A8-AC29-51A582DFA833}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{A48FA5E8-3C16-44D0-B5A0-ACF7D661BED3}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{A56074C1-A7E3-42B5-B4CC-AF473E3CADCD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{D1FB190B-35DC-4586-B478-F23832F33BF2}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{E88F03F5-0D5E-4524-BBEF-0317FF0459FC}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\mkoch\Downloads\mp3 amazon\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: SiteAdvisor = C:\Users\mkoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ O1 HOSTS File: ([2013.01.23 20:39:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [pdfw] C:\Program Files (x86)\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110331053538 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab (Silverwire Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.26 20:41:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.26 20:41:28 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.26 20:34:16 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.23 20:43:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.23 20:41:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.23 20:22:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.23 20:18:16 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.22 19:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.21 19:10:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.21 19:10:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.21 19:10:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.21 19:10:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.21 19:10:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.21 08:37:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.01.18 14:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.18 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Roaming\Malwarebytes [2013.01.18 09:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.18 09:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.18 09:07:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.18 09:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.18 09:06:56 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Local\Programs [2013.01.18 08:14:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.01.18 08:14:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.18 08:14:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.01.18 08:14:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.01.18 08:14:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.01.18 08:14:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.01.18 08:14:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.01.18 08:14:32 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.01.18 08:14:32 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.01.18 08:14:32 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.01.18 08:14:32 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.01.18 08:14:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.01.18 08:14:32 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.01.18 08:14:32 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.01.18 08:14:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.01.18 08:14:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.01.18 08:14:32 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.01.18 08:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.01.18 08:14:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.01.18 08:14:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.01.18 08:14:31 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.01.18 08:14:31 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.01.18 08:14:31 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.01.18 08:14:30 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.01.18 08:08:24 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.01.18 08:08:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.01.18 08:08:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.01.18 08:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.18 07:21:16 | 000,960,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.18 07:21:14 | 001,081,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.18 07:21:14 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.18 07:21:00 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.18 07:20:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.18 07:20:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.18 07:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.09 10:38:09 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 10:38:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 10:37:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 10:37:35 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 10:37:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 10:37:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 10:37:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 10:37:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 10:37:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 10:37:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 10:37:19 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 10:37:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 10:37:19 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 10:37:18 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 10:37:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 10:37:18 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 10:37:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 10:37:18 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 10:37:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 10:37:17 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 10:37:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 10:37:16 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 10:37:16 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 10:37:16 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 10:37:15 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 10:37:15 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 10:37:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 10:37:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 10:37:10 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 10:37:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 10:37:09 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 10:37:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 10:37:09 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 10:37:09 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 10:36:08 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 10:36:05 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 10:36:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 10:36:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 10:36:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 10:36:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 10:36:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 10:36:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 10:36:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 10:36:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 10:36:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:35:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:35:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:35:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:35:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:35:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:35:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:35:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:35:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:35:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:35:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:35:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:35:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:35:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:35:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:35:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:35:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 10:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 10:35:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:35:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:35:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 10:34:55 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.04 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.04 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2009.10.29 06:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.26 20:34:16 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.26 20:17:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.26 19:54:15 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.26 19:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 17:33:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 17:33:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 17:25:51 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 20:52:33 | 431,819,840 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.23 20:50:58 | 000,574,315 | ---- | M] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 20:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.23 20:22:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.23 20:18:37 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.23 13:22:44 | 000,011,264 | -H-- | M] () -- C:\Users\mkoch\photothumb.db [2013.01.21 19:18:59 | 001,526,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.21 19:18:59 | 000,665,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.21 19:18:59 | 000,625,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.21 19:18:59 | 000,135,966 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.21 19:18:59 | 000,111,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.21 18:09:38 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.01.21 08:38:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 18:51:09 | 000,344,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.18 18:48:29 | 000,000,000 | ---- | M] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:05:02 | 000,365,568 | ---- | M] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:54 | 000,050,477 | ---- | M] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 13:03:08 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2013.01.18 13:03:01 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\71243AA61A.sys [2013.01.18 09:07:38 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:20:42 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.18 07:20:39 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.18 07:20:39 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.18 07:20:38 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.18 07:20:37 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.18 07:20:37 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.04 16:17:57 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.01.23 20:50:58 | 000,574,315 | ---- | C] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 13:22:43 | 000,011,264 | -H-- | C] () -- C:\Users\mkoch\photothumb.db [2013.01.21 19:10:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.21 19:10:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.21 19:10:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.21 19:10:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.21 19:10:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.18 18:48:29 | 000,000,000 | ---- | C] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:04:58 | 000,365,568 | ---- | C] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:53 | 000,050,477 | ---- | C] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 14:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 09:07:38 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:25:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.01.04 16:17:57 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.30 20:25:46 | 000,118,877 | ---- | C] () -- C:\Users\mkoch\Feuerwerk.jpg [2011.05.30 20:25:46 | 000,025,487 | ---- | C] () -- C:\Users\mkoch\JBJ Logo.jpg [2010.08.28 18:30:10 | 000,005,632 | ---- | C] () -- C:\Users\mkoch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.09 23:47:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.01.2013 20:51:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkoch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,90% Memory free
7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 221,09 Gb Free Space | 77,23% Space Free | Partition Type: NTFS
Computer Name: MKOCH-PC | User Name: mkoch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020CA88D-9366-4BE6-BC43-A4D88836A124}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{071BDE7E-AEDE-4217-A67E-9AC977035184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A9273C8-75DD-4D7D-85B5-1187320BF5B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{16F4FC66-BE02-491C-B210-C830E770DD7C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18A55730-A57C-4545-B5A4-8100400CE696}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{301426C6-3F8E-4D5D-807A-2249BDD41406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5F05C2A7-65D8-4F72-8E67-FA1C75941D45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61E82F61-51F1-4145-8037-0E975B00E2F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65170383-8D46-4347-8CC3-744D46F28CF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BCBCCFB-9A40-4677-9EFA-FAD4FF03C358}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DF3025D-F93E-4EA3-A8C5-254F412B32B2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{708D2F55-0295-44D1-84FE-6087C60495EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{770632D2-7F02-47CD-9076-67C9D95F142B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A9D9743-AB02-4880-AF99-0691E94B12D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{82363030-F6D3-42B0-ADFA-193212E192AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DB5C7AA-3499-4565-97E4-A846E8F216F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{920C4A45-8FE1-4250-B8A0-F636D58180AF}" = lport=445 | protocol=6 | dir=in | app=system |
"{942477EF-3C5E-4398-9D88-4A6E618C1E76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9875A7A9-7458-4BF3-B4C9-46B9AE151A6F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9A132F01-A1DC-401B-B201-009F320178B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AC923FFE-3228-437E-83D7-38ED0B8FA380}" = lport=137 | protocol=17 | dir=in | app=system |
"{B16CAAB1-6852-4BB1-A7D8-CAB5DD9F23EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{B8394AF8-07F6-44ED-87D1-4D561627824F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B97EE2F2-5371-43FE-AD4D-EBBF41F81144}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9A0DE0B-F857-4FB1-8DE7-104507AA85B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9B4FFE9-9F2E-48D8-A540-BFE3A3605E35}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCB1C972-26F3-473F-BEB4-BCC08207873F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF155487-9E50-4B65-8185-B32714A12A63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D238A045-D74D-426B-9253-85E068F4F602}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3496686-9EE9-4E41-9BC3-99C9B3BA4E58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5B6EF58-4CF2-4188-9FC8-3D665CC0EA04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E26F252C-5384-4EFC-85CB-874C283C57F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E4E6994C-A57B-41FA-B4DB-4704166C0486}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FEEE597B-2892-418A-88BF-6DA26E28198A}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AD2A96-4541-4465-8D32-69790A344C81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0501BB2E-2C19-46C8-B0CF-8470B89EFAC5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0584C4F0-F225-4D4C-9E47-0253EFDA52EA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{0E975C4E-8E7E-4C20-9616-02E6CB7049BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1AC8F520-B671-4E72-9DCB-190BD67E5EB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21794B7D-038C-46C3-ABB2-BA02D7D5331A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{262F3DB1-DD96-46DE-A379-D9AFBFBC1A91}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{28DDF543-13EF-41E0-A32E-41281EEFB54F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{2987A766-DB8A-468D-AD1B-7976EF3A95F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3012C319-ECD0-4C0B-AB31-A8B781561C4B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{33FC555F-3A5B-4414-B722-8C2395B64A34}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{36E93C59-F066-4AC9-B7F6-CC6044228057}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3AA9A69F-04A5-4E28-89DA-73D3A3458999}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{3DC7FB56-B488-4F98-AFBE-814A638EB90A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{4398D0FF-21AC-434F-8DDB-50B83E16EA5C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{480B4AFC-18EB-4462-9C3A-94F7A5F4A6A7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{48347501-1B8B-43F9-A010-464C78504F17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F328FD7-E256-4A1B-8ABA-1047160D702B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53456332-4964-43EC-8307-069328BC6887}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A95BCFF-1744-4B67-B8EF-3EEC1D8B0272}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AA84B9B-BF0F-48C9-8C0B-1FEA2B0B0CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C3B4BBD-ACBE-4010-8D9C-134B715DAB91}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6EF5EC7A-6034-42DB-93DC-A63552A93E10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{700C21BA-1620-4BB6-BA2F-DFFBF4D5E606}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{79E2BF8A-D706-4A73-900A-AB6F4BB95FFB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{7EF6DDE6-77A2-4B3B-90C5-9C75CE96B4DA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8883D834-FBEF-4EBC-A091-A8F22B6E1AA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8B71138D-91B7-46CD-9BFF-7D17081249C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BB0F289-4E49-4C7A-9093-EAE66D1A8ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{930522DC-B7A3-4CFC-B819-DFBDE3B42BDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95214513-625B-4CEF-B281-AA877552BDA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{95C033D6-8069-4F50-A0C1-D42DAC1D7F58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95F8B620-7929-4A94-BC64-A41058EEEB58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96FE2810-0D4A-442C-81C3-8F9B51930EBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{9780593E-9256-428F-8F4B-C60D297A4473}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{99C43A23-07B0-4299-841B-9448C679DEFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9D0FE3F1-369A-433B-A06E-6C0DAAF92F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{9EF7BF00-F17C-4A41-928B-6B88F1445839}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A9E9FD57-4AF8-4CF2-A090-61202B4274FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA2C3E5B-306C-4C84-A2FD-467E2D12EB28}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{B91F6F34-1B22-40E2-B303-17CC235A4DF8}" = protocol=6 | dir=out | app=system |
"{BA2CF5F9-1E5F-43CD-9B31-C5B87E9506D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{C1E41170-94BE-499B-9D83-35AAD86467F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C90A8F14-4D9B-48C6-A366-D0C257C65B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CFA5327C-AB20-4EA5-A4F7-6DBF16F30BBF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D3056ADC-8A74-42FA-B989-01604C6ABFA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D44B1660-1054-4F94-B4A6-92F0CC1C08FC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E21B1C58-E3F8-41F9-AFE5-674826247040}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E4CABF64-C1F8-4908-B567-DA3042D04916}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7F6AAB3-81F4-45E9-9B7F-EF0CEA58A522}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E8D74535-BEC8-4AF4-85F3-5A72B8C3DA6F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F26966DB-3317-4B51-84E0-632818D62E82}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{F7D2772F-0B81-426F-8578-141D6C46D434}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F8CFC1ED-BEB1-4035-A421-E812D6A78C9F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{777afb2a-98e5-4f14-b455-378a925cae15}.sdb" = CVE-2012-4969
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{E11448F2-0B44-4239-B04E-D88FE743E929}" = HP Officejet J4500 Series
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5E9B69BA-1CE0-4619-953D-9B54082CDB01}" = Bob der Baumeister - Abenteuer auf der Ritterburg
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8F85CC2C-4B26-4CF6-B835-DC59BCEDD287}" = Bluesoleil2.7.0.13 VoIP Release 071227
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FCA7E3C4-6B33-4DFB-3775-5435BF871B76}" = Fotobuchexpress24 Bestellsoftware
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Upgrade
"Fotobuchexpress24" = Fotobuchexpress24 Bestellsoftware
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Nokia PC Suite" = Nokia PC Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PDF Writer Pro_is1" = PDF Writer Pro v2.0
"PhotoScape" = PhotoScape
"Ravensburger tiptoi" = Ravensburger tiptoi
"Schlaumäuse 2_is1" = Schlaumäuse 2
"STANDARD" = Microsoft Office Standard 2007
"TeamViewer 5" = TeamViewer 5
"VueScan" = VueScan
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"QUICKMEDIACONVERTER" = QMC
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 24.01.2010 11:05:41 | Computer Name = mkoch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 896
seconds with 840 seconds of active time. This session ended with a crash.
Error - 28.06.2011 15:46:51 | Computer Name = mkoch-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9561
seconds with 3000 seconds of active time. This session ended with a crash.
< End of report >
Danke im voraus für Deine Antwort hierzu! |
|
| Themen zu Virus tr/psw.zbot |
| administrator, aktion, appdata, autostart, dateien, explorer, folge, folgende, hallo zusammen, hilfe!, infizierte, laptop, logdatei, malwarebytes, microsoft, registrierung, roaming, service, software, speicher, temp, version, virus, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
