| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Blabbers wie krieg ich die wieder weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2013, 20:54
| #1 |
 |  PUP.Blabbers wie krieg ich die wieder weg? Hallo, Ich habe gerade Malwarebytes durchlaufen lassen, sa mein PC in letzter Zeit immer langsamer wurde und oft auch gar nichts mehr geht. Jetzt hat Malwarebytes 295(!) von dieses PUP.Blabbers gefunden. Wie gehe ich jetzt weiter vor, damit mein PC wieder zu benutzen ist? Kann ich diese Funde in Malwarebytes löschen? Danke schon mal für Eure Hilfe! Simone |
|
05.02.2013, 20:55
| #2 |
| /// Malware-holic   | PUP.Blabbers wie krieg ich die wieder weg? hi
__________________und wie sollen wir das ohne das Log sagen können? poste es bitte.bDownloade Dir bitte  SecurityCheck und:
__________________ |
|
05.02.2013, 21:02
| #3 |
| | PUP.Blabbers wie krieg ich die wieder weg? Hallo,
__________________Hier das Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 29 Java version out of Date! Adobe Reader 10.1.1 Adobe Reader out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ich psite es einfach mal: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 WIR :: WIR-PC [Administrator] 05.02.2013 17:28:07 MBAM-log-2013-02-05 (20-55-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377607 Laufzeit: 1 Stunde(n), 8 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 2792 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 1 C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 -> Keine Aktion durchgeführt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 261 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. D:\Software\Utilities\Verschiedenes\XP ProductKey Modifier\XPPID.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll_1 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\_witmain.cpp.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\_witmain.pp.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\01e5db4d4b4e067ef2417404c7741115 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\01e5db4d4b4e067ef2417404c7741115_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0227dd5d240c9bdfb9504999e66c665b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0af375fcffab7d37df1ea0e448aff192 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0af375fcffab7d37df1ea0e448aff192_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0bb66476c57d47d5a6fb7e7674377c0d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\13808e2149b7a948abf57b06dd97f16b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\13808e2149b7a948abf57b06dd97f16b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1686fadd1b4f575179b9f93757c9c6d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1686fadd1b4f575179b9f93757c9c6d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1888d8e98c9dc2ae7dfa2677efea4edd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1888d8e98c9dc2ae7dfa2677efea4edd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1bfebeb0d3530b7c1e4194cbd22743ec (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1bfebeb0d3530b7c1e4194cbd22743ec_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1cae717a609d46190f77658ee7768d03 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\1cae717a609d46190f77658ee7768d03_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\24aabe24d9b7b4a445fe1ddff60ce74d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\24aabe24d9b7b4a445fe1ddff60ce74d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2800659db32f1a307bd9575f27a4bce9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2800659db32f1a307bd9575f27a4bce9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2c53d289972e69e7e81577c21fdd593b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2c53d289972e69e7e81577c21fdd593b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2e74403c227112bec523796d5a77d77e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2f69b14b68c25849cfb7abc31c5355f8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\2f69b14b68c25849cfb7abc31c5355f8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\3518e1eac042730aa1274618984462b3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\35bc820f27a981cc5db99b3b97ebcb24 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\35bc820f27a981cc5db99b3b97ebcb24_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\3ee6bbef623a0ac7077352d3a4953dd7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\3ee6bbef623a0ac7077352d3a4953dd7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\409dc4ca65bcc01439d855c7dd3360ea (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\409dc4ca65bcc01439d855c7dd3360ea_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4870f5baa646c6a601303fa8f1dad6ef (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4870f5baa646c6a601303fa8f1dad6ef_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4e1f5bc3cf4d4cff865bc2f26c270c53 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4e1f5bc3cf4d4cff865bc2f26c270c53_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4ee61aeb9faeedf9f688a467a779ea96 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\4ee61aeb9faeedf9f688a467a779ea96_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5361a592cbd0f69e4645830efeb2a9b5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5361a592cbd0f69e4645830efeb2a9b5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5417125bc3e532bbf6507d4c7d8ac7b0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5417125bc3e532bbf6507d4c7d8ac7b0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5a8686d61969b81997733c782fc226cf (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5a8686d61969b81997733c782fc226cf_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5afd186821c104bb1ddfd631d24d3628 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5afd186821c104bb1ddfd631d24d3628_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5ca5ffe2603a99ace62c065864be6728 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5ca5ffe2603a99ace62c065864be6728_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5cf5c89adb02c4d2b8ae8a8592362a87 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5cf5c89adb02c4d2b8ae8a8592362a87_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5ed19da221283f299333684825c61a6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\5ed19da221283f299333684825c61a6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\608fb1265439dbf7f648e04f0f11d4c1 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\608fb1265439dbf7f648e04f0f11d4c1_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6709da0fd850a3b74e07212f9938cd4d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6709da0fd850a3b74e07212f9938cd4d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6ec48b20535846ff590b62580e8b9ea2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6ec48b20535846ff590b62580e8b9ea2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\768412a1c6e2f386bd41b5670d561fc4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\768412a1c6e2f386bd41b5670d561fc4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7afc04f75c99af49b833d06743e69768 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7afc04f75c99af49b833d06743e69768_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7fefdfaaf4bc1e4837db7a96a26ae049 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\7fefdfaaf4bc1e4837db7a96a26ae049_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\83ed2d62b3629381be4ff461166e8480 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\83ed2d62b3629381be4ff461166e8480_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\851bcd2d947640fb66c87aac19054c32 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\851bcd2d947640fb66c87aac19054c32_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\87b21290866cab00a1fea6ecf40c1918 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\87b21290866cab00a1fea6ecf40c1918_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8a9418c23c13a5a04c34bec8df5352c8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8a9418c23c13a5a04c34bec8df5352c8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8e53838b8e5404d1f83fe16da0604cd4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8e53838b8e5404d1f83fe16da0604cd4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\955571742befe31f5193475438c5602f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\955571742befe31f5193475438c5602f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9dc8414e1b352cbe0663cc5f2b2490fb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\9dc8414e1b352cbe0663cc5f2b2490fb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a35ec2adf572a908b47081c94acefc6d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a35ec2adf572a908b47081c94acefc6d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a8a343343214e3bf77738556fb7c69be (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a8a343343214e3bf77738556fb7c69be_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\acf1266707f20bbb676d16ae40f3f12d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\acf1266707f20bbb676d16ae40f3f12d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\adbb013efd3fd71cf048206629fae313_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\adf275b6644b3fcac86a14ffe551dede_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b55bb7cf0b4c7e743365a3c632e79c78 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b55bb7cf0b4c7e743365a3c632e79c78_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b5998def1a24dd8b55b679b6a5e92234 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b5998def1a24dd8b55b679b6a5e92234_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b5bc7084382de95cb69790e5d10db338_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b8982ae699decd88b1ec7f7730e3367e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b8982ae699decd88b1ec7f7730e3367e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\c4a4e7d52f3f8044d9a639a16862ea54 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\c4a4e7d52f3f8044d9a639a16862ea54_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d5baae4ef839769f8eb7e9f9d82d8a40_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d5e226dedbaa2022242a0f93bbaeb539 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d5e226dedbaa2022242a0f93bbaeb539_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d61cdfce7e564c2af9695c5b4da97f80 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d61cdfce7e564c2af9695c5b4da97f80_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d6867a63f98943c5d45ac3e1e96e45bb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d6867a63f98943c5d45ac3e1e96e45bb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d7fd4c823311adb7c06f796f25619285 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d7fd4c823311adb7c06f796f25619285_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d83bb387de1d7c4401815e133de06c6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d84ff45f890e8ec1c07167873bd5414d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d84ff45f890e8ec1c07167873bd5414d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\da4f49fc3bc961caeaae26d73d989c68 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\da4f49fc3bc961caeaae26d73d989c68_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\df4525cd4117d8ae1c7453b139759242_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e05508e03bf34762151d9d19fffe93df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e7215b147326809c45f6cf0952274624_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ed0c923c82a39debf5c71d22f5ef3dc7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ed0c923c82a39debf5c71d22f5ef3dc7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\eddbd1998fa83d8f20ee1a136a94b632 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\eddbd1998fa83d8f20ee1a136a94b632_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f60119d5f13ebd49341fa778dcf53bdb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f60119d5f13ebd49341fa778dcf53bdb_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f7c63b13407f14f24c0e3a83e0b48e5c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f7c63b13407f14f24c0e3a83e0b48e5c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f7d063f20a5874a655b5c650c8f266ec (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\f7d063f20a5874a655b5c650c8f266ec_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\WIR\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) |
|
05.02.2013, 21:07
| #4 |
| /// Malware-holic | PUP.Blabbers wie krieg ich die wieder weg? Hi, die Funde kannst du entfernen lassen. Neustarten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.02.2013, 21:54
| #5 |
| | PUP.Blabbers wie krieg ich die wieder weg? OTL: Code:
ATTFilter OTL logfile created on: 05.02.2013 21:22:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WIR\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,55 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 32,76% Memory free
2,00 Gb Paging File | 0,92 Gb Available in Paging File | 46,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 114,48 Gb Total Space | 59,98 Gb Free Space | 52,39% Space Free | Partition Type: NTFS
Drive D: | 140,48 Gb Total Space | 16,20 Gb Free Space | 11,53% Space Free | Partition Type: NTFS
Drive E: | 46,86 Gb Total Space | 14,47 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive F: | 46,42 Gb Total Space | 1,12 Gb Free Space | 2,42% Space Free | Partition Type: NTFS
Computer Name: WIR-PC | User Name: WIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.05 21:19:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\WIR\Downloads\OTL (1).exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.29 16:06:12 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.05.20 21:00:07 | 001,823,672 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.28 15:17:12 | 001,406,248 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.04.14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
========== Modules (No Company Name) ==========
MOD - [2009.06.17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2009.06.17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2009.06.17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
========== Services (SafeList) ==========
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.04.18 05:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.16 16:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.12.04 22:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.06.18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.09.18 11:54:48 | 000,016,640 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/webhp?sourcei [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.ebay.de/ws/eBayISAPI.dll?MyeBay
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B FB 70 68 F7 A6 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE458
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\WIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\WIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\WIR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [EPSON Stylus Photo R265 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C7974F7-9385-4768-AA7F-B1F7972C4572}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\base64 - No CLSID value found
O18 - Protocol\Handler\chrome - No CLSID value found
O18 - Protocol\Handler\prox - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.02.05 16:11:54 | 000,000,000 | ---D | C] -- C:\Users\WIR\AppData\Local\Programs
[2013.02.05 16:05:35 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013.02.05 16:05:34 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013.02.05 16:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.02.05 16:03:02 | 000,000,000 | ---D | C] -- C:\Users\WIR\AppData\Roaming\TuneUp Software
[2013.02.05 16:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013.02.05 15:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.02.05 15:56:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.02.05 15:56:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 10:01:03 | 000,000,000 | ---D | C] -- C:\Users\WIR\AppData\Roaming\Wargaming.net
[2013.01.28 20:19:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013.01.28 20:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
========== Files - Modified Within 30 Days ==========
[2013.02.05 21:22:48 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 21:22:48 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 21:15:22 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.05 21:14:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.05 21:14:47 | 804,167,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.05 20:41:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.05 17:20:59 | 165,198,441 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.05 16:12:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.05 16:05:21 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.02.05 16:05:20 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.01.28 20:19:32 | 000,000,589 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.01.27 10:57:14 | 000,007,609 | ---- | M] () -- C:\Users\WIR\AppData\Local\resmon.resmoncfg
[2013.01.25 11:26:44 | 000,000,124 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.01.19 22:15:32 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.19 22:15:32 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.19 22:15:32 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.19 22:15:32 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.12 03:28:27 | 000,295,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013.02.05 16:05:21 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.02.05 16:05:20 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.02.05 16:05:12 | 000,002,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.01.28 20:19:32 | 000,000,589 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2012.10.05 08:13:22 | 000,007,609 | ---- | C] () -- C:\Users\WIR\AppData\Local\resmon.resmoncfg
[2012.03.20 12:37:44 | 000,000,337 | ---- | C] () -- C:\Windows\System32\dext536.ini
[2012.03.20 12:37:42 | 000,002,132 | ---- | C] () -- C:\Windows\Ca536a.ini
[2012.01.31 09:04:29 | 000,000,000 | ---- | C] () -- C:\Users\WIR\AppData\Local\{36B956C6-F41F-48D3-856B-803B1847EEF8}
[2012.01.31 09:01:39 | 000,000,000 | ---- | C] () -- C:\Users\WIR\AppData\Local\{CA0069F1-3690-4B78-8339-685D963D1A23}
[2011.11.25 15:09:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.11.25 15:09:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.11.25 15:09:50 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.11.25 15:09:50 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.11.25 15:09:50 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.11.25 15:09:50 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.11.25 15:09:50 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.11.25 15:09:50 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.11.25 15:09:50 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.11.25 15:09:50 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.11.25 15:09:50 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.11.25 15:09:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.11.25 15:09:50 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.11.25 15:09:50 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.11.25 15:09:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.11.25 15:09:50 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.11.25 15:09:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.11.25 15:09:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.11.25 15:09:50 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.11.24 15:05:40 | 000,000,027 | ---- | C] () -- C:\Windows\CDE SPR265DEFGIPS.ini
[2011.11.19 21:51:46 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.03 15:08:46 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\Canneverbe Limited
[2012.05.26 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\FreeFLVConverter
[2011.12.07 14:43:57 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\OpenOffice.org
[2012.02.08 17:13:00 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\tunebite
[2013.02.05 16:03:02 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\TuneUp Software
[2013.01.29 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\WIR\AppData\Roaming\Wargaming.net
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.11.19 20:16:17 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.19 19:45:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.31 14:19:39 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.19 20:15:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.01.20 17:29:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.05 21:14:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.05 15:58:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.19 20:15:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.19 20:15:50 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.05 21:25:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.19 20:16:03 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.05 21:14:47 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.11.19 21:14:18 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 21:14:19 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: IASTORV.SYS >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2012.10.05 09:49:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\DriverDisk\RAID\2003IA32\viamraid.sys
[2012.10.05 09:49:38 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\DriverDisk\RAID\Win2000\viamraid.sys
[2012.10.05 09:49:39 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\DriverDisk\RAID\Winxp\viamraid.sys
[2012.10.05 09:49:44 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\VIARaid\driver\2003IA32\viamraid.sys
[2012.10.05 09:49:45 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\VIARaid\driver\Win2000\viamraid.sys
[2012.10.05 09:49:45 | 000,060,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=44056E9FEE477F512EE58BCFEE949621 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\VIARaid\driver\Winxp\viamraid.sys
[2012.10.05 09:49:39 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\DriverDisk\RAID\Winnt40\viamraid.sys
[2012.10.05 09:49:45 | 000,067,392 | ---- | M] (VIA Technologies inc,.ltd) MD5=813C738B09E80C4A4E0585FB95A2F897 -- C:\Users\WIR\Downloads\VIA_RAID_OM74\VIARAID_OM74\VIARaid\driver\Winnt40\viamraid.sys
< MD5 for: WINLOGON.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2013.02.05 21:41:10 | 002,883,584 | -HS- | M] () -- C:\Users\WIR\ntuser.dat
[2013.02.05 21:41:10 | 000,262,144 | -HS- | M] () -- C:\Users\WIR\ntuser.dat.LOG1
[2013.02.05 17:21:31 | 000,262,144 | -HS- | M] () -- C:\Users\WIR\ntuser.dat.LOG2
[2013.01.12 03:26:15 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{105387e4-5bc9-11e2-b905-001617eb2e4a}.TM.blf
[2013.01.12 03:26:15 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{105387e4-5bc9-11e2-b905-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2013.01.12 03:26:15 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{105387e4-5bc9-11e2-b905-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.10 17:53:14 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{10d8d375-9abc-11e1-9a5a-001617eb2e4a}.TM.blf
[2012.05.10 17:53:14 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{10d8d375-9abc-11e1-9a5a-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.10 17:53:14 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{10d8d375-9abc-11e1-9a5a-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.06.04 10:04:54 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{125f4f61-aaee-11e1-939a-001617eb2e4a}.TM.blf
[2012.06.04 10:04:54 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{125f4f61-aaee-11e1-939a-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.06.04 10:04:54 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{125f4f61-aaee-11e1-939a-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.08.01 07:57:30 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{1e2ac8e1-dba6-11e1-822f-001617eb2e4a}.TM.blf
[2012.08.01 07:57:30 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{1e2ac8e1-dba6-11e1-822f-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.08.01 07:57:30 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{1e2ac8e1-dba6-11e1-822f-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.08 15:29:18 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{27472962-991a-11e1-9e5d-001617eb2e4a}.TM.blf
[2012.05.08 15:29:18 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{27472962-991a-11e1-9e5d-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.08 15:29:18 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{27472962-991a-11e1-9e5d-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 21:58:33 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{2aa57ee1-aa9a-11e1-996a-001617eb2e4a}.TM.blf
[2012.05.30 21:58:33 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{2aa57ee1-aa9a-11e1-996a-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 21:58:33 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{2aa57ee1-aa9a-11e1-996a-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2013.02.05 15:16:08 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{325d453e-6f9a-11e2-8200-001617eb2e4a}.TM.blf
[2013.02.05 15:16:08 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{325d453e-6f9a-11e2-8200-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2013.02.05 15:16:08 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{325d453e-6f9a-11e2-8200-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.04.13 08:28:14 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{350da9e5-8455-11e1-bd14-001617eb2e4a}.TM.blf
[2012.04.13 08:28:14 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{350da9e5-8455-11e1-bd14-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.04.13 08:28:14 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{350da9e5-8455-11e1-bd14-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.04.30 11:07:59 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{357a8765-9088-11e1-a547-001617eb2e4a}.TM.blf
[2012.04.30 11:07:59 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{357a8765-9088-11e1-a547-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.04.30 11:07:59 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{357a8765-9088-11e1-a547-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.17 13:17:33 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ca70c61-a01a-11e1-88d2-001617eb2e4a}.TM.blf
[2012.05.17 13:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ca70c61-a01a-11e1-88d2-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.17 13:17:34 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ca70c61-a01a-11e1-88d2-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.01.20 19:19:24 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ddd6ae1-4393-11e1-9fdd-001617eb2e4a}.TM.blf
[2012.01.20 19:19:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ddd6ae1-4393-11e1-9fdd-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.01.20 19:19:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{3ddd6ae1-4393-11e1-9fdd-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 14:13:55 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{421047e1-aa59-11e1-8f6c-001617eb2e4a}.TM.blf
[2012.05.30 14:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{421047e1-aa59-11e1-8f6c-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 14:13:55 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{421047e1-aa59-11e1-8f6c-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.07.31 09:39:55 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{430e35e5-daeb-11e1-a535-001617eb2e4a}.TM.blf
[2012.07.31 09:39:55 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{430e35e5-daeb-11e1-a535-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.07.31 09:39:55 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{430e35e5-daeb-11e1-a535-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.17 09:35:55 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{4705dde1-9ffb-11e1-bd5d-001617eb2e4a}.TM.blf
[2012.05.17 09:35:55 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{4705dde1-9ffb-11e1-bd5d-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.17 09:35:56 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{4705dde1-9ffb-11e1-bd5d-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.06.15 02:28:25 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{639427e1-b55f-11e1-ad3f-001617eb2e4a}.TM.blf
[2012.06.15 02:28:25 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{639427e1-b55f-11e1-ad3f-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.06.15 02:28:25 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{639427e1-b55f-11e1-ad3f-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2011.11.19 20:19:20 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.11.19 20:19:20 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.11.19 20:19:20 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.08.11 10:19:18 | 001,048,576 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511560-dbc5-11e1-b738-001617eb2e4a}.TxR.0.regtrans-ms
[2012.08.11 10:19:18 | 001,048,576 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511560-dbc5-11e1-b738-001617eb2e4a}.TxR.1.regtrans-ms
[2012.08.11 10:19:18 | 001,048,576 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511560-dbc5-11e1-b738-001617eb2e4a}.TxR.2.regtrans-ms
[2012.08.11 10:19:18 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511560-dbc5-11e1-b738-001617eb2e4a}.TxR.blf
[2012.08.01 11:41:59 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511561-dbc5-11e1-b738-001617eb2e4a}.TM.blf
[2012.08.01 11:41:59 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511561-dbc5-11e1-b738-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.08.01 11:41:59 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7a511561-dbc5-11e1-b738-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 14:08:21 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7b948361-aa58-11e1-a962-001617eb2e4a}.TM.blf
[2012.05.30 14:08:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7b948361-aa58-11e1-a962-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 14:08:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{7b948361-aa58-11e1-a962-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 22:44:03 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{837815e1-aaa0-11e1-a0e8-001617eb2e4a}.TM.blf
[2012.05.30 22:44:04 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{837815e1-aaa0-11e1-a0e8-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 22:44:04 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{837815e1-aaa0-11e1-a0e8-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.07.25 22:32:00 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{911ec765-d61b-11e1-b88b-001617eb2e4a}.TM.blf
[2012.07.25 22:32:00 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{911ec765-d61b-11e1-b88b-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.07.25 22:32:00 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{911ec765-d61b-11e1-b88b-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 14:24:53 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{ca431ce1-aa5a-11e1-ad3f-001617eb2e4a}.TM.blf
[2012.05.30 14:24:53 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{ca431ce1-aa5a-11e1-ad3f-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 14:24:53 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{ca431ce1-aa5a-11e1-ad3f-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.08.15 06:28:05 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{f2c1d6e1-e699-11e1-9f85-001617eb2e4a}.TM.blf
[2012.08.15 06:28:06 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{f2c1d6e1-e699-11e1-9f85-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.08.15 06:28:06 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{f2c1d6e1-e699-11e1-9f85-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.30 14:47:48 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fa3fef61-aa5d-11e1-bef6-001617eb2e4a}.TM.blf
[2012.05.30 14:47:48 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fa3fef61-aa5d-11e1-bef6-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.30 14:47:48 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fa3fef61-aa5d-11e1-bef6-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2012.05.07 12:44:58 | 000,065,536 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fbed0d62-9839-11e1-95ee-001617eb2e4a}.TM.blf
[2012.05.07 12:44:58 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fbed0d62-9839-11e1-95ee-001617eb2e4a}.TMContainer00000000000000000001.regtrans-ms
[2012.05.07 12:44:58 | 000,524,288 | -HS- | M] () -- C:\Users\WIR\ntuser.dat{fbed0d62-9839-11e1-95ee-001617eb2e4a}.TMContainer00000000000000000002.regtrans-ms
[2011.11.19 20:16:06 | 000,000,020 | -HS- | M] () -- C:\Users\WIR\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 21:22:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WIR\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,55 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 32,76% Memory free
2,00 Gb Paging File | 0,92 Gb Available in Paging File | 46,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 114,48 Gb Total Space | 59,98 Gb Free Space | 52,39% Space Free | Partition Type: NTFS
Drive D: | 140,48 Gb Total Space | 16,20 Gb Free Space | 11,53% Space Free | Partition Type: NTFS
Drive E: | 46,86 Gb Total Space | 14,47 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive F: | 46,42 Gb Total Space | 1,12 Gb Free Space | 2,42% Space Free | Partition Type: NTFS
Computer Name: WIR-PC | User Name: WIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EAA6DB-81D3-42A8-87D6-5D0E2263D361}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2683F64A-8C83-4621-8FFF-F55FCD60BEE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CCA5CB3-1CE7-4035-9D18-8D0FFAB04EFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E1DE7AD-5823-4D9B-88F4-B2558198557D}" = lport=137 | protocol=17 | dir=in | app=system |
"{374B3A7F-E8B7-4331-836E-B2F65FEE0CDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40950422-09B7-4D24-B104-43DAAEB96E52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FF4097D-825F-4E21-AB31-7D5775170ED1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{572B007B-A453-4ADB-BEDB-69000A3BC0C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B0C7C82-15F2-442A-954E-E90E9589A102}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F5939D5-D047-4275-8CAB-AB37D71107AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BFBE6A6-6696-4DEA-943C-A066FFB86ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EA6FD56-065F-4FE7-B09E-2F44986479F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D4CFDA6-9B83-4981-AC04-3DD81873CA3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD21BC2C-B392-4098-B1B2-901FBE0913ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B2C09681-1B9A-478B-8118-1A1B20B249B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCEEF8B2-3343-420F-9E33-C45E3C809B68}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CC3AF018-8885-429B-9B4A-A57EC9575364}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D664E9A5-B316-4B48-BF7E-B314BB27F6D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDD575F4-F756-49C2-B5F0-50AE7BB7BD8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F399B224-53CC-4114-8A33-4F98D02D61F4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F887D82E-3EFE-4F15-81BB-6435E719F46D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8B3E63B-5414-4517-9BDA-BA23989B8A3B}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCB2FBDF-C579-4DCD-88AA-1B6CB74EC8C0}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9C9317-8783-498E-9CA5-99DA68790E19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11FFB97B-0817-4CCD-B6BC-7C3B27F01D49}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{17F49B1F-EA8F-4E8D-83AE-448642D61C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D05FB28-5E27-4C43-86CF-A5F885F6A143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{20A6F95A-2FA4-44C6-ACCD-F895B749F0B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BEA5529-2C69-45EE-AA82-44106CBD0DBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FCE48F-5A8C-4BFB-A23A-245E3977A2CC}" = protocol=6 | dir=out | app=system |
"{548184A2-F5C0-49B2-8B1A-D76AB1A9C1B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71F33553-922F-4D73-AB8A-720D2D190575}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78645214-CC99-44BC-B260-26622F6550CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{87AF61A0-8410-469E-822C-B6502F219D17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D3095E5-AE78-4DD9-8C84-089F99545E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5F48C4A-0B56-4D05-9702-69AD3CC67CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7AE362-5FAB-48B7-8497-51FF0CD24CB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6FFA73A-70F1-4385-ACBB-0BFAD013F609}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D61685CA-E5CF-45D3-90AA-2093F30F163B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E74AD35A-BC1E-4809-AEAC-F0617784F46A}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E7AEE396-BE9E-47C9-B40C-30BC98A0E468}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{891A44B1-C0DE-4F97-9C4A-FE3C6E4F9AB1}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
"TCP Query User{908456CE-62AC-494A-9C7A-AD330D3FE171}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"TCP Query User{AB56FFF2-C001-408A-AE69-920D8A1B1944}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe |
"TCP Query User{BE4BC0E7-4206-4AED-A32A-9DBDC0570E8E}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{19CF5C6C-2C6F-47E7-A4E9-80E096D5D0CF}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"UDP Query User{6111C686-5465-4D33-9B42-DEB0200DE3B8}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{8DE13B3B-D93C-4DFF-A576-8C4AC14403E2}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{FA62DD0B-764D-48D8-82E7-34492F0A11DA}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{703C8D0C-CF2D-4EA7-9A1C-D3A0936B3BAB}" = DV 5100M Driver
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESPR265_270 Benutzerhandbuch" = ESPR265_270 Benutzerhandbuch
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Google Chrome" = Google Chrome
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Searchqu Toolbar" = Windows Searchqu Toolbar
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"x3_Codec" = x3_Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2013 08:23:30 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.02.2013 14:03:08 | Computer Name = WIR-PC | Source = Windows Backup | ID = 4104
Description =
Error - 01.02.2013 19:33:19 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 02.02.2013 02:47:37 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 8dc Startzeit: 01ce00b7506336aa Endzeit: 1860 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.02.2013 05:09:46 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: bac Startzeit: 01ce011131ece642 Endzeit: 9675 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.02.2013 19:34:11 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 03.02.2013 08:28:08 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 818 Startzeit: 01ce01a97705d5d8 Endzeit: 1320 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 04.02.2013 02:43:38 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 05.02.2013 09:10:02 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm cdbxpp.exe, Version 4.4.0.3018 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit:
01ce039484230d33 Endzeit: 60000 Anwendungspfad: C:\Program Files\CDBurnerXP\cdbxpp.exe
Berichts-ID:
Error - 05.02.2013 11:45:46 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 05.02.2013 12:19:52 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:54 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:55 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:57 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:58 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:20:00 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:21:14 | Computer Name = WIR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?02.?2013 um 17:19:27 unerwartet heruntergefahren.
Error - 05.02.2013 12:21:17 | Computer Name = WIR-PC | Source = BugCheck | ID = 1001
Description =
Error - 05.02.2013 12:22:47 | Computer Name = WIR-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%32
Error - 05.02.2013 12:55:39 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 21:22:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\WIR\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,55 Mb Total Physical Memory | 335,00 Mb Available Physical Memory | 32,76% Memory free
2,00 Gb Paging File | 0,92 Gb Available in Paging File | 46,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 114,48 Gb Total Space | 59,98 Gb Free Space | 52,39% Space Free | Partition Type: NTFS
Drive D: | 140,48 Gb Total Space | 16,20 Gb Free Space | 11,53% Space Free | Partition Type: NTFS
Drive E: | 46,86 Gb Total Space | 14,47 Gb Free Space | 30,88% Space Free | Partition Type: NTFS
Drive F: | 46,42 Gb Total Space | 1,12 Gb Free Space | 2,42% Space Free | Partition Type: NTFS
Computer Name: WIR-PC | User Name: WIR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06EAA6DB-81D3-42A8-87D6-5D0E2263D361}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2683F64A-8C83-4621-8FFF-F55FCD60BEE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CCA5CB3-1CE7-4035-9D18-8D0FFAB04EFA}" = rport=138 | protocol=17 | dir=out | app=system |
"{2E1DE7AD-5823-4D9B-88F4-B2558198557D}" = lport=137 | protocol=17 | dir=in | app=system |
"{374B3A7F-E8B7-4331-836E-B2F65FEE0CDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40950422-09B7-4D24-B104-43DAAEB96E52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FF4097D-825F-4E21-AB31-7D5775170ED1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{572B007B-A453-4ADB-BEDB-69000A3BC0C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B0C7C82-15F2-442A-954E-E90E9589A102}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F5939D5-D047-4275-8CAB-AB37D71107AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8BFBE6A6-6696-4DEA-943C-A066FFB86ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EA6FD56-065F-4FE7-B09E-2F44986479F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9D4CFDA6-9B83-4981-AC04-3DD81873CA3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD21BC2C-B392-4098-B1B2-901FBE0913ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B2C09681-1B9A-478B-8118-1A1B20B249B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCEEF8B2-3343-420F-9E33-C45E3C809B68}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CC3AF018-8885-429B-9B4A-A57EC9575364}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D664E9A5-B316-4B48-BF7E-B314BB27F6D9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDD575F4-F756-49C2-B5F0-50AE7BB7BD8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F399B224-53CC-4114-8A33-4F98D02D61F4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F887D82E-3EFE-4F15-81BB-6435E719F46D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8B3E63B-5414-4517-9BDA-BA23989B8A3B}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCB2FBDF-C579-4DCD-88AA-1B6CB74EC8C0}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9C9317-8783-498E-9CA5-99DA68790E19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{11FFB97B-0817-4CCD-B6BC-7C3B27F01D49}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{17F49B1F-EA8F-4E8D-83AE-448642D61C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D05FB28-5E27-4C43-86CF-A5F885F6A143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{20A6F95A-2FA4-44C6-ACCD-F895B749F0B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4BEA5529-2C69-45EE-AA82-44106CBD0DBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FCE48F-5A8C-4BFB-A23A-245E3977A2CC}" = protocol=6 | dir=out | app=system |
"{548184A2-F5C0-49B2-8B1A-D76AB1A9C1B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71F33553-922F-4D73-AB8A-720D2D190575}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78645214-CC99-44BC-B260-26622F6550CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{87AF61A0-8410-469E-822C-B6502F219D17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D3095E5-AE78-4DD9-8C84-089F99545E59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5F48C4A-0B56-4D05-9702-69AD3CC67CBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7AE362-5FAB-48B7-8497-51FF0CD24CB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6FFA73A-70F1-4385-ACBB-0BFAD013F609}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D61685CA-E5CF-45D3-90AA-2093F30F163B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E74AD35A-BC1E-4809-AEAC-F0617784F46A}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E7AEE396-BE9E-47C9-B40C-30BC98A0E468}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{891A44B1-C0DE-4F97-9C4A-FE3C6E4F9AB1}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
"TCP Query User{908456CE-62AC-494A-9C7A-AD330D3FE171}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"TCP Query User{AB56FFF2-C001-408A-AE69-920D8A1B1944}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe |
"TCP Query User{BE4BC0E7-4206-4AED-A32A-9DBDC0570E8E}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{19CF5C6C-2C6F-47E7-A4E9-80E096D5D0CF}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"UDP Query User{6111C686-5465-4D33-9B42-DEB0200DE3B8}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{8DE13B3B-D93C-4DFF-A576-8C4AC14403E2}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe |
"UDP Query User{FA62DD0B-764D-48D8-82E7-34492F0A11DA}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{703C8D0C-CF2D-4EA7-9A1C-D3A0936B3BAB}" = DV 5100M Driver
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESPR265_270 Benutzerhandbuch" = ESPR265_270 Benutzerhandbuch
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Google Chrome" = Google Chrome
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Searchqu Toolbar" = Windows Searchqu Toolbar
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"x3_Codec" = x3_Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2013 08:23:30 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.02.2013 14:03:08 | Computer Name = WIR-PC | Source = Windows Backup | ID = 4104
Description =
Error - 01.02.2013 19:33:19 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 02.02.2013 02:47:37 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 8dc Startzeit: 01ce00b7506336aa Endzeit: 1860 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.02.2013 05:09:46 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: bac Startzeit: 01ce011131ece642 Endzeit: 9675 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 02.02.2013 19:34:11 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 03.02.2013 08:28:08 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 818 Startzeit: 01ce01a97705d5d8 Endzeit: 1320 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 04.02.2013 02:43:38 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 05.02.2013 09:10:02 | Computer Name = WIR-PC | Source = Application Hang | ID = 1002
Description = Programm cdbxpp.exe, Version 4.4.0.3018 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit:
01ce039484230d33 Endzeit: 60000 Anwendungspfad: C:\Program Files\CDBurnerXP\cdbxpp.exe
Berichts-ID:
Error - 05.02.2013 11:45:46 | Computer Name = WIR-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nero\Nero
10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST" in Zeile 3. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten
Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition: NFD,type="win32",version="5.0.0.0".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ System Events ]
Error - 05.02.2013 12:19:52 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:54 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:55 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:57 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:19:58 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:20:00 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 05.02.2013 12:21:14 | Computer Name = WIR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?02.?2013 um 17:19:27 unerwartet heruntergefahren.
Error - 05.02.2013 12:21:17 | Computer Name = WIR-PC | Source = BugCheck | ID = 1001
Description =
Error - 05.02.2013 12:22:47 | Computer Name = WIR-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht
gestartet: %%32
Error - 05.02.2013 12:55:39 | Computer Name = WIR-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
< End of report >
|
|
05.02.2013, 23:01
| #6 |
| /// Malware-holic | PUP.Blabbers wie krieg ich die wieder weg? da sind noch einige Toolbars. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> PUP.Blabbers wie krieg ich die wieder weg? |
|
06.02.2013, 19:55
| #7 |
| | PUP.Blabbers wie krieg ich die wieder weg? Hallo, hier das Log von tdssKiller: Code:
ATTFilter 19:51:11.0273 4084 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:51:11.0501 4084 ============================================================
19:51:11.0502 4084 Current date / time: 2013/02/06 19:51:11.0501
19:51:11.0502 4084 SystemInfo:
19:51:11.0502 4084
19:51:11.0502 4084 OS Version: 6.1.7600 ServicePack: 0.0
19:51:11.0502 4084 Product type: Workstation
19:51:11.0502 4084 ComputerName: WIR-PC
19:51:11.0502 4084 UserName: WIR
19:51:11.0502 4084 Windows directory: C:\Windows
19:51:11.0502 4084 System windows directory: C:\Windows
19:51:11.0502 4084 Processor architecture: Intel x86
19:51:11.0502 4084 Number of processors: 1
19:51:11.0502 4084 Page size: 0x1000
19:51:11.0502 4084 Boot type: Normal boot
19:51:11.0502 4084 ============================================================
19:51:22.0968 4084 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:23.0000 4084 Drive \Device\Harddisk1\DR1 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:51:23.0263 4084 ============================================================
19:51:23.0263 4084 \Device\Harddisk0\DR0:
19:51:23.0302 4084 MBR partitions:
19:51:23.0302 4084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE4F80E2
19:51:23.0302 4084 \Device\Harddisk1\DR1:
19:51:23.0319 4084 MBR partitions:
19:51:23.0320 4084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x118F3CE3
19:51:23.0342 4084 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x118F3D61, BlocksNum 0x5DB7966
19:51:23.0360 4084 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x176AB706, BlocksNum 0x5CD806D
19:51:23.0360 4084 ============================================================
19:51:23.0418 4084 C: <-> \Device\Harddisk0\DR0\Partition1
19:51:23.0450 4084 D: <-> \Device\Harddisk1\DR1\Partition1
19:51:23.0553 4084 E: <-> \Device\Harddisk1\DR1\Partition2
19:51:23.0625 4084 F: <-> \Device\Harddisk1\DR1\Partition3
19:51:23.0625 4084 ============================================================
19:51:23.0625 4084 Initialize success
19:51:23.0625 4084 ============================================================
19:51:50.0177 3704 ============================================================
19:51:50.0177 3704 Scan started
19:51:50.0177 3704 Mode: Manual; SigCheck; TDLFS;
19:51:50.0177 3704 ============================================================
19:51:51.0548 3704 ================ Scan system memory ========================
19:51:51.0549 3704 System memory - ok
19:51:51.0555 3704 ================ Scan services =============================
19:51:51.0787 3704 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:51:52.0109 3704 1394ohci - ok
19:51:52.0160 3704 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:51:52.0184 3704 ACPI - ok
19:51:52.0238 3704 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:51:52.0321 3704 AcpiPmi - ok
19:51:52.0419 3704 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:51:52.0435 3704 AdobeARMservice - ok
19:51:52.0507 3704 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:51:52.0541 3704 adp94xx - ok
19:51:52.0598 3704 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:51:52.0622 3704 adpahci - ok
19:51:52.0675 3704 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:51:52.0694 3704 adpu320 - ok
19:51:52.0740 3704 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:51:52.0823 3704 AeLookupSvc - ok
19:51:52.0883 3704 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
19:51:52.0958 3704 AFD - ok
19:51:53.0001 3704 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:51:53.0018 3704 agp440 - ok
19:51:53.0068 3704 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:51:53.0083 3704 aic78xx - ok
19:51:53.0316 3704 [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM C:\Windows\system32\drivers\RTKVAC.SYS
19:51:53.0609 3704 ALCXWDM - ok
19:51:53.0684 3704 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:51:53.0737 3704 ALG - ok
19:51:53.0789 3704 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:51:53.0808 3704 aliide - ok
19:51:53.0845 3704 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
19:51:53.0862 3704 amdagp - ok
19:51:53.0879 3704 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:51:53.0900 3704 amdide - ok
19:51:53.0954 3704 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:51:53.0998 3704 AmdK8 - ok
19:51:54.0042 3704 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:51:54.0073 3704 AmdPPM - ok
19:51:54.0136 3704 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:51:54.0151 3704 amdsata - ok
19:51:54.0213 3704 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:51:54.0247 3704 amdsbs - ok
19:51:54.0292 3704 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:51:54.0315 3704 amdxata - ok
19:51:54.0410 3704 [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
19:51:54.0438 3704 AnyDVD - ok
19:51:54.0476 3704 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
19:51:54.0626 3704 AppID - ok
19:51:54.0659 3704 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:51:54.0826 3704 AppIDSvc - ok
19:51:54.0891 3704 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
19:51:54.0962 3704 Appinfo - ok
19:51:55.0018 3704 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:51:55.0059 3704 arc - ok
19:51:55.0082 3704 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:51:55.0099 3704 arcsas - ok
19:51:55.0149 3704 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:51:55.0367 3704 AsyncMac - ok
19:51:55.0408 3704 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:51:55.0420 3704 atapi - ok
19:51:55.0594 3704 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:51:55.0684 3704 AudioEndpointBuilder - ok
19:51:55.0737 3704 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:51:55.0785 3704 Audiosrv - ok
19:51:55.0844 3704 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:51:55.0940 3704 AxInstSV - ok
19:51:55.0986 3704 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:51:56.0052 3704 b06bdrv - ok
19:51:56.0109 3704 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:51:56.0143 3704 b57nd60x - ok
19:51:56.0220 3704 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:51:56.0343 3704 BDESVC - ok
19:51:56.0456 3704 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:51:56.0557 3704 Beep - ok
19:51:56.0700 3704 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
19:51:56.0799 3704 BFE - ok
19:51:57.0145 3704 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
19:51:57.0337 3704 BITS - ok
19:51:57.0426 3704 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:51:57.0485 3704 blbdrive - ok
19:51:57.0529 3704 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:51:57.0583 3704 bowser - ok
19:51:57.0617 3704 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:51:57.0651 3704 BrFiltLo - ok
19:51:57.0700 3704 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:51:57.0750 3704 BrFiltUp - ok
19:51:57.0860 3704 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
19:51:57.0958 3704 Browser - ok
19:51:58.0129 3704 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:51:58.0252 3704 Brserid - ok
19:51:58.0306 3704 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:51:58.0453 3704 BrSerWdm - ok
19:51:58.0606 3704 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:51:58.0673 3704 BrUsbMdm - ok
19:51:58.0691 3704 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:51:58.0721 3704 BrUsbSer - ok
19:51:58.0761 3704 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:51:58.0809 3704 BTHMODEM - ok
19:51:58.0875 3704 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:51:58.0923 3704 bthserv - ok
19:51:58.0994 3704 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:51:59.0049 3704 cdfs - ok
19:51:59.0095 3704 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:51:59.0123 3704 cdrom - ok
19:51:59.0179 3704 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
19:51:59.0253 3704 CertPropSvc - ok
19:51:59.0303 3704 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:51:59.0338 3704 circlass - ok
19:51:59.0401 3704 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:51:59.0458 3704 CLFS - ok
19:51:59.0807 3704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:51:59.0879 3704 clr_optimization_v2.0.50727_32 - ok
19:51:59.0978 3704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:52:00.0068 3704 clr_optimization_v4.0.30319_32 - ok
19:52:00.0099 3704 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:52:00.0116 3704 CmBatt - ok
19:52:00.0150 3704 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:52:00.0166 3704 cmdide - ok
19:52:00.0367 3704 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
19:52:00.0445 3704 CNG - ok
19:52:00.0486 3704 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:52:00.0539 3704 Compbatt - ok
19:52:00.0626 3704 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:52:00.0678 3704 CompositeBus - ok
19:52:00.0735 3704 COMSysApp - ok
19:52:00.0778 3704 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:52:00.0816 3704 crcdisk - ok
19:52:00.0969 3704 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:52:01.0024 3704 CryptSvc - ok
19:52:01.0203 3704 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
19:52:01.0286 3704 DcomLaunch - ok
19:52:01.0401 3704 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:52:01.0483 3704 defragsvc - ok
19:52:01.0685 3704 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:52:01.0829 3704 DfsC - ok
19:52:02.0018 3704 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:52:02.0098 3704 Dhcp - ok
19:52:02.0195 3704 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:52:02.0261 3704 discache - ok
19:52:02.0443 3704 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:52:02.0479 3704 Disk - ok
19:52:02.0549 3704 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:52:02.0606 3704 Dnscache - ok
19:52:02.0704 3704 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
19:52:02.0778 3704 dot3svc - ok
19:52:02.0886 3704 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
19:52:02.0955 3704 DPS - ok
19:52:03.0073 3704 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:52:03.0154 3704 drmkaud - ok
19:52:03.0366 3704 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:52:03.0438 3704 DXGKrnl - ok
19:52:03.0503 3704 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:52:03.0544 3704 EapHost - ok
19:52:04.0080 3704 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:52:04.0276 3704 ebdrv - ok
19:52:04.0314 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
19:52:04.0420 3704 EFS - ok
19:52:04.0641 3704 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:52:04.0751 3704 ehRecvr - ok
19:52:04.0872 3704 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:52:04.0967 3704 ehSched - ok
19:52:05.0036 3704 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
19:52:05.0058 3704 ElbyCDFL - ok
19:52:05.0123 3704 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:52:05.0138 3704 ElbyCDIO - ok
19:52:05.0337 3704 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:52:05.0412 3704 elxstor - ok
19:52:05.0538 3704 [ CDCA791AFA0483F44BBA576DBFAFD04D ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
19:52:05.0601 3704 EPSON_PM_RPCV4_01 - ok
19:52:05.0643 3704 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:52:05.0685 3704 ErrDev - ok
19:52:05.0814 3704 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:52:05.0898 3704 EventSystem - ok
19:52:06.0115 3704 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:52:06.0184 3704 exfat - ok
19:52:06.0262 3704 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:52:06.0326 3704 fastfat - ok
19:52:06.0501 3704 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
19:52:06.0591 3704 Fax - ok
19:52:06.0655 3704 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:52:06.0709 3704 fdc - ok
19:52:06.0775 3704 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:52:06.0822 3704 fdPHost - ok
19:52:06.0906 3704 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:52:06.0985 3704 FDResPub - ok
19:52:07.0065 3704 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:52:07.0108 3704 FileInfo - ok
19:52:07.0146 3704 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:52:07.0188 3704 Filetrace - ok
19:52:07.0260 3704 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:52:07.0305 3704 flpydisk - ok
19:52:07.0363 3704 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:52:07.0390 3704 FltMgr - ok
19:52:07.0576 3704 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
19:52:07.0682 3704 FontCache - ok
19:52:08.0285 3704 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:52:08.0362 3704 FontCache3.0.0.0 - ok
19:52:08.0446 3704 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:52:08.0461 3704 FsDepends - ok
19:52:08.0559 3704 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:52:08.0597 3704 Fs_Rec - ok
19:52:08.0665 3704 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:52:08.0714 3704 fvevol - ok
19:52:08.0768 3704 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:52:08.0787 3704 gagp30kx - ok
19:52:08.0990 3704 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
19:52:09.0047 3704 gpsvc - ok
19:52:09.0159 3704 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:52:09.0178 3704 gupdate - ok
19:52:09.0202 3704 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:52:09.0218 3704 gupdatem - ok
19:52:09.0301 3704 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:52:09.0321 3704 gusvc - ok
19:52:09.0385 3704 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:52:09.0457 3704 hcw85cir - ok
19:52:09.0480 3704 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:52:09.0543 3704 HDAudBus - ok
19:52:09.0609 3704 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:52:09.0671 3704 HidBatt - ok
19:52:09.0709 3704 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:52:09.0762 3704 HidBth - ok
19:52:09.0842 3704 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:52:09.0904 3704 HidIr - ok
19:52:09.0982 3704 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:52:10.0026 3704 hidserv - ok
19:52:10.0083 3704 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:52:10.0107 3704 HidUsb - ok
19:52:10.0149 3704 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:52:10.0246 3704 hkmsvc - ok
19:52:10.0406 3704 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:52:10.0461 3704 HomeGroupListener - ok
19:52:10.0537 3704 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:52:10.0567 3704 HomeGroupProvider - ok
19:52:10.0621 3704 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:52:10.0647 3704 HpSAMD - ok
19:52:10.0741 3704 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:52:10.0842 3704 HTTP - ok
19:52:10.0910 3704 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:52:10.0923 3704 hwpolicy - ok
19:52:10.0979 3704 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:52:11.0001 3704 i8042prt - ok
19:52:11.0129 3704 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:52:11.0170 3704 iaStorV - ok
19:52:11.0554 3704 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:52:11.0627 3704 idsvc - ok
19:52:11.0668 3704 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:52:11.0683 3704 iirsp - ok
19:52:11.0913 3704 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
19:52:12.0015 3704 IKEEXT - ok
19:52:12.0071 3704 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:52:12.0136 3704 intelide - ok
19:52:12.0305 3704 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:52:12.0435 3704 intelppm - ok
19:52:12.0551 3704 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:52:12.0671 3704 IPBusEnum - ok
19:52:12.0700 3704 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:52:12.0791 3704 IpFilterDriver - ok
19:52:12.0978 3704 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:52:13.0068 3704 iphlpsvc - ok
19:52:13.0111 3704 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:52:13.0127 3704 IPMIDRV - ok
19:52:13.0160 3704 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:52:13.0214 3704 IPNAT - ok
19:52:13.0262 3704 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:52:13.0299 3704 IRENUM - ok
19:52:13.0357 3704 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:52:13.0375 3704 isapnp - ok
19:52:13.0451 3704 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:52:13.0491 3704 iScsiPrt - ok
19:52:13.0552 3704 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:52:13.0568 3704 kbdclass - ok
19:52:13.0619 3704 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:52:13.0654 3704 kbdhid - ok
19:52:13.0713 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
19:52:13.0728 3704 KeyIso - ok
19:52:13.0783 3704 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:52:13.0824 3704 KSecDD - ok
19:52:13.0908 3704 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:52:13.0932 3704 KSecPkg - ok
19:52:14.0041 3704 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:52:14.0161 3704 KtmRm - ok
19:52:14.0263 3704 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
19:52:14.0348 3704 LanmanServer - ok
19:52:14.0405 3704 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:52:14.0474 3704 LanmanWorkstation - ok
19:52:14.0612 3704 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:52:14.0665 3704 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:52:14.0665 3704 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:52:14.0726 3704 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:52:14.0800 3704 lltdio - ok
19:52:14.0888 3704 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:52:14.0927 3704 lltdsvc - ok
19:52:14.0979 3704 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:52:15.0038 3704 lmhosts - ok
19:52:15.0095 3704 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:52:15.0112 3704 LSI_FC - ok
19:52:15.0161 3704 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:52:15.0196 3704 LSI_SAS - ok
19:52:15.0243 3704 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:52:15.0267 3704 LSI_SAS2 - ok
19:52:15.0301 3704 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:52:15.0319 3704 LSI_SCSI - ok
19:52:15.0361 3704 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:52:15.0410 3704 luafv - ok
19:52:15.0497 3704 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:52:15.0537 3704 MBAMProtector - ok
19:52:15.0781 3704 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:52:15.0806 3704 MBAMScheduler - ok
19:52:16.0041 3704 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:52:16.0095 3704 MBAMService - ok
19:52:16.0174 3704 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:52:16.0232 3704 Mcx2Svc - ok
19:52:16.0315 3704 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:52:16.0342 3704 megasas - ok
19:52:16.0396 3704 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:52:16.0416 3704 MegaSR - ok
19:52:16.0474 3704 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:52:16.0536 3704 MMCSS - ok
19:52:16.0583 3704 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:52:16.0654 3704 Modem - ok
19:52:16.0712 3704 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:52:16.0738 3704 monitor - ok
19:52:16.0795 3704 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:52:16.0812 3704 mouclass - ok
19:52:16.0860 3704 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:52:16.0887 3704 mouhid - ok
19:52:16.0919 3704 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:52:16.0935 3704 mountmgr - ok
19:52:17.0047 3704 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:52:17.0088 3704 MpFilter - ok
19:52:17.0164 3704 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:52:17.0202 3704 mpio - ok
19:52:17.0513 3704 [ A69630D039C38018689190234F866D77 ] MpKsl35150d7c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7146109F-2D42-4059-83DB-363390EB7232}\MpKsl35150d7c.sys
19:52:17.0556 3704 MpKsl35150d7c - ok
19:52:17.0597 3704 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:52:17.0672 3704 mpsdrv - ok
19:52:17.0840 3704 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
19:52:17.0903 3704 MpsSvc - ok
19:52:17.0952 3704 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:52:17.0988 3704 MRxDAV - ok
19:52:18.0044 3704 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:52:18.0128 3704 mrxsmb - ok
19:52:18.0224 3704 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:52:18.0302 3704 mrxsmb10 - ok
19:52:18.0377 3704 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:52:18.0422 3704 mrxsmb20 - ok
19:52:18.0469 3704 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:52:18.0498 3704 msahci - ok
19:52:18.0536 3704 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:52:18.0579 3704 msdsm - ok
19:52:18.0678 3704 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:52:18.0700 3704 MSDTC - ok
19:52:18.0781 3704 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:52:18.0833 3704 Msfs - ok
19:52:18.0924 3704 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:52:18.0969 3704 mshidkmdf - ok
19:52:19.0035 3704 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:52:19.0063 3704 msisadrv - ok
19:52:19.0112 3704 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:52:19.0175 3704 MSiSCSI - ok
19:52:19.0190 3704 msiserver - ok
19:52:19.0248 3704 MSI_MSIBIOS_010507 - ok
19:52:19.0295 3704 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:52:19.0344 3704 MSKSSRV - ok
19:52:19.0438 3704 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:52:19.0472 3704 MsMpSvc - ok
19:52:19.0521 3704 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:52:19.0570 3704 MSPCLOCK - ok
19:52:19.0610 3704 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:52:19.0699 3704 MSPQM - ok
19:52:19.0746 3704 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:52:19.0762 3704 MsRPC - ok
19:52:19.0874 3704 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:52:19.0909 3704 mssmbios - ok
19:52:19.0954 3704 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:52:19.0986 3704 MSTEE - ok
19:52:20.0104 3704 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:52:20.0160 3704 MTConfig - ok
19:52:20.0193 3704 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:52:20.0215 3704 Mup - ok
19:52:20.0321 3704 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
19:52:20.0400 3704 napagent - ok
19:52:20.0447 3704 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:52:20.0484 3704 NativeWifiP - ok
19:52:20.0737 3704 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
19:52:20.0802 3704 NAUpdate - ok
19:52:21.0016 3704 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:52:21.0093 3704 NDIS - ok
19:52:21.0163 3704 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:52:21.0195 3704 NdisCap - ok
19:52:21.0314 3704 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:52:21.0365 3704 NdisTapi - ok
19:52:21.0422 3704 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:52:21.0457 3704 Ndisuio - ok
19:52:21.0497 3704 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:52:21.0567 3704 NdisWan - ok
19:52:21.0621 3704 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:52:21.0670 3704 NDProxy - ok
19:52:21.0716 3704 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:52:21.0777 3704 NetBIOS - ok
19:52:21.0898 3704 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:52:21.0965 3704 NetBT - ok
19:52:21.0994 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
19:52:22.0049 3704 Netlogon - ok
19:52:22.0185 3704 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:52:22.0246 3704 Netman - ok
19:52:22.0413 3704 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:52:22.0480 3704 netprofm - ok
19:52:22.0535 3704 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:22.0638 3704 NetTcpPortSharing - ok
19:52:22.0695 3704 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:52:22.0727 3704 nfrd960 - ok
19:52:22.0818 3704 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:52:22.0851 3704 NisDrv - ok
19:52:22.0967 3704 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:52:22.0991 3704 NisSrv - ok
19:52:23.0112 3704 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
19:52:23.0188 3704 NlaSvc - ok
19:52:23.0252 3704 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:52:23.0286 3704 Npfs - ok
19:52:23.0346 3704 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:52:23.0417 3704 nsi - ok
19:52:23.0496 3704 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:52:23.0571 3704 nsiproxy - ok
19:52:23.0848 3704 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:52:23.0926 3704 Ntfs - ok
19:52:23.0977 3704 NTIOLib_1_0_4 - ok
19:52:24.0039 3704 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:52:24.0116 3704 Null - ok
19:52:24.0945 3704 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:52:25.0467 3704 nvlddmkm - ok
19:52:25.0506 3704 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:52:25.0525 3704 nvraid - ok
19:52:25.0574 3704 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:52:25.0590 3704 nvstor - ok
19:52:25.0644 3704 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:52:25.0663 3704 nvsvc - ok
19:52:25.0700 3704 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:52:25.0718 3704 nv_agp - ok
19:52:25.0751 3704 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:52:25.0783 3704 ohci1394 - ok
19:52:25.0864 3704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:52:25.0882 3704 ose - ok
19:52:25.0935 3704 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:52:26.0013 3704 p2pimsvc - ok
19:52:26.0064 3704 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:52:26.0097 3704 p2psvc - ok
19:52:26.0131 3704 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:52:26.0217 3704 Parport - ok
19:52:26.0257 3704 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:52:26.0273 3704 partmgr - ok
19:52:26.0305 3704 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:52:26.0334 3704 Parvdm - ok
19:52:26.0382 3704 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:52:26.0406 3704 PcaSvc - ok
19:52:26.0432 3704 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
19:52:26.0449 3704 pci - ok
19:52:26.0478 3704 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:52:26.0507 3704 pciide - ok
19:52:26.0555 3704 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:52:26.0595 3704 pcmcia - ok
19:52:26.0625 3704 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:52:26.0644 3704 pcw - ok
19:52:26.0698 3704 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:52:26.0788 3704 PEAUTH - ok
19:52:26.0899 3704 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
19:52:27.0020 3704 pla - ok
19:52:27.0088 3704 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:52:27.0122 3704 PlugPlay - ok
19:52:27.0160 3704 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:52:27.0190 3704 PNRPAutoReg - ok
19:52:27.0229 3704 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:52:27.0251 3704 PNRPsvc - ok
19:52:27.0308 3704 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:52:27.0376 3704 PolicyAgent - ok
19:52:27.0426 3704 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
19:52:27.0464 3704 Power - ok
19:52:27.0501 3704 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:52:27.0570 3704 PptpMiniport - ok
19:52:27.0602 3704 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:52:27.0644 3704 Processor - ok
19:52:27.0703 3704 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
19:52:27.0774 3704 ProfSvc - ok
19:52:27.0807 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:52:27.0823 3704 ProtectedStorage - ok
19:52:27.0862 3704 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:52:27.0910 3704 Psched - ok
19:52:27.0992 3704 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:52:28.0071 3704 ql2300 - ok
19:52:28.0101 3704 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:52:28.0166 3704 ql40xx - ok
19:52:28.0239 3704 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:52:28.0334 3704 QWAVE - ok
19:52:28.0378 3704 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:52:28.0397 3704 QWAVEdrv - ok
19:52:28.0418 3704 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:52:28.0465 3704 RasAcd - ok
19:52:28.0513 3704 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:52:28.0585 3704 RasAgileVpn - ok
19:52:28.0622 3704 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:52:28.0675 3704 RasAuto - ok
19:52:28.0713 3704 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:52:28.0757 3704 Rasl2tp - ok
19:52:28.0829 3704 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
19:52:28.0875 3704 RasMan - ok
19:52:28.0914 3704 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:52:28.0958 3704 RasPppoe - ok
19:52:29.0002 3704 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:52:29.0044 3704 RasSstp - ok
19:52:29.0085 3704 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:52:29.0124 3704 rdbss - ok
19:52:29.0162 3704 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:52:29.0206 3704 rdpbus - ok
19:52:29.0237 3704 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:52:29.0269 3704 RDPCDD - ok
19:52:29.0312 3704 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:52:29.0369 3704 RDPENCDD - ok
19:52:29.0418 3704 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:52:29.0447 3704 RDPREFMP - ok
19:52:29.0489 3704 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:52:29.0566 3704 RDPWD - ok
19:52:29.0633 3704 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:52:29.0668 3704 rdyboost - ok
19:52:29.0714 3704 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:52:29.0785 3704 RemoteAccess - ok
19:52:29.0823 3704 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:52:29.0869 3704 RemoteRegistry - ok
19:52:29.0922 3704 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:52:29.0973 3704 RpcEptMapper - ok
19:52:30.0015 3704 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:52:30.0047 3704 RpcLocator - ok
19:52:30.0097 3704 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
19:52:30.0137 3704 RpcSs - ok
19:52:30.0190 3704 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:52:30.0250 3704 rspndr - ok
19:52:30.0339 3704 [ 1E2EFD78FE370847AA9448041BFF72CD ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:52:30.0382 3704 RTL8167 - ok
19:52:30.0409 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
19:52:30.0422 3704 SamSs - ok
19:52:30.0463 3704 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:52:30.0478 3704 sbp2port - ok
19:52:30.0521 3704 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:52:30.0585 3704 SCardSvr - ok
19:52:30.0623 3704 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:52:30.0686 3704 scfilter - ok
19:52:30.0756 3704 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
19:52:30.0843 3704 Schedule - ok
19:52:30.0877 3704 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:52:30.0913 3704 SCPolicySvc - ok
19:52:30.0952 3704 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:52:31.0020 3704 SDRSVC - ok
19:52:31.0057 3704 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:52:31.0106 3704 secdrv - ok
19:52:31.0150 3704 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:52:31.0195 3704 seclogon - ok
19:52:31.0249 3704 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:52:31.0297 3704 SENS - ok
19:52:31.0338 3704 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:52:31.0398 3704 SensrSvc - ok
19:52:31.0419 3704 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:52:31.0455 3704 Serenum - ok
19:52:31.0497 3704 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:52:31.0547 3704 Serial - ok
19:52:31.0579 3704 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:52:31.0604 3704 sermouse - ok
19:52:31.0676 3704 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
19:52:31.0728 3704 SessionEnv - ok
19:52:31.0772 3704 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:52:31.0805 3704 sffdisk - ok
19:52:31.0820 3704 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:52:31.0843 3704 sffp_mmc - ok
19:52:31.0901 3704 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:52:31.0942 3704 sffp_sd - ok
19:52:31.0974 3704 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:52:32.0030 3704 sfloppy - ok
19:52:32.0080 3704 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:52:32.0145 3704 SharedAccess - ok
19:52:32.0193 3704 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:52:32.0271 3704 ShellHWDetection - ok
19:52:32.0318 3704 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:52:32.0333 3704 SiSRaid2 - ok
19:52:32.0364 3704 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:52:32.0402 3704 SiSRaid4 - ok
19:52:32.0448 3704 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:52:32.0499 3704 Smb - ok
19:52:32.0563 3704 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:52:32.0622 3704 SNMPTRAP - ok
19:52:32.0691 3704 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:52:32.0724 3704 spldr - ok
19:52:32.0844 3704 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
19:52:32.0918 3704 Spooler - ok
19:52:33.0396 3704 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
19:52:33.0569 3704 sppsvc - ok
19:52:33.0609 3704 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:52:33.0656 3704 sppuinotify - ok
19:52:33.0712 3704 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:52:33.0759 3704 srv - ok
19:52:33.0832 3704 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:52:33.0865 3704 srv2 - ok
19:52:33.0901 3704 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:52:33.0971 3704 srvnet - ok
19:52:34.0051 3704 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:52:34.0117 3704 SSDPSRV - ok
19:52:34.0140 3704 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:52:34.0214 3704 SstpSvc - ok
19:52:34.0256 3704 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:52:34.0271 3704 stexstor - ok
19:52:34.0342 3704 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
19:52:34.0388 3704 StiSvc - ok
19:52:34.0426 3704 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:52:34.0445 3704 swenum - ok
19:52:34.0495 3704 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:52:34.0559 3704 swprv - ok
19:52:34.0685 3704 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
19:52:34.0868 3704 SysMain - ok
19:52:34.0929 3704 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:52:34.0967 3704 TabletInputService - ok
19:52:35.0008 3704 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
19:52:35.0060 3704 TapiSrv - ok
19:52:35.0120 3704 [ 10A926EF723A816D3DB771608F184E3B ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
19:52:35.0366 3704 tbhsd ( UnsignedFile.Multi.Generic ) - warning
19:52:35.0366 3704 tbhsd - detected UnsignedFile.Multi.Generic (1)
19:52:35.0412 3704 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:52:35.0467 3704 TBS - ok
19:52:35.0563 3704 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:52:35.0632 3704 Tcpip - ok
19:52:35.0706 3704 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:52:35.0756 3704 TCPIP6 - ok
19:52:35.0821 3704 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:52:35.0862 3704 tcpipreg - ok
19:52:35.0914 3704 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:52:35.0958 3704 TDPIPE - ok
19:52:36.0012 3704 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:52:36.0043 3704 TDTCP - ok
19:52:36.0081 3704 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:52:36.0127 3704 tdx - ok
19:52:36.0175 3704 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:52:36.0200 3704 TermDD - ok
19:52:36.0266 3704 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
19:52:36.0336 3704 TermService - ok
19:52:36.0381 3704 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:52:36.0414 3704 Themes - ok
19:52:36.0448 3704 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:52:36.0496 3704 THREADORDER - ok
19:52:36.0548 3704 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:52:36.0594 3704 TrkWks - ok
19:52:36.0670 3704 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:52:36.0804 3704 TrustedInstaller - ok
19:52:36.0842 3704 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:52:36.0874 3704 tssecsrv - ok
19:52:37.0025 3704 [ 75E9D9B9E1C268697DA56EFF1A578F68 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
19:52:37.0132 3704 TuneUp.UtilitiesSvc - ok
19:52:37.0191 3704 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
19:52:37.0204 3704 TuneUpUtilitiesDrv - ok
19:52:37.0244 3704 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:52:37.0286 3704 tunnel - ok
19:52:37.0325 3704 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:52:37.0340 3704 uagp35 - ok
19:52:37.0382 3704 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:52:37.0444 3704 udfs - ok
19:52:37.0516 3704 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:52:37.0556 3704 UI0Detect - ok
19:52:37.0595 3704 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:52:37.0610 3704 uliagpkx - ok
19:52:37.0643 3704 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:52:37.0658 3704 umbus - ok
19:52:37.0676 3704 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:52:37.0708 3704 UmPass - ok
19:52:37.0780 3704 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:52:37.0833 3704 upnphost - ok
19:52:37.0886 3704 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:52:37.0941 3704 usbaudio - ok
19:52:37.0986 3704 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:52:38.0043 3704 usbccgp - ok
19:52:38.0090 3704 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:52:38.0141 3704 usbcir - ok
19:52:38.0179 3704 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:52:38.0228 3704 usbehci - ok
19:52:38.0274 3704 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:52:38.0416 3704 usbhub - ok
19:52:38.0453 3704 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:52:38.0482 3704 usbohci - ok
19:52:38.0519 3704 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:52:38.0566 3704 usbprint - ok
19:52:38.0621 3704 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:52:38.0681 3704 USBSTOR - ok
19:52:38.0732 3704 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:52:38.0757 3704 usbuhci - ok
19:52:38.0873 3704 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:52:38.0945 3704 usbvideo - ok
19:52:39.0014 3704 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:52:39.0086 3704 UxSms - ok
19:52:39.0148 3704 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
19:52:39.0165 3704 VaultSvc - ok
19:52:39.0231 3704 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:52:39.0245 3704 vdrvroot - ok
19:52:39.0293 3704 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
19:52:39.0365 3704 vds - ok
19:52:39.0401 3704 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:52:39.0434 3704 vga - ok
19:52:39.0467 3704 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:52:39.0499 3704 VgaSave - ok
19:52:39.0517 3704 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:52:39.0539 3704 vhdmp - ok
19:52:39.0599 3704 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
19:52:39.0615 3704 viaagp - ok
19:52:39.0645 3704 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:52:39.0673 3704 ViaC7 - ok
19:52:39.0701 3704 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:52:39.0719 3704 viaide - ok
19:52:39.0748 3704 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:52:39.0762 3704 volmgr - ok
19:52:39.0809 3704 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:52:39.0840 3704 volmgrx - ok
19:52:39.0911 3704 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:52:39.0930 3704 volsnap - ok
19:52:39.0987 3704 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:52:40.0006 3704 vsmraid - ok
19:52:40.0087 3704 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
19:52:40.0153 3704 VSS - ok
19:52:40.0183 3704 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:52:40.0215 3704 vwifibus - ok
19:52:40.0257 3704 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:52:40.0312 3704 W32Time - ok
19:52:40.0364 3704 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:52:40.0378 3704 WacomPen - ok
19:52:40.0424 3704 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:52:40.0458 3704 WANARP - ok
19:52:40.0477 3704 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:52:40.0514 3704 Wanarpv6 - ok
19:52:40.0596 3704 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
19:52:40.0709 3704 wbengine - ok
19:52:40.0757 3704 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:52:40.0801 3704 WbioSrvc - ok
19:52:40.0856 3704 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:52:40.0905 3704 wcncsvc - ok
19:52:40.0980 3704 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:52:41.0049 3704 WcsPlugInService - ok
19:52:41.0086 3704 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:52:41.0109 3704 Wd - ok
19:52:41.0184 3704 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:52:41.0241 3704 Wdf01000 - ok
19:52:41.0266 3704 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:52:41.0314 3704 WdiServiceHost - ok
19:52:41.0329 3704 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:52:41.0350 3704 WdiSystemHost - ok
19:52:41.0401 3704 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
19:52:41.0461 3704 WebClient - ok
19:52:41.0504 3704 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:52:41.0547 3704 Wecsvc - ok
19:52:41.0575 3704 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:52:41.0614 3704 wercplsupport - ok
19:52:41.0637 3704 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:52:41.0674 3704 WerSvc - ok
19:52:41.0721 3704 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:52:41.0753 3704 WfpLwf - ok
19:52:41.0791 3704 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:52:41.0803 3704 WIMMount - ok
19:52:41.0888 3704 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:52:41.0960 3704 WinDefend - ok
19:52:41.0986 3704 WinHttpAutoProxySvc - ok
19:52:42.0061 3704 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:52:42.0108 3704 Winmgmt - ok
19:52:42.0204 3704 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
19:52:42.0333 3704 WinRM - ok
19:52:42.0437 3704 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:52:42.0499 3704 Wlansvc - ok
19:52:42.0525 3704 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:52:42.0541 3704 WmiAcpi - ok
19:52:42.0592 3704 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:52:42.0643 3704 wmiApSrv - ok
19:52:42.0746 3704 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:52:42.0849 3704 WMPNetworkSvc - ok
19:52:42.0892 3704 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:52:42.0941 3704 WPCSvc - ok
19:52:42.0969 3704 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:52:43.0000 3704 WPDBusEnum - ok
19:52:43.0039 3704 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:52:43.0111 3704 ws2ifsl - ok
19:52:43.0182 3704 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
19:52:43.0240 3704 wscsvc - ok
19:52:43.0257 3704 WSearch - ok
19:52:43.0426 3704 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:52:43.0536 3704 wuauserv - ok
19:52:43.0589 3704 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:52:43.0666 3704 WudfPf - ok
19:52:43.0740 3704 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:52:43.0776 3704 WUDFRd - ok
19:52:43.0828 3704 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:52:43.0859 3704 wudfsvc - ok
19:52:43.0906 3704 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:52:43.0952 3704 WwanSvc - ok
19:52:44.0017 3704 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:52:44.0071 3704 YahooAUService - ok
19:52:44.0085 3704 ================ Scan global ===============================
19:52:44.0135 3704 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
19:52:44.0196 3704 [ A031E84E7A5884841171E13A73315A7B ] C:\Windows\system32\winsrv.dll
19:52:45.0249 3704 [ A031E84E7A5884841171E13A73315A7B ] C:\Windows\system32\winsrv.dll
19:52:45.0287 3704 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:52:45.0326 3704 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:52:45.0333 3704 [Global] - ok
19:52:45.0338 3704 ================ Scan MBR ==================================
19:52:45.0363 3704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:52:45.0788 3704 \Device\Harddisk0\DR0 - ok
19:52:45.0822 3704 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
19:52:50.0085 3704 \Device\Harddisk1\DR1 - ok
19:52:50.0090 3704 ================ Scan VBR ==================================
19:52:50.0097 3704 [ 764609EF6E5C90876DFEF06E6CB6F771 ] \Device\Harddisk0\DR0\Partition1
19:52:50.0101 3704 \Device\Harddisk0\DR0\Partition1 - ok
19:52:50.0114 3704 [ D5D42177998BE2D37E94346469098687 ] \Device\Harddisk1\DR1\Partition1
19:52:50.0117 3704 \Device\Harddisk1\DR1\Partition1 - ok
19:52:50.0128 3704 [ FCF097917C006BBE5970861E78E372EF ] \Device\Harddisk1\DR1\Partition2
19:52:50.0130 3704 \Device\Harddisk1\DR1\Partition2 - ok
19:52:50.0176 3704 [ 38C672C268C9EEB9FFE01EC203D2BD69 ] \Device\Harddisk1\DR1\Partition3
19:52:50.0188 3704 \Device\Harddisk1\DR1\Partition3 - ok
19:52:50.0195 3704 ============================================================
19:52:50.0195 3704 Scan finished
19:52:50.0195 3704 ============================================================
19:52:50.0226 3236 Detected object count: 2
19:52:50.0226 3236 Actual detected object count: 2
19:53:59.0191 3236 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:59.0191 3236 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:59.0201 3236 tbhsd ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:59.0201 3236 tbhsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.02.2013, 19:56
| #8 |
| /// Malware-holic | PUP.Blabbers wie krieg ich die wieder weg? hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 21:08
| #9 |
| | PUP.Blabbers wie krieg ich die wieder weg? Combofix: Code:
ATTFilter ComboFix 13-02-06.01 - WIR 06.02.2013 20:15:13.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.1023.414 [GMT 1:00]
ausgeführt von:: c:\users\WIR\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\sysid.ini
c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 ))))))))))))))))))))))))))))))
.
.
2013-02-06 19:54 . 2013-02-06 19:57 -------- d-----w- c:\users\WIR\AppData\Local\temp
2013-02-06 18:51 . 2013-02-06 18:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7146109F-2D42-4059-83DB-363390EB7232}\MpKsl35150d7c.sys
2013-02-05 15:11 . 2013-02-05 15:11 -------- d-----w- c:\users\WIR\AppData\Local\Programs
2013-02-05 15:05 . 2012-11-29 15:06 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2013-02-05 15:05 . 2012-11-29 15:06 21344 ----a-w- c:\windows\system32\authuitu.dll
2013-02-05 15:03 . 2013-02-05 15:03 -------- d-----w- c:\users\WIR\AppData\Roaming\TuneUp Software
2013-02-05 15:02 . 2013-02-05 15:05 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-02-05 14:58 . 2013-02-05 15:03 -------- d-----w- c:\programdata\TuneUp Software
2013-02-05 14:56 . 2013-02-05 16:06 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-02-05 14:56 . 2013-02-05 14:56 -------- d--h--w- c:\programdata\Common Files
2013-02-05 13:58 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7146109F-2D42-4059-83DB-363390EB7232}\mpengine.dll
2013-02-05 13:45 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-29 09:01 . 2013-01-29 09:01 -------- d-----w- c:\users\WIR\AppData\Roaming\Wargaming.net
2013-01-28 19:26 . 2008-05-30 13:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2013-01-11 08:48 . 2012-11-22 09:33 627712 ----a-w- c:\windows\system32\usp10.dll
2013-01-11 08:48 . 2012-11-23 03:06 2344960 ----a-w- c:\windows\system32\win32k.sys
2013-01-11 08:48 . 2012-11-09 04:49 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-11 08:46 . 2012-11-30 04:56 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-11 08:46 . 2012-11-30 04:56 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-11 08:46 . 2012-11-30 04:56 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-11 08:46 . 2012-11-30 02:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-11 08:44 . 2012-11-20 05:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-11-19 19:38 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:25 . 2012-12-21 02:02 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 02:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 15:49 . 2012-09-07 12:33 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-28 15:27 . 2012-11-28 15:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5145B1D-5912-4253-9033-C307F6050A9F}\gapaengine.dll
2012-11-14 02:09 . 2012-12-13 02:03 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:49 . 2012-12-12 19:03 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-19 39408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-09-28 1406248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]
S1 MpKsl35150d7c;MpKsl35150d7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7146109F-2D42-4059-83DB-363390EB7232}\MpKsl35150d7c.sys [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 20:42 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 20:14]
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-19 20:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://my.ebay.de/ws/eBayISAPI.dll?MyeBay
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WIA6EB~1\Datamngr\DATAMN~1.EXE
AddRemove-Searchqu Toolbar - c:\program files\Windows Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\TuneUp Utilities 2013\integrator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-06 21:03:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-06 20:03
.
Vor Suchlauf: 6 Verzeichnis(se), 60.981.751.808 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 60.910.432.256 Bytes frei
.
- - End Of File - - 255E162CF72C723986821595EEA7165F
|
|
07.02.2013, 12:23
| #10 |
| /// Malware-holic | PUP.Blabbers wie krieg ich die wieder weg? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2013, 17:09
| #11 |
| | PUP.Blabbers wie krieg ich die wieder weg?Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.08.04 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 WIR :: WIR-PC [Administrator] 08.02.2013 11:53:28 mbam-log-2013-02-08 (11-53-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373998 Laufzeit: 1 Stunde(n), 28 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.02.2013, 17:54
| #12 |
| /// Malware-holic | PUP.Blabbers wie krieg ich die wieder weg? hi Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. wenn fertig, prüfe ob unter rechtsklick auf computer, eigenschaften, das Servicepack 1 (sp1( instaliert ist, wenn ja, melden bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu PUP.Blabbers wie krieg ich die wieder weg? |
| gefunde, krieg, langsamer, langsamer pc, löschen, malwarebytes, nichts, pup.blabbers, wieder weg |
WARNUNG an die MITLESER: 
Linear-Darstellung
