Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
4viren/trojaner

4viren/trojaner


Plagegeister aller Art und deren Bekämpfung: 4viren/trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 19.03.2013, 14:38   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.03.2013, 15:53   #17
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


Hier schonmal AswMBR.
Ich hatte es kurz unterbrochen, weil ich es erst nicht als Administrator mit Rechtsklick gestartet hatte, ich hoffe das ist nicht schlimm.


Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 15:12:05
-----------------------------
15:12:05.592    OS Version: Windows x64 6.1.7601 Service Pack 1
15:12:05.592    Number of processors: 2 586 0x170A
15:12:05.592    ComputerName: KERRY-VAIO  UserName: Kerry
15:12:06.700    Initialze error C000010E - driver not loaded
15:12:06.747    write error "aswCmnB.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
15:12:15.217    AVAST engine defs: 13031900
15:12:41.067    Service scanning
15:13:07.977    Modules scanning
15:13:07.977    Disk 0 trace - called modules:
15:13:07.977    
15:13:09.100    AVAST engine scan C:\Windows
15:13:11.783    AVAST engine scan C:\Windows\system32
15:16:19.050    AVAST engine scan C:\Windows\system32\drivers
15:16:32.996    AVAST engine scan C:\Users\Kerry
15:47:02.150    AVAST engine scan C:\ProgramData
15:49:20.149    Scan finished successfully
15:49:50.897    The log file has been saved successfully to "C:\Users\Kerry\Desktop\aswMBR.txt"
Und hier der TDSS Killer:


Code:
ATTFilter
16:02:15.0118 4924  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:02:15.0242 4924  ============================================================
16:02:15.0242 4924  Current date / time: 2013/03/19 16:02:15.0242
16:02:15.0242 4924  SystemInfo:
16:02:15.0242 4924  
16:02:15.0242 4924  OS Version: 6.1.7601 ServicePack: 1.0
16:02:15.0242 4924  Product type: Workstation
16:02:15.0242 4924  ComputerName: KERRY-VAIO
16:02:15.0258 4924  UserName: Kerry
16:02:15.0258 4924  Windows directory: C:\Windows
16:02:15.0258 4924  System windows directory: C:\Windows
16:02:15.0258 4924  Running under WOW64
16:02:15.0258 4924  Processor architecture: Intel x64
16:02:15.0258 4924  Number of processors: 2
16:02:15.0258 4924  Page size: 0x1000
16:02:15.0258 4924  Boot type: Normal boot
16:02:15.0258 4924  ============================================================
16:02:15.0726 4924  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:02:15.0742 4924  ============================================================
16:02:15.0742 4924  \Device\Harddisk0\DR0:
16:02:15.0742 4924  MBR partitions:
16:02:15.0742 4924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12C6000, BlocksNum 0x32000
16:02:15.0742 4924  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12F8000, BlocksNum 0x3908D830
16:02:15.0742 4924  ============================================================
16:02:15.0773 4924  C: <-> \Device\Harddisk0\DR0\Partition2
16:02:15.0773 4924  ============================================================
16:02:15.0773 4924  Initialize success
16:02:15.0773 4924  ============================================================
16:03:06.0083 2180  ============================================================
16:03:06.0099 2180  Scan started
16:03:06.0099 2180  Mode: Manual; SigCheck; TDLFS; 
16:03:06.0099 2180  ============================================================
16:03:06.0348 2180  ================ Scan system memory ========================
16:03:06.0348 2180  System memory - ok
16:03:06.0348 2180  ================ Scan services =============================
16:03:06.0535 2180  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:03:06.0645 2180  1394ohci - ok
16:03:06.0801 2180  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:03:06.0832 2180  ACDaemon - ok
16:03:06.0894 2180  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:03:06.0910 2180  ACPI - ok
16:03:06.0972 2180  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:03:07.0066 2180  AcpiPmi - ok
16:03:07.0206 2180  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:03:07.0237 2180  AdobeFlashPlayerUpdateSvc - ok
16:03:07.0300 2180  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:03:07.0315 2180  adp94xx - ok
16:03:07.0362 2180  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:03:07.0393 2180  adpahci - ok
16:03:07.0409 2180  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:03:07.0425 2180  adpu320 - ok
16:03:07.0456 2180  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:03:07.0596 2180  AeLookupSvc - ok
16:03:07.0643 2180  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:03:07.0737 2180  AFD - ok
16:03:07.0783 2180  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:03:07.0799 2180  agp440 - ok
16:03:07.0830 2180  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:03:07.0908 2180  ALG - ok
16:03:07.0939 2180  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:03:07.0955 2180  aliide - ok
16:03:08.0002 2180  [ 322A2C5D390109A4E50679AB58DEA870 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:03:08.0111 2180  AMD External Events Utility - ok
16:03:08.0142 2180  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:03:08.0158 2180  amdide - ok
16:03:08.0205 2180  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:03:08.0283 2180  AmdK8 - ok
16:03:08.0298 2180  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:03:08.0345 2180  AmdPPM - ok
16:03:08.0392 2180  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:03:08.0423 2180  amdsata - ok
16:03:08.0454 2180  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:03:08.0470 2180  amdsbs - ok
16:03:08.0485 2180  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:03:08.0485 2180  amdxata - ok
16:03:08.0657 2180  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:03:08.0688 2180  AntiVirSchedulerService - ok
16:03:08.0751 2180  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:03:08.0766 2180  AntiVirService - ok
16:03:08.0829 2180  [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:03:08.0860 2180  AntiVirWebService - ok
16:03:08.0907 2180  [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
16:03:08.0938 2180  ApfiltrService - ok
16:03:08.0985 2180  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:03:09.0156 2180  AppID - ok
16:03:09.0187 2180  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:03:09.0250 2180  AppIDSvc - ok
16:03:09.0328 2180  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
16:03:09.0390 2180  Appinfo - ok
16:03:09.0453 2180  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:03:09.0484 2180  Apple Mobile Device - ok
16:03:09.0515 2180  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:03:09.0531 2180  arc - ok
16:03:09.0562 2180  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:03:09.0577 2180  arcsas - ok
16:03:09.0609 2180  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:03:09.0624 2180  ArcSoftKsUFilter - ok
16:03:09.0655 2180  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:03:09.0702 2180  AsyncMac - ok
16:03:09.0749 2180  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:03:09.0780 2180  atapi - ok
16:03:09.0843 2180  [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
16:03:09.0936 2180  athr - ok
16:03:10.0077 2180  [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:03:10.0264 2180  atikmdag - ok
16:03:10.0326 2180  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:03:10.0420 2180  AudioEndpointBuilder - ok
16:03:10.0435 2180  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:03:10.0467 2180  AudioSrv - ok
16:03:10.0529 2180  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:03:10.0545 2180  avgntflt - ok
16:03:10.0607 2180  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:03:10.0623 2180  avipbb - ok
16:03:10.0654 2180  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:03:10.0669 2180  avkmgr - ok
16:03:10.0747 2180  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:03:10.0857 2180  AxInstSV - ok
16:03:10.0903 2180  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:03:10.0981 2180  b06bdrv - ok
16:03:11.0013 2180  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:03:11.0059 2180  b57nd60a - ok
16:03:11.0169 2180  [ 483F1162EEEBD10BF77FBB32DB963370 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:03:11.0200 2180  BBSvc - ok
16:03:11.0231 2180  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:03:11.0247 2180  BBUpdate - ok
16:03:11.0278 2180  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:03:11.0340 2180  BDESVC - ok
16:03:11.0371 2180  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:03:11.0449 2180  Beep - ok
16:03:11.0543 2180  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:03:11.0605 2180  BFE - ok
16:03:11.0652 2180  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:03:11.0746 2180  BITS - ok
16:03:11.0793 2180  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:03:11.0824 2180  blbdrive - ok
16:03:11.0886 2180  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:03:11.0917 2180  Bonjour Service - ok
16:03:11.0964 2180  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:03:12.0011 2180  bowser - ok
16:03:12.0027 2180  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:03:12.0105 2180  BrFiltLo - ok
16:03:12.0136 2180  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:03:12.0167 2180  BrFiltUp - ok
16:03:12.0214 2180  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:03:12.0276 2180  Browser - ok
16:03:12.0307 2180  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:03:12.0370 2180  Brserid - ok
16:03:12.0417 2180  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:03:12.0463 2180  BrSerWdm - ok
16:03:12.0495 2180  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:03:12.0541 2180  BrUsbMdm - ok
16:03:12.0557 2180  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:03:12.0604 2180  BrUsbSer - ok
16:03:12.0666 2180  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:03:12.0760 2180  BthEnum - ok
16:03:12.0791 2180  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:03:12.0822 2180  BTHMODEM - ok
16:03:12.0853 2180  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:03:12.0885 2180  BthPan - ok
16:03:12.0931 2180  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:03:12.0994 2180  BTHPORT - ok
16:03:13.0025 2180  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:03:13.0087 2180  bthserv - ok
16:03:13.0103 2180  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:03:13.0150 2180  BTHUSB - ok
16:03:13.0197 2180  [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:03:13.0212 2180  btwaudio - ok
16:03:13.0243 2180  [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
16:03:13.0259 2180  btwavdt - ok
16:03:13.0321 2180  [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:03:13.0368 2180  btwdins - ok
16:03:13.0384 2180  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:03:13.0384 2180  btwl2cap - ok
16:03:13.0415 2180  [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
16:03:13.0431 2180  btwrchid - ok
16:03:13.0462 2180  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:03:13.0540 2180  cdfs - ok
16:03:13.0587 2180  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:03:13.0618 2180  cdrom - ok
16:03:13.0665 2180  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:03:13.0711 2180  CertPropSvc - ok
16:03:13.0727 2180  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:03:13.0774 2180  circlass - ok
16:03:13.0821 2180  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:03:13.0852 2180  CLFS - ok
16:03:13.0914 2180  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:13.0945 2180  clr_optimization_v2.0.50727_32 - ok
16:03:14.0008 2180  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:14.0023 2180  clr_optimization_v2.0.50727_64 - ok
16:03:14.0117 2180  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:14.0148 2180  clr_optimization_v4.0.30319_32 - ok
16:03:14.0195 2180  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:14.0211 2180  clr_optimization_v4.0.30319_64 - ok
16:03:14.0257 2180  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:03:14.0273 2180  CmBatt - ok
16:03:14.0304 2180  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:03:14.0320 2180  cmdide - ok
16:03:14.0382 2180  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
16:03:14.0413 2180  CNG - ok
16:03:14.0460 2180  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:03:14.0476 2180  Compbatt - ok
16:03:14.0523 2180  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:03:14.0569 2180  CompositeBus - ok
16:03:14.0569 2180  COMSysApp - ok
16:03:14.0601 2180  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:03:14.0616 2180  crcdisk - ok
16:03:14.0663 2180  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:03:14.0741 2180  CryptSvc - ok
16:03:14.0788 2180  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:03:14.0881 2180  DcomLaunch - ok
16:03:14.0913 2180  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:03:14.0959 2180  defragsvc - ok
16:03:15.0006 2180  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:03:15.0084 2180  DfsC - ok
16:03:15.0131 2180  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:03:15.0193 2180  Dhcp - ok
16:03:15.0225 2180  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:03:15.0303 2180  discache - ok
16:03:15.0396 2180  DiscountfinderService - ok
16:03:15.0443 2180  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:03:15.0459 2180  Disk - ok
16:03:15.0490 2180  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:03:15.0537 2180  Dnscache - ok
16:03:15.0568 2180  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:03:15.0646 2180  dot3svc - ok
16:03:15.0677 2180  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:03:15.0755 2180  DPS - ok
16:03:15.0786 2180  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:03:15.0833 2180  drmkaud - ok
16:03:15.0911 2180  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:03:15.0942 2180  DXGKrnl - ok
16:03:15.0989 2180  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:03:16.0067 2180  EapHost - ok
16:03:16.0161 2180  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:03:16.0239 2180  ebdrv - ok
16:03:16.0270 2180  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:03:16.0317 2180  EFS - ok
16:03:16.0395 2180  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:03:16.0473 2180  ehRecvr - ok
16:03:16.0504 2180  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:03:16.0582 2180  ehSched - ok
16:03:16.0613 2180  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:03:16.0644 2180  elxstor - ok
16:03:16.0691 2180  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:03:16.0722 2180  ErrDev - ok
16:03:16.0785 2180  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:03:16.0831 2180  EventSystem - ok
16:03:16.0863 2180  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:03:16.0909 2180  exfat - ok
16:03:16.0941 2180  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:03:17.0003 2180  fastfat - ok
16:03:17.0050 2180  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:03:17.0112 2180  Fax - ok
16:03:17.0159 2180  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:03:17.0175 2180  fdc - ok
16:03:17.0190 2180  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:03:17.0253 2180  fdPHost - ok
16:03:17.0284 2180  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:03:17.0331 2180  FDResPub - ok
16:03:17.0377 2180  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:03:17.0377 2180  FileInfo - ok
16:03:17.0409 2180  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:03:17.0455 2180  Filetrace - ok
16:03:17.0487 2180  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:03:17.0518 2180  flpydisk - ok
16:03:17.0549 2180  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:03:17.0580 2180  FltMgr - ok
16:03:17.0643 2180  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:03:17.0721 2180  FontCache - ok
16:03:17.0767 2180  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:17.0783 2180  FontCache3.0.0.0 - ok
16:03:17.0814 2180  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:03:17.0830 2180  FsDepends - ok
16:03:17.0892 2180  [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
16:03:17.0908 2180  fssfltr - ok
16:03:17.0986 2180  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:03:18.0033 2180  fsssvc - ok
16:03:18.0064 2180  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:03:18.0079 2180  Fs_Rec - ok
16:03:18.0126 2180  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:03:18.0142 2180  fvevol - ok
16:03:18.0157 2180  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:03:18.0173 2180  gagp30kx - ok
16:03:18.0204 2180  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:03:18.0204 2180  GEARAspiWDM - ok
16:03:18.0267 2180  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:03:18.0329 2180  gpsvc - ok
16:03:18.0407 2180  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:18.0423 2180  gupdate - ok
16:03:18.0454 2180  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:18.0454 2180  gupdatem - ok
16:03:18.0485 2180  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:03:18.0501 2180  gusvc - ok
16:03:18.0532 2180  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:03:18.0563 2180  hcw85cir - ok
16:03:18.0610 2180  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:03:18.0672 2180  HdAudAddService - ok
16:03:18.0688 2180  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:03:18.0735 2180  HDAudBus - ok
16:03:18.0750 2180  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:03:18.0781 2180  HidBatt - ok
16:03:18.0813 2180  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:03:18.0859 2180  HidBth - ok
16:03:18.0906 2180  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:03:18.0922 2180  HidIr - ok
16:03:18.0953 2180  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:03:19.0000 2180  hidserv - ok
16:03:19.0047 2180  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:03:19.0078 2180  HidUsb - ok
16:03:19.0125 2180  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:03:19.0187 2180  hkmsvc - ok
16:03:19.0234 2180  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:03:19.0281 2180  HomeGroupListener - ok
16:03:19.0327 2180  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:03:19.0359 2180  HomeGroupProvider - ok
16:03:19.0390 2180  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:03:19.0405 2180  HpSAMD - ok
16:03:19.0468 2180  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:03:19.0530 2180  HTTP - ok
16:03:19.0577 2180  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:03:19.0577 2180  hwpolicy - ok
16:03:19.0624 2180  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:03:19.0639 2180  i8042prt - ok
16:03:19.0702 2180  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:03:19.0733 2180  IAANTMON - ok
16:03:19.0764 2180  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:03:19.0780 2180  iaStor - ok
16:03:19.0811 2180  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:03:19.0842 2180  iaStorV - ok
16:03:19.0889 2180  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:03:19.0889 2180  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:03:19.0889 2180  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:03:19.0951 2180  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:03:19.0998 2180  idsvc - ok
16:03:20.0154 2180  [ DFEAF0A1D98D397035012C8E28D1520F ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:03:20.0404 2180  igfx ( UnsignedFile.Multi.Generic ) - warning
16:03:20.0404 2180  igfx - detected UnsignedFile.Multi.Generic (1)
16:03:20.0419 2180  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:03:20.0435 2180  iirsp - ok
16:03:20.0482 2180  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:03:20.0575 2180  IKEEXT - ok
16:03:20.0669 2180  [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:03:20.0716 2180  IntcAzAudAddService - ok
16:03:20.0763 2180  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:03:20.0763 2180  IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - warning
16:03:20.0763 2180  IntcHdmiAddService - detected UnsignedFile.Multi.Generic (1)
16:03:20.0794 2180  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:03:20.0825 2180  intelide - ok
16:03:20.0856 2180  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:03:20.0887 2180  intelppm - ok
16:03:20.0934 2180  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:03:21.0012 2180  IPBusEnum - ok
16:03:21.0043 2180  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:21.0090 2180  IpFilterDriver - ok
16:03:21.0153 2180  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:03:21.0215 2180  iphlpsvc - ok
16:03:21.0246 2180  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:03:21.0309 2180  IPMIDRV - ok
16:03:21.0340 2180  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:03:21.0418 2180  IPNAT - ok
16:03:21.0480 2180  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:03:21.0511 2180  iPod Service - ok
16:03:21.0558 2180  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:03:21.0652 2180  IRENUM - ok
16:03:21.0699 2180  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:03:21.0730 2180  isapnp - ok
16:03:21.0745 2180  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:03:21.0777 2180  iScsiPrt - ok
16:03:21.0792 2180  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:03:21.0808 2180  kbdclass - ok
16:03:21.0839 2180  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:03:21.0855 2180  kbdhid - ok
16:03:21.0870 2180  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:03:21.0886 2180  KeyIso - ok
16:03:21.0917 2180  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:03:21.0933 2180  KSecDD - ok
16:03:21.0964 2180  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:03:21.0979 2180  KSecPkg - ok
16:03:22.0026 2180  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:03:22.0089 2180  ksthunk - ok
16:03:22.0120 2180  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:03:22.0182 2180  KtmRm - ok
16:03:22.0213 2180  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:03:22.0276 2180  LanmanServer - ok
16:03:22.0338 2180  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:03:22.0401 2180  LanmanWorkstation - ok
16:03:22.0447 2180  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:03:22.0525 2180  lltdio - ok
16:03:22.0572 2180  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:03:22.0650 2180  lltdsvc - ok
16:03:22.0681 2180  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:03:22.0728 2180  lmhosts - ok
16:03:22.0744 2180  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:03:22.0759 2180  LSI_FC - ok
16:03:22.0791 2180  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:03:22.0806 2180  LSI_SAS - ok
16:03:22.0837 2180  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:03:22.0853 2180  LSI_SAS2 - ok
16:03:22.0869 2180  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:03:22.0884 2180  LSI_SCSI - ok
16:03:22.0915 2180  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:03:22.0962 2180  luafv - ok
16:03:22.0993 2180  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:03:23.0025 2180  Mcx2Svc - ok
16:03:23.0056 2180  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:03:23.0071 2180  megasas - ok
16:03:23.0118 2180  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:03:23.0149 2180  MegaSR - ok
16:03:23.0181 2180  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:03:23.0227 2180  MMCSS - ok
16:03:23.0243 2180  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:03:23.0305 2180  Modem - ok
16:03:23.0352 2180  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:03:23.0399 2180  monitor - ok
16:03:23.0430 2180  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:03:23.0446 2180  mouclass - ok
16:03:23.0477 2180  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:03:23.0508 2180  mouhid - ok
16:03:23.0571 2180  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:03:23.0586 2180  mountmgr - ok
16:03:23.0664 2180  [ 2024F4CC36D1954ECD00C07C3BCE6BE3 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:03:23.0680 2180  MozillaMaintenance - ok
16:03:23.0711 2180  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:03:23.0727 2180  mpio - ok
16:03:23.0742 2180  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:03:23.0789 2180  mpsdrv - ok
16:03:23.0836 2180  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:03:23.0883 2180  MpsSvc - ok
16:03:23.0914 2180  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:03:23.0961 2180  MRxDAV - ok
16:03:23.0992 2180  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:24.0023 2180  mrxsmb - ok
16:03:24.0054 2180  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:24.0101 2180  mrxsmb10 - ok
16:03:24.0117 2180  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:24.0148 2180  mrxsmb20 - ok
16:03:24.0195 2180  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:03:24.0210 2180  msahci - ok
16:03:24.0257 2180  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:03:24.0273 2180  msdsm - ok
16:03:24.0304 2180  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:03:24.0319 2180  MSDTC - ok
16:03:24.0351 2180  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:03:24.0382 2180  Msfs - ok
16:03:24.0397 2180  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:03:24.0460 2180  mshidkmdf - ok
16:03:24.0475 2180  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:03:24.0491 2180  msisadrv - ok
16:03:24.0538 2180  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:03:24.0600 2180  MSiSCSI - ok
16:03:24.0600 2180  msiserver - ok
16:03:24.0631 2180  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:03:24.0678 2180  MSKSSRV - ok
16:03:24.0694 2180  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:24.0741 2180  MSPCLOCK - ok
16:03:24.0741 2180  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:03:24.0803 2180  MSPQM - ok
16:03:24.0865 2180  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:03:24.0897 2180  MsRPC - ok
16:03:24.0928 2180  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:03:24.0943 2180  mssmbios - ok
16:03:24.0959 2180  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:03:25.0006 2180  MSTEE - ok
16:03:25.0021 2180  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:03:25.0053 2180  MTConfig - ok
16:03:25.0084 2180  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:03:25.0084 2180  Mup - ok
16:03:25.0131 2180  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:03:25.0209 2180  napagent - ok
16:03:25.0271 2180  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:03:25.0318 2180  NativeWifiP - ok
16:03:25.0396 2180  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:03:25.0443 2180  NDIS - ok
16:03:25.0458 2180  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:03:25.0489 2180  NdisCap - ok
16:03:25.0521 2180  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:25.0567 2180  NdisTapi - ok
16:03:25.0599 2180  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:25.0677 2180  Ndisuio - ok
16:03:25.0723 2180  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:25.0801 2180  NdisWan - ok
16:03:25.0848 2180  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:03:25.0911 2180  NDProxy - ok
16:03:25.0926 2180  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:03:25.0989 2180  NetBIOS - ok
16:03:26.0020 2180  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:03:26.0082 2180  NetBT - ok
16:03:26.0113 2180  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:03:26.0129 2180  Netlogon - ok
16:03:26.0176 2180  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:03:26.0254 2180  Netman - ok
16:03:26.0269 2180  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:03:26.0316 2180  netprofm - ok
16:03:26.0332 2180  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:03:26.0347 2180  NetTcpPortSharing - ok
16:03:26.0472 2180  [ 705283C02177809CA9FA7CC58A4F1E77 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
16:03:26.0644 2180  netw5v64 - ok
16:03:26.0675 2180  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:03:26.0691 2180  nfrd960 - ok
16:03:26.0737 2180  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:03:26.0784 2180  NlaSvc - ok
16:03:26.0879 2180  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\NPF.sys
16:03:26.0894 2180  NPF - ok
16:03:26.0941 2180  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:03:26.0988 2180  Npfs - ok
16:03:27.0019 2180  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:03:27.0082 2180  nsi - ok
16:03:27.0097 2180  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:03:27.0160 2180  nsiproxy - ok
16:03:27.0222 2180  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:03:27.0269 2180  Ntfs - ok
16:03:27.0284 2180  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:03:27.0347 2180  Null - ok
16:03:27.0378 2180  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:03:27.0394 2180  nvraid - ok
16:03:27.0409 2180  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:03:27.0425 2180  nvstor - ok
16:03:27.0456 2180  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:03:27.0472 2180  nv_agp - ok
16:03:27.0565 2180  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:03:27.0596 2180  odserv - ok
16:03:27.0612 2180  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:03:27.0643 2180  ohci1394 - ok
16:03:27.0690 2180  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:03:27.0706 2180  ose - ok
16:03:27.0721 2180  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:03:27.0784 2180  p2pimsvc - ok
16:03:27.0815 2180  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:03:27.0830 2180  p2psvc - ok
16:03:27.0877 2180  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:03:27.0893 2180  Parport - ok
16:03:27.0924 2180  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:03:27.0924 2180  partmgr - ok
16:03:27.0940 2180  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:03:27.0971 2180  PcaSvc - ok
16:03:28.0002 2180  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:03:28.0033 2180  pci - ok
16:03:28.0049 2180  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:03:28.0064 2180  pciide - ok
16:03:28.0096 2180  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:03:28.0111 2180  pcmcia - ok
16:03:28.0158 2180  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:03:28.0174 2180  pcw - ok
16:03:28.0189 2180  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:03:28.0252 2180  PEAUTH - ok
16:03:28.0330 2180  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:03:28.0376 2180  PerfHost - ok
16:03:28.0454 2180  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:03:28.0532 2180  pla - ok
16:03:28.0579 2180  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:03:28.0626 2180  PlugPlay - ok
16:03:28.0642 2180  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:03:28.0673 2180  PNRPAutoReg - ok
16:03:28.0688 2180  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:03:28.0704 2180  PNRPsvc - ok
16:03:28.0751 2180  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:03:28.0813 2180  PolicyAgent - ok
16:03:28.0876 2180  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:03:28.0938 2180  Power - ok
16:03:29.0000 2180  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:03:29.0078 2180  PptpMiniport - ok
16:03:29.0110 2180  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:03:29.0156 2180  Processor - ok
16:03:29.0203 2180  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:03:29.0266 2180  ProfSvc - ok
16:03:29.0297 2180  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:03:29.0312 2180  ProtectedStorage - ok
16:03:29.0359 2180  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:03:29.0453 2180  Psched - ok
16:03:29.0500 2180  [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
16:03:29.0500 2180  PxHlpa64 - ok
16:03:29.0578 2180  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:03:29.0624 2180  ql2300 - ok
16:03:29.0656 2180  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:03:29.0671 2180  ql40xx - ok
16:03:29.0702 2180  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:03:29.0734 2180  QWAVE - ok
16:03:29.0749 2180  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:03:29.0780 2180  QWAVEdrv - ok
16:03:29.0780 2180  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:03:29.0843 2180  RasAcd - ok
16:03:29.0874 2180  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:29.0905 2180  RasAgileVpn - ok
16:03:29.0921 2180  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:03:29.0952 2180  RasAuto - ok
16:03:29.0983 2180  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:30.0030 2180  Rasl2tp - ok
16:03:30.0077 2180  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:03:30.0170 2180  RasMan - ok
16:03:30.0202 2180  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:30.0264 2180  RasPppoe - ok
16:03:30.0280 2180  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:03:30.0342 2180  RasSstp - ok
16:03:30.0389 2180  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:03:30.0451 2180  rdbss - ok
16:03:30.0467 2180  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:03:30.0514 2180  rdpbus - ok
16:03:30.0545 2180  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:30.0592 2180  RDPCDD - ok
16:03:30.0607 2180  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:03:30.0670 2180  RDPENCDD - ok
16:03:30.0685 2180  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:03:30.0732 2180  RDPREFMP - ok
16:03:30.0763 2180  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:03:30.0810 2180  RDPWD - ok
16:03:30.0857 2180  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:03:30.0872 2180  rdyboost - ok
16:03:30.0904 2180  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:03:30.0966 2180  RemoteAccess - ok
16:03:30.0997 2180  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:03:31.0060 2180  RemoteRegistry - ok
16:03:31.0091 2180  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:03:31.0153 2180  RFCOMM - ok
16:03:31.0184 2180  [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk        C:\Windows\system32\DRIVERS\rimssn64.sys
16:03:31.0200 2180  rimsptsk - ok
16:03:31.0247 2180  [ 71E182A0DE1CECB3F912960716345405 ] risdptsk        C:\Windows\system32\DRIVERS\risdsn64.sys
16:03:31.0309 2180  risdptsk - ok
16:03:31.0372 2180  [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
16:03:31.0403 2180  Roxio UPnP Renderer 10 - ok
16:03:31.0418 2180  [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
16:03:31.0434 2180  Roxio Upnp Server 10 - ok
16:03:31.0465 2180  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:03:31.0512 2180  RpcEptMapper - ok
16:03:31.0543 2180  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:03:31.0574 2180  RpcLocator - ok
16:03:31.0621 2180  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:03:31.0668 2180  RpcSs - ok
16:03:31.0699 2180  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:03:31.0762 2180  rspndr - ok
16:03:31.0808 2180  [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
16:03:31.0871 2180  RTHDMIAzAudService - ok
16:03:31.0918 2180  [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
16:03:31.0933 2180  RtkAudioService - ok
16:03:31.0964 2180  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:03:31.0980 2180  SamSs - ok
16:03:32.0011 2180  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:03:32.0011 2180  sbp2port - ok
16:03:32.0058 2180  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:03:32.0152 2180  SCardSvr - ok
16:03:32.0198 2180  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:03:32.0261 2180  scfilter - ok
16:03:32.0308 2180  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:03:32.0386 2180  Schedule - ok
16:03:32.0417 2180  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:03:32.0448 2180  SCPolicySvc - ok
16:03:32.0479 2180  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
16:03:32.0542 2180  sdbus - ok
16:03:32.0573 2180  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:03:32.0635 2180  SDRSVC - ok
16:03:32.0666 2180  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:03:32.0729 2180  secdrv - ok
16:03:32.0760 2180  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:03:32.0791 2180  seclogon - ok
16:03:32.0822 2180  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:03:32.0854 2180  SENS - ok
16:03:32.0869 2180  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:03:32.0900 2180  SensrSvc - ok
16:03:32.0932 2180  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:03:32.0947 2180  Serenum - ok
16:03:32.0963 2180  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:03:32.0994 2180  Serial - ok
16:03:33.0041 2180  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:03:33.0056 2180  sermouse - ok
16:03:33.0088 2180  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:03:33.0150 2180  SessionEnv - ok
16:03:33.0166 2180  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
16:03:33.0197 2180  SFEP - ok
16:03:33.0228 2180  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:03:33.0259 2180  sffdisk - ok
16:03:33.0290 2180  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:03:33.0322 2180  sffp_mmc - ok
16:03:33.0322 2180  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:03:33.0353 2180  sffp_sd - ok
16:03:33.0384 2180  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:03:33.0400 2180  sfloppy - ok
16:03:33.0431 2180  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:03:33.0462 2180  SharedAccess - ok
16:03:33.0509 2180  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:03:33.0556 2180  ShellHWDetection - ok
16:03:33.0587 2180  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:03:33.0602 2180  SiSRaid2 - ok
16:03:33.0634 2180  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:03:33.0634 2180  SiSRaid4 - ok
16:03:33.0712 2180  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:03:33.0727 2180  SkypeUpdate - ok
16:03:33.0758 2180  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:03:33.0805 2180  Smb - ok
16:03:33.0852 2180  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:03:33.0883 2180  SNMPTRAP - ok
16:03:33.0993 2180  [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:03:34.0009 2180  SOHCImp - ok
16:03:34.0025 2180  [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:03:34.0040 2180  SOHDBSvr - ok
16:03:34.0056 2180  [ 556681BE668D71DC162391A45422B52C ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:03:34.0087 2180  SOHDms - ok
16:03:34.0103 2180  [ 72B46103E4111439109ACF5882627C24 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:03:34.0103 2180  SOHDs - ok
16:03:34.0134 2180  [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr        C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:03:34.0134 2180  SOHPlMgr - ok
16:03:34.0165 2180  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:03:34.0181 2180  spldr - ok
16:03:34.0227 2180  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:03:34.0259 2180  Spooler - ok
16:03:34.0383 2180  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:03:34.0493 2180  sppsvc - ok
16:03:34.0524 2180  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:03:34.0571 2180  sppuinotify - ok
16:03:34.0633 2180  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:03:34.0680 2180  srv - ok
16:03:34.0727 2180  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:03:34.0758 2180  srv2 - ok
16:03:34.0789 2180  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:03:34.0836 2180  SrvHsfHDA - ok
16:03:34.0915 2180  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:03:34.0962 2180  SrvHsfV92 - ok
16:03:35.0008 2180  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:03:35.0024 2180  SrvHsfWinac - ok
16:03:35.0055 2180  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:03:35.0086 2180  srvnet - ok
16:03:35.0133 2180  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:03:35.0196 2180  SSDPSRV - ok
16:03:35.0211 2180  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:03:35.0242 2180  SstpSvc - ok
16:03:35.0289 2180  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:03:35.0289 2180  stexstor - ok
16:03:35.0367 2180  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:03:35.0414 2180  stisvc - ok
16:03:35.0445 2180  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:03:35.0461 2180  swenum - ok
16:03:35.0508 2180  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:03:35.0601 2180  swprv - ok
16:03:35.0679 2180  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:03:35.0726 2180  SysMain - ok
16:03:35.0757 2180  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:03:35.0788 2180  TabletInputService - ok
16:03:35.0851 2180  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:03:35.0929 2180  TapiSrv - ok
16:03:35.0960 2180  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:03:36.0038 2180  TBS - ok
16:03:36.0163 2180  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:03:36.0210 2180  Tcpip - ok
16:03:36.0272 2180  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:03:36.0303 2180  TCPIP6 - ok
16:03:36.0350 2180  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:03:36.0366 2180  tcpipreg - ok
16:03:36.0397 2180  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:03:36.0428 2180  TDPIPE - ok
16:03:36.0459 2180  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:03:36.0490 2180  TDTCP - ok
16:03:36.0522 2180  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:03:36.0600 2180  tdx - ok
16:03:36.0646 2180  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:03:36.0662 2180  TermDD - ok
16:03:36.0709 2180  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:03:36.0771 2180  TermService - ok
16:03:36.0818 2180  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:03:36.0849 2180  Themes - ok
16:03:36.0880 2180  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:03:36.0912 2180  THREADORDER - ok
16:03:36.0927 2180  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:03:36.0990 2180  TrkWks - ok
16:03:37.0052 2180  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:03:37.0130 2180  TrustedInstaller - ok
16:03:37.0177 2180  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:37.0239 2180  tssecsrv - ok
16:03:37.0302 2180  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:03:37.0364 2180  TsUsbFlt - ok
16:03:37.0411 2180  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:03:37.0489 2180  tunnel - ok
16:03:37.0520 2180  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:03:37.0536 2180  uagp35 - ok
16:03:37.0614 2180  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:03:37.0629 2180  uCamMonitor - ok
16:03:37.0660 2180  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:03:37.0754 2180  udfs - ok
16:03:37.0801 2180  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:03:37.0848 2180  UI0Detect - ok
16:03:37.0879 2180  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:03:37.0894 2180  uliagpkx - ok
16:03:37.0957 2180  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:03:37.0988 2180  umbus - ok
16:03:38.0019 2180  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:03:38.0050 2180  UmPass - ok
16:03:38.0082 2180  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:03:38.0175 2180  upnphost - ok
16:03:38.0222 2180  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:03:38.0284 2180  USBAAPL64 - ok
16:03:38.0300 2180  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:38.0362 2180  usbccgp - ok
16:03:38.0425 2180  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:03:38.0456 2180  usbcir - ok
16:03:38.0487 2180  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:03:38.0534 2180  usbehci - ok
16:03:38.0565 2180  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:03:38.0596 2180  usbhub - ok
16:03:38.0628 2180  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:03:38.0674 2180  usbohci - ok
16:03:38.0706 2180  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:03:38.0752 2180  usbprint - ok
16:03:38.0799 2180  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
16:03:38.0862 2180  USBSTOR - ok
16:03:38.0877 2180  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:03:38.0908 2180  usbuhci - ok
16:03:38.0924 2180  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:03:38.0955 2180  usbvideo - ok
16:03:39.0002 2180  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:03:39.0049 2180  UxSms - ok
16:03:39.0111 2180  [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
16:03:39.0127 2180  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
16:03:39.0127 2180  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
16:03:39.0205 2180  [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
16:03:39.0220 2180  VAIO Event Service - ok
16:03:39.0330 2180  [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:03:39.0361 2180  VAIO Power Management - ok
16:03:39.0376 2180  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:03:39.0392 2180  VaultSvc - ok
16:03:39.0423 2180  [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:03:39.0439 2180  VCFw - ok
16:03:39.0501 2180  [ 34063C0B842E73662067F9B03947C55C ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:03:39.0532 2180  VcmIAlzMgr - ok
16:03:39.0564 2180  [ A8F5D1651A324ABC6C308891A1252EE3 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
16:03:39.0579 2180  VcmINSMgr - ok
16:03:39.0688 2180  [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:03:39.0704 2180  VcmXmlIfHelper - ok
16:03:39.0720 2180  Vcsw - ok
16:03:39.0766 2180  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:03:39.0798 2180  vdrvroot - ok
16:03:39.0844 2180  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:03:39.0922 2180  vds - ok
16:03:39.0969 2180  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:39.0985 2180  vga - ok
16:03:40.0000 2180  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:03:40.0078 2180  VgaSave - ok
16:03:40.0094 2180  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:03:40.0110 2180  vhdmp - ok
16:03:40.0141 2180  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:03:40.0156 2180  viaide - ok
16:03:40.0188 2180  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:03:40.0203 2180  volmgr - ok
16:03:40.0234 2180  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:03:40.0250 2180  volmgrx - ok
16:03:40.0297 2180  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:03:40.0312 2180  volsnap - ok
16:03:40.0344 2180  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:03:40.0359 2180  vsmraid - ok
16:03:40.0437 2180  [ E9638E51373D527E22438B80126B64F9 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
16:03:40.0468 2180  VSNService ( UnsignedFile.Multi.Generic ) - warning
16:03:40.0468 2180  VSNService - detected UnsignedFile.Multi.Generic (1)
16:03:40.0531 2180  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:03:40.0624 2180  VSS - ok
16:03:40.0656 2180  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:03:40.0687 2180  vwifibus - ok
16:03:40.0718 2180  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:03:40.0780 2180  vwififlt - ok
16:03:40.0827 2180  [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc        C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
16:03:40.0827 2180  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
16:03:40.0827 2180  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
16:03:40.0858 2180  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:03:40.0921 2180  W32Time - ok
16:03:40.0952 2180  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:03:40.0983 2180  WacomPen - ok
16:03:41.0030 2180  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:03:41.0108 2180  WANARP - ok
16:03:41.0108 2180  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:03:41.0139 2180  Wanarpv6 - ok
16:03:41.0248 2180  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:03:41.0295 2180  WatAdminSvc - ok
16:03:41.0358 2180  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:03:41.0404 2180  wbengine - ok
16:03:41.0420 2180  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:03:41.0451 2180  WbioSrvc - ok
16:03:41.0482 2180  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:03:41.0514 2180  wcncsvc - ok
16:03:41.0529 2180  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:03:41.0560 2180  WcsPlugInService - ok
16:03:41.0592 2180  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:03:41.0607 2180  Wd - ok
16:03:41.0654 2180  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:03:41.0716 2180  Wdf01000 - ok
16:03:41.0732 2180  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:03:41.0810 2180  WdiServiceHost - ok
16:03:41.0826 2180  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:03:41.0841 2180  WdiSystemHost - ok
16:03:41.0872 2180  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:03:41.0919 2180  WebClient - ok
16:03:41.0950 2180  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:03:42.0028 2180  Wecsvc - ok
16:03:42.0060 2180  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:03:42.0106 2180  wercplsupport - ok
16:03:42.0122 2180  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:03:42.0169 2180  WerSvc - ok
16:03:42.0200 2180  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:42.0247 2180  WfpLwf - ok
16:03:42.0262 2180  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:03:42.0278 2180  WIMMount - ok
16:03:42.0294 2180  WinDefend - ok
16:03:42.0294 2180  WinHttpAutoProxySvc - ok
16:03:42.0356 2180  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:03:42.0403 2180  Winmgmt - ok
16:03:42.0465 2180  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:03:42.0543 2180  WinRM - ok
16:03:42.0606 2180  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:03:42.0652 2180  WinUsb - ok
16:03:42.0699 2180  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:03:42.0762 2180  Wlansvc - ok
16:03:42.0793 2180  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:03:42.0808 2180  WmiAcpi - ok
16:03:42.0855 2180  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:03:42.0902 2180  wmiApSrv - ok
16:03:42.0949 2180  WMPNetworkSvc - ok
16:03:42.0964 2180  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:03:42.0996 2180  WPCSvc - ok
16:03:43.0027 2180  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:03:43.0042 2180  WPDBusEnum - ok
16:03:43.0058 2180  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:03:43.0105 2180  ws2ifsl - ok
16:03:43.0136 2180  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:03:43.0183 2180  wscsvc - ok
16:03:43.0183 2180  WSearch - ok
16:03:43.0276 2180  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:03:43.0339 2180  wuauserv - ok
16:03:43.0401 2180  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:03:43.0448 2180  WudfPf - ok
16:03:43.0479 2180  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:43.0510 2180  WUDFRd - ok
16:03:43.0526 2180  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:03:43.0557 2180  wudfsvc - ok
16:03:43.0588 2180  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:03:43.0635 2180  WwanSvc - ok
16:03:43.0744 2180  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:03:43.0760 2180  YahooAUService - ok
16:03:43.0807 2180  [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
16:03:43.0838 2180  yukonw7 - ok
16:03:43.0854 2180  ================ Scan global ===============================
16:03:43.0885 2180  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:03:43.0916 2180  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:03:43.0932 2180  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:03:43.0978 2180  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:03:44.0010 2180  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:03:44.0010 2180  [Global] - ok
16:03:44.0010 2180  ================ Scan MBR ==================================
16:03:44.0041 2180  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:03:44.0400 2180  \Device\Harddisk0\DR0 - ok
16:03:44.0400 2180  ================ Scan VBR ==================================
16:03:44.0431 2180  [ 6C8ADA99BD4E47D432EBC96F110ACC66 ] \Device\Harddisk0\DR0\Partition1
16:03:44.0431 2180  \Device\Harddisk0\DR0\Partition1 - ok
16:03:44.0446 2180  [ B2D3C31B89ECD5DC62CACEED0DDCCE08 ] \Device\Harddisk0\DR0\Partition2
16:03:44.0446 2180  \Device\Harddisk0\DR0\Partition2 - ok
16:03:44.0446 2180  ============================================================
16:03:44.0446 2180  Scan finished
16:03:44.0446 2180  ============================================================
16:03:44.0462 2208  Detected object count: 6
16:03:44.0462 2208  Actual detected object count: 6
16:04:14.0352 2208  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:14.0352 2208  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:14.0352 2208  IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:14.0352 2208  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:14.0352 2208  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:14.0352 2208  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:04:14.0352 2208  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:04:43.0914 1848  Deinitialize success
__________________
Alt 19.03.2013, 16:18   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


Bitte aswMBR nochmal machen, irgendwas ist da schiefgelaufen
__________________
__________________
Alt 19.03.2013, 17:30   #19
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


asw MBR

2. Versuch


Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 16:29:16
-----------------------------
16:29:16.081    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:16.081    Number of processors: 2 586 0x170A
16:29:16.081    ComputerName: KERRY-VAIO  UserName: Kerry
16:29:17.360    Initialize success
16:29:29.653    AVAST engine defs: 13031900
16:29:54.441    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:29:54.441    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
16:29:54.457    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000066
16:29:54.457    Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0
16:29:54.457    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000067
16:29:54.473    Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
16:29:54.629    Disk 0 MBR read successfully
16:29:54.629    Disk 0 MBR scan
16:29:54.660    Disk 0 Windows 7 default MBR code
16:29:54.675    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9611 MB offset 2048
16:29:54.691    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 19685376
16:29:54.722    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       467227 MB offset 19890176
16:29:54.753    Disk 0 scanning C:\Windows\system32\drivers
16:30:07.311    Service scanning
16:30:35.610    Modules scanning
16:30:35.610    Disk 0 trace - called modules:
16:30:35.657    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
16:30:35.657    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005766790]
16:30:35.672    3 CLASSPNP.SYS[fffff880013b843f] -> nt!IofCallDriver -> [0xfffffa8004719e40]
16:30:35.672    5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471c050]
16:30:36.717    AVAST engine scan C:\Windows
16:30:39.276    AVAST engine scan C:\Windows\system32
16:34:46.647    AVAST engine scan C:\Windows\system32\drivers
16:35:26.069    AVAST engine scan C:\Users\Kerry
17:18:48.175    AVAST engine scan C:\ProgramData
17:24:47.387    Scan finished successfully
17:26:03.484    Disk 0 MBR has been saved successfully to "C:\Users\Kerry\Desktop\MBR.dat"
17:26:03.499    The log file has been saved successfully to "C:\Users\Kerry\Desktop\aswMBR.txt"

Alt 20.03.2013, 00:26   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.03.2013, 10:10   #21
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


Guten Morgen.

Oh jetzt tut sich wieder was:-)


Code:
ATTFilter
ComboFix 13-03-20.01 - Kerry 20.03.2013   9:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4063.2699 [GMT 1:00]
ausgeführt von:: c:\users\Kerry\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerry\4.0
c:\users\Kerry\AppData\Roaming\.#
c:\users\Kerry\AppData\Roaming\.#\MBX@1014@1F52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1014@1F52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1024@322740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1024@322770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1024@6C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1024@6C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1028@312740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1028@312770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@102C@20B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@102C@20B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1038@1E12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1038@1E12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1038@2252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1038@2252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@103C@662740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@103C@662770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1044@20B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1044@20B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1050@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1050@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1054@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1054@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1064@6E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1064@6E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1070@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1070@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1074@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1074@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@107C@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@107C@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1080@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1080@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1080@A22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1080@A22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1084@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1084@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1088@2172740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1088@2172770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@108C@6A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@108C@6A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1090@2032740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1090@2032770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10A8@2122740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10A8@2122770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10AC@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10AC@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10B0@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10B0@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10BC@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10BC@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10C4@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10C4@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10E0@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10E0@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10E0@302740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10E0@302770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10F0@1F02740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10F0@1F02770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10F4@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@10F4@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1100@2F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1100@2F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1124@2032740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1124@2032770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1138@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1138@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1138@2072740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1138@2072770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@113C@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@113C@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@113C@682740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@113C@682770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1140@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1140@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1150@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1150@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@115C@6D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@115C@6D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1160@1F62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1160@1F62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1164@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1164@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1170@232740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1170@232770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1198@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1198@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11A8@2062740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11A8@2062770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11AC@1E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11AC@1E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11C4@1EB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11C4@1EB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11CC@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@11CC@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1204@1F22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1204@1F22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1214@6F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1214@6F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1224@6E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1224@6E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1258@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1258@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@125C@1F22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@125C@1F22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@125C@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@125C@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1264@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1264@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1280@232740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1280@232770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@129C@2252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@129C@2252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@129C@6E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@129C@6E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12B4@20F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12B4@20F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12C8@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12C8@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12D8@1FC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12D8@1FC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12E0@1E22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12E0@1E22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12E0@2062740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12E0@2062770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F0@1EA2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F0@1EA2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F0@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F0@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F4@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@12F4@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1300@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1300@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1318@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1318@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1318@2032740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1318@2032770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1320@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1320@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@132C@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@132C@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1334@1EE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1334@1EE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@134@392740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@134@392770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1344@1F52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1344@1F52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1344@3B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1344@3B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1348@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1348@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1348@952740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1348@952770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@134C@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@134C@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1354@20F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1354@20F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1354@A12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1354@A12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1384@21A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1384@21A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1394@922740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1394@922770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@139C@232740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@139C@232770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13A4@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13A4@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13B8@6C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13B8@6C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13C8@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13C8@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13DC@1F22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13DC@1F22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13DC@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@13DC@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1434@20A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1434@20A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@145C@20B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@145C@20B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1460@1E42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1460@1E42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1460@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1460@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1494@2072740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1494@2072770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14A4@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14A4@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14AC@702740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14AC@702770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14B8@1F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14B8@1F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14C4@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14C4@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14CC@1DC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14CC@1DC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14CC@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14CC@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14D4@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14D4@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14D8@232740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14D8@232770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14DC@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@14DC@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1510@1F52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1510@1F52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1514@1FC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1514@1FC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@151C@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@151C@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@151C@2072740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@151C@2072770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1534@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1534@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1550@8E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1550@8E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1564@20D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1564@20D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@156C@372740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@156C@372770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1570@302740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1570@302770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1584@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1584@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@158C@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@158C@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@159C@2D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@159C@2D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15A4@2C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15A4@2C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B0@20C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B0@20C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B0@2A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B0@2A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B4@1E52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B4@1E52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B8@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15B8@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15E8@772740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15E8@772770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15F0@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15F0@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15F8@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@15F8@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1610@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1610@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@162C@6A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@162C@6A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1644@1F72740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1644@1F72770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1648@2042740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1648@2042770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@165C@1C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@165C@1C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@165C@1F22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@165C@1F22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1668@2002740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1668@2002770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1670@2C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1670@2C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1678@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1678@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1688@2202740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1688@2202770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@168C@1FA2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@168C@1FA2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@168C@21B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@168C@21B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1694@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1694@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16A8@732740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16A8@732770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16B0@8C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16B0@8C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16B4@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16B4@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16C0@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16C0@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16C8@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16C8@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16D0@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16D0@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16E4@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@16E4@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1720@2012740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1720@2012770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1720@20F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1720@20F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1728@692740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1728@692770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1738@20E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1738@20E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1750@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1750@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1754@1FA2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1754@1FA2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1754@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1754@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1764@8C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1764@8C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1774@302740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1774@302770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@177C@20D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@177C@20D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1794@1DF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1794@1DF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17AC@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17AC@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17B0@1F82740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17B0@1F82770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17BC@6B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17BC@6B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17C8@1F72740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17C8@1F72770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17D0@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17D0@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17E8@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17E8@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17EC@1C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17EC@1C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F4@1D62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F4@1D62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F4@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F4@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F8@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@17F8@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1878@20F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1878@20F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@18A4@312740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@18A4@312770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@18B8@1FE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@18B8@1FE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1924@3F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1924@3F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1960@712740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1960@712770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1980@2022740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1980@2022770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19B8@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19B8@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19C0@1DD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19C0@1DD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19C0@2F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19C0@2F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19E4@3B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19E4@3B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19F0@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19F0@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19F4@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@19F4@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1A24@1FC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1A24@1FC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1A90@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1A90@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AD4@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AD4@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AE0@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AE0@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AF8@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1AF8@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B24@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B24@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B38@2012740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B38@2012770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B48@2122740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B48@2122770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B4C@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B4C@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B98@20C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1B98@20C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BB8@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BB8@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BC@1E72740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BC@1E72770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BC0@1DE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BC0@1DE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BD0@1D92740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@1BD0@1D92770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@218@2112740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@218@2112770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2518@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2518@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@280@1F32740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@280@1F32770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2900@2122740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2900@2122770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B0@2062740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B0@2062770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B0@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B0@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B4@2132740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B4@2132770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B8@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2B8@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2C4@1F92740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2C4@1F92770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2D4@372740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2D4@372770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2DC@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@2DC@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@354@1F92740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@354@1F92770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@358@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@358@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@36C@352740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@36C@352770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3A8@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3A8@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3B8@6E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3B8@6E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3E0@7B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3E0@7B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3FC@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@3FC@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@404@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@404@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@45C@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@45C@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@464@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@464@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@4A4@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@4A4@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@52C@1F32740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@52C@1F32770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@53C@1FE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@53C@1FE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@550@9D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@550@9D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@574@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@574@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@57C@2112740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@57C@2112770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@57C@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@57C@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@59C@2A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@59C@2A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5A4@21B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5A4@21B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5B4@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5B4@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5E0@1F32740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@5E0@1F32770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@604@3C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@604@3C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@620@20A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@620@20A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@638@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@638@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@65C@1F92740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@65C@1F92770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@69C@2172740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@69C@2172770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6B0@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6B0@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6BC@2C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6BC@2C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6DC@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6DC@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6E4@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6E4@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6E8@8B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6E8@8B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6F0@722740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6F0@722770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6FC@622740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@6FC@622770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@750@1F72740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@750@1F72770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@754@1EE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@754@1EE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@76C@692740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@76C@692770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@770@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@770@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@778@302740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@778@302770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@78C@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@78C@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7B4@672740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7B4@672770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7B8@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7B8@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7DC@1DF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7DC@1DF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7E8@302740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7E8@302770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7E8@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7E8@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F0@1E62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F0@1E62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F4@3F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F4@3F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F8@6E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7F8@6E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7FC@1FC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@7FC@1FC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@828@1E52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@828@1E52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@84C@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@84C@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@850@2042740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@850@2042770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@854@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@854@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@1EB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@1EB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@2192740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@2192770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@6F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@85C@6F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@860@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@860@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@864@312740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@864@312770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@868@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@868@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@874@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@874@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@884@6F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@884@6F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8BC@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8BC@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8E0@702740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8E0@702770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8F0@2B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8F0@2B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8FC@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@8FC@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@90C@2A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@90C@2A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@91C@20B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@91C@20B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@940@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@940@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@958@20F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@958@20F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@978@1E42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@978@1E42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9C4@3B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9C4@3B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9C8@20C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9C8@20C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9CC@1F42740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9CC@1F42770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9D4@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9D4@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9E0@20D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9E0@20D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9E8@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@9E8@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A04@2B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A04@2B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A10@1FF2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A10@1FF2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A44@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A44@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A4C@6B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A4C@6B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A5C@1EE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A5C@1EE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A7C@1E12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A7C@1E12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@1FE2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@1FE2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@2132740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@2132770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@2B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8@2B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A84@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A84@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8C@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@A8C@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AB4@2C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AB4@2C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AB8@1F12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AB8@1F12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AD8@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AD8@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@ADC@722740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@ADC@722770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AE0@1E82740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@AE0@1E82770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B08@3C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B08@3C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B0C@1E82740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B0C@1E82770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B2C@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B2C@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B84@382740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B84@382770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B8C@1FC2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@B8C@1FC2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BAC@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BAC@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BC0@2D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BC0@2D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BE8@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BE8@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BFC@2E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BFC@2E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BFC@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@BFC@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C0C@342740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C0C@342770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C18@1F92740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C18@1F92770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C34@2142740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C34@2142770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C3C@21E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C3C@21E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C40@2012740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C40@2012770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C58@2002740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C58@2002770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C60@1E52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C60@1E52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C74@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C74@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C80@662740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C80@662770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C84@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C84@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C9C@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@C9C@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CB4@8B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CB4@8B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CB8@2052740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CB8@2052770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CC8@362740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CC8@362770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CEC@1F62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@CEC@1F62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D04@652740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D04@652770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D04@792740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D04@792770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D10@232740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D10@232770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D14@2B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D14@2B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D28@2082740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D28@2082770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D30@2F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D30@2F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D3C@322740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D3C@322770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D4C@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D4C@262770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D50@1E12740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D50@1E12770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D54@1F22740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D54@1F22770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D58@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D58@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D5C@1F32740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D5C@1F32770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D8@2C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D8@2C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D80@2A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D80@2A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D84@1FD2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@D84@1FD2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DB4@3A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DB4@3A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DB4@3E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DB4@3E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DBC@1E52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DBC@1E52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DC0@9B2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DC0@9B2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD0@2E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD0@2E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD0@662740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD0@662770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD8@20E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD8@20E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD8@21A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DD8@21A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DDC@1DA2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DDC@1DA2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DE0@342740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DE0@342770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DEC@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DEC@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DF0@372740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@DF0@372770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E08@3D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E08@3D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E18@1E62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E18@1E62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E30@252740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E30@252770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E30@292740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E30@292770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E48@1EB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E48@1EB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E6C@1F52740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E6C@1F52770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E70@2022740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E70@2022770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E7C@6C2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E7C@6C2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E88@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E88@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E94@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E94@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E94@2E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E94@2E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E9C@2042740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@E9C@2042770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EAC@1F62740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EAC@1F62770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EB4@272740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EB4@272770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EC0@1FB2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EC0@1FB2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@ED8@672740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@ED8@672770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@2032740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@2032770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@6A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@6A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@702740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF0@702770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF4@2E2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF4@2E2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF4@9D2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EF4@9D2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EFC@682740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@EFC@682770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F1C@2A2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F1C@2A2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F1C@332740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F1C@332770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F70@1F82740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F70@1F82770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F80@2092740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F80@2092770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F88@2F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@F88@2F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FC0@282740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FC0@282770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FC4@1F32740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FC4@1F32770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FCC@702740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FCC@702770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FCC@8F2740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FCC@8F2770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FE8@242740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FE8@242770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FF8@2112740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FF8@2112770.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FF8@262740.###
c:\users\Kerry\AppData\Roaming\.#\MBX@FF8@262770.###
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-20 bis 2013-03-20  ))))))))))))))))))))))))))))))
.
.
2013-03-20 08:36 . 2013-03-20 08:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-18 15:44 . 2013-03-18 15:44	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-17 14:08 . 2013-03-20 08:46	--------	d-----w-	c:\users\Kerry\AppData\Roaming\Dropbox
2013-03-16 16:00 . 2013-03-16 16:00	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2013-03-16 15:24 . 2013-03-16 15:24	--------	d-----w-	c:\programdata\gubu
2013-03-12 11:39 . 2013-03-12 11:39	--------	d-----w-	c:\users\Kerry\AppData\Roaming\Panel+
2013-03-12 11:39 . 2013-03-12 11:39	--------	d-----w-	c:\users\Kerry\AppData\Local\Panel+
2013-03-11 18:40 . 2013-03-12 10:54	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-03-04 17:52 . 2013-03-11 18:40	--------	d-----w-	c:\users\Kerry\AppData\Local\Thunderbird
2013-03-04 17:52 . 2013-03-04 17:52	--------	d-----w-	c:\users\Kerry\AppData\Roaming\Thunderbird
2013-03-02 11:58 . 2013-03-02 11:58	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2013-03-02 11:38 . 2012-08-21 12:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-03-02 11:38 . 2013-03-02 11:38	--------	d-----w-	c:\program files\iPod
2013-03-02 11:38 . 2013-03-02 11:38	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 11:38 . 2013-03-02 11:38	--------	d-----w-	c:\program files\iTunes
2013-03-02 11:38 . 2013-03-02 11:38	--------	d-----w-	c:\program files (x86)\iTunes
2013-02-28 17:40 . 2013-02-28 17:40	--------	d-----w-	c:\users\Kerry\AppData\Roaming\Avira
2013-02-28 17:35 . 2013-03-18 13:18	--------	d-----w-	c:\users\Kerry\AppData\Local\DoNotTrackPlus
2013-02-28 17:34 . 2013-02-28 17:34	--------	d-----w-	c:\users\Kerry\AppData\Local\AskToolbar
2013-02-28 17:34 . 2013-02-28 17:35	--------	d-----w-	c:\program files (x86)\Ask.com
2013-02-28 17:33 . 2013-02-28 17:25	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-02-28 17:33 . 2013-02-28 17:25	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-28 17:33 . 2013-02-28 17:25	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-28 17:33 . 2013-02-28 17:33	--------	d-----w-	c:\program files (x86)\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 18:23 . 2009-11-11 14:29	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 11:09 . 2012-05-14 15:41	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 11:09 . 2011-08-22 19:16	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 17:40	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 17:40	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 17:40	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 17:40	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 17:40	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 17:40	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-08 00:28 . 2013-02-26 10:49	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A167C436-F1D7-439A-8684-BA7E5525708B}\mpengine.dll
2013-01-17 00:28 . 2009-11-27 15:32	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-14 11:42	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 11:42	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 11:42	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 13:41 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-01-04 13:41 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-01-04 05:46 . 2013-02-14 11:41	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 11:41	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 11:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 11:41	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 11:41	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 11:41	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 11:41	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 11:41	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 11:41	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 11:41	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-11-26 1525088]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-02-08 14:10	1521800	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d28c7e56-2cc6-415c-8727-d71334085926}"= "mscoree.dll" [2010-11-05 297808]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d28c7e56-2cc6-415c-8727-d71334085926}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	129272	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-06 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"Panel+"="c:\users\Kerry\AppData\Local\Panel+\service\PanelPlusService.exe" [2013-02-21 140880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-09-06 26624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-05 1459848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-28 385248]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kerry\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 26043088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 09:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DiscountfinderService;DiscountfinderService;c:\programdata\Rabatt-Finder\DFService.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-30 35104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-17 110888]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-04 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-28 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-27 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-28 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-28 565472]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-07-16 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-08-12 522240]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-05 5435904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 11:09]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-06 08:06]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-06 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-03-12 06:39	162552	----a-w-	c:\users\Kerry\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=localhost:44413
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\ubm6n0lk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
FF - ExtSQL: 2013-02-28 18:35; toolbar@ask.com; c:\users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\ubm6n0lk.default\extensions\toolbar@ask.com
FF - ExtSQL: 2013-03-12 12:39; IpsosPanelPlus@ipsosinteractive.com; c:\users\Kerry\AppData\Local\Panel+\toolbar_ff
FF - ExtSQL: 2013-03-16 16:28; discountfinder@moneymillionaire.com; c:\programdata\Rabatt-Finder\FFExtension20130221120752
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"=hex:51,66,7a,6c,4c,1d,38,12,70,14,37,
   c0,18,17,34,04,e1,a7,9c,96,dc,03,71,24
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D28C7E56-2CC6-415C-8727-D71334085926}"=hex:51,66,7a,6c,4c,1d,38,12,38,7d,9f,
   d6,f4,62,32,04,f8,31,94,53,31,56,1d,32
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1D970ED5-3EDA-438D-BFFD-715931E2775B}"=hex:51,66,7a,6c,4c,1d,38,12,bb,0d,84,
   19,e8,70,e3,06,c0,eb,32,19,34,bc,33,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{BF42D4A8-016E-4FCD-B1EB-837659FD77C6}"=hex:51,66,7a,6c,4c,1d,38,12,c6,d7,51,
   bb,5c,4f,a3,0a,ce,fd,c0,36,5c,a3,33,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b7,fc,72,1c,9c,0b,ce,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,04,4c,60,67,e7,6d,43,a7,41,8e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,04,4c,60,67,e7,6d,43,a7,41,8e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\users\Kerry\AppData\Local\Panel+\service\PanelPlusNet.exe
c:\users\Kerry\AppData\Local\Panel+\service\PanelPlusNet.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-20  10:12:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-20 09:12
.
Vor Suchlauf: 10 Verzeichnis(se), 408.714.665.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 415.141.781.504 Bytes frei
.
- - End Of File - - 6667AC18C4ABAB01A2D7775F9A675251
Geändert von Kerry (20.03.2013 um 10:17 Uhr)

Alt 20.03.2013, 13:38   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.03.2013, 14:14   #23
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


Hier schonmal JRT:


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kerry on 20.03.2013 at 14:02:25,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} 



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthost.tool.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1d970ed5-3eda-438d-bffd-715931e2775b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1d970ed5-3eda-438d-bffd-715931e2775b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"



~~~ FireFox

Successfully deleted: [File] C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "^AGS");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.cr-o", "APN10261");
user_pref("extensions.asktb.crumb", "2013.02.28+09.30.57-toolbar007iad-DE-Q29sb2duZSxHZXJtYW55");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
user_pref("extensions.asktb.domain", "avira-int.ask.com");
user_pref("extensions.asktb.domainName", "avira-int.ask.com");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.guid", "d92fe314-9bbf-48fc-92a8-d585cafe31b4");
user_pref("extensions.asktb.hpr", "YES");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "ovw");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1363692835253");
user_pref("extensions.asktb.last-search-timestamp", "1363526143970");
user_pref("extensions.asktb.last-v", "3.15.18.100015");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.localePref", true);
user_pref("extensions.asktb.location", "Cologne,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.o", "APN10261");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "0CD86D4F-F2C2-46EA-B861-0DCFE76DFCEC");
user_pref("extensions.asktb.search-history-queries", "google.de");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "28.02.2013 18:34:46");
user_pref("extensions.asktb.to", "");



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.03.2013 at 14:10:36,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADW CleanerAdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 20/03/2013 um 14:16:58 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kerry - KERRY-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kerry\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Kerry\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Users\Kerry\AppData\Local\APN
Ordner Gelöscht : C:\Users\Kerry\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Kerry\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Kerry\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Kerry\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Kerry\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v13.0 (de)

Datei : C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\ubm6n0lk.default\prefs.js

Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]

*************************

AdwCleaner[S1].txt - [7751 octets] - [20/03/2013 14:16:58]

########## EOF - C:\AdwCleaner[S1].txt - [7811 octets] ##########
--- --- ---
Alt 20.03.2013, 14:47   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


Kommen die OTL-Log noch?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.03.2013, 14:51   #25
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


Ja hier bitte.


Code:
ATTFilter
OTL logfile created on: 20.03.2013 14:37:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kerry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,39% Memory free
7,93 Gb Paging File | 6,16 Gb Available in Paging File | 77,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 386,46 Gb Free Space | 84,70% Space Free | Partition Type: NTFS
 
Computer Name: KERRY-VAIO | User Name: Kerry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kerry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusService.exe (Ipsos)
PRC - C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusNet.exe (Ipsos)
PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kerry\AppData\Local\Panel+\service\TrotiNet.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\44700e64c32d11d6b2147fd87dbfd761\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\a31a05ea4f51139b6fae4256999a538e\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 83 D4 8D DA 63 CA 01  [binary data]
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{3E3C112D-2545-4C96-8F7B-D28C86ACDB03}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{3E9F0EAF-8E48-4C01-92B3-9D5F1A9F1A7D}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&rlz=1I7SVEA_deDE353
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{4C94BDDB-9BF4-48C6-86DF-1F0F45F63151}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{6553E8FD-8FA2-44C1-A8B3-717E57FFA0CD}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{75FFA669-6BDD-4368-BC19-F31A4B86242D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{DE344921-2CE6-4FEB-8D6C-DCC5FD85B971}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=d92fe314-9bbf-48fc-92a8-d585cafe31b4&apn_sauid=0CD86D4F-F2C2-46EA-B861-0DCFE76DFCEC
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\SearchScopes\{FA3614B8-1CDC-41C3-9F70-8282748AF3FB}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:44413
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MoneyMillionaire/npdf: C:\ProgramData\Rabatt-Finder\FFExtension20130221120752\plugins\npdf.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@IpsosPanelPlus@ipsosinteractive.com: C:\Users\Kerry\AppData\Local\Panel+\toolbar_ff\plugins\npIpsosCommPlugin.dll (IDM)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\discountfinder@moneymillionaire.com: C:\ProgramData\Rabatt-Finder\FFExtension20130221120752 [2013.03.16 16:28:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.29 08:04:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.01 08:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.11 19:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\IpsosPanelPlus@ipsosinteractive.com: C:\Users\Kerry\AppData\Local\Panel+\toolbar_ff\ [2013.03.12 12:39:27 | 000,000,000 | ---D | M]
 
[2010.03.11 14:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\Extensions
[2013.03.20 14:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\Firefox\Profiles\ubm6n0lk.default\extensions
[2013.03.16 17:31:54 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\Kerry\AppData\Roaming\mozilla\firefox\profiles\ubm6n0lk.default\extensions\toolbar@web.de.xpi
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.06.29 08:04:09 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.06.01 16:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 17:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.20 09:44:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-416463588-351850769-2308339816-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-416463588-351850769-2308339816-1000..\Run: [Panel+] C:\Users\Kerry\AppData\Local\Panel+\service\PanelPlusService.exe (Ipsos)
O4 - Startup: C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kerry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-416463588-351850769-2308339816-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.20 14:05:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.20 14:02:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.20 14:02:13 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.20 14:01:30 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Kerry\Desktop\JRT.exe
[2013.03.20 10:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Kerry\AppData\Roaming\.#
[2013.03.20 10:13:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.20 09:44:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.03.20 09:20:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.20 09:20:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.20 09:20:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.20 09:19:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.20 09:19:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.20 09:17:44 | 005,042,037 | R--- | C] (Swearware) -- C:\Users\Kerry\Desktop\ComboFix.exe
[2013.03.19 15:59:57 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kerry\Desktop\tdsskiller.exe
[2013.03.19 14:56:22 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kerry\Desktop\aswMBR.exe
[2013.03.18 18:38:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.18 16:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.18 16:43:49 | 000,000,000 | ---D | C] -- C:\Users\Kerry\Desktop\mbar-1.01.0.1021
[2013.03.18 15:51:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kerry\Desktop\OTL.exe
[2013.03.17 15:09:10 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.03.17 15:08:45 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Dropbox
[2013.03.16 17:00:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.03.16 16:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\gubu
[2013.03.13 19:22:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 19:22:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 19:22:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 19:22:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 19:22:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 19:22:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 19:22:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 19:22:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 19:22:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 19:22:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 19:22:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 19:22:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 19:22:26 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 19:22:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 19:22:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.12 12:39:28 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Panel+
[2013.03.12 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panel+
[2013.03.12 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\Panel+
[2013.03.11 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.04 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Thunderbird
[2013.03.04 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\Thunderbird
[2013.03.02 12:58:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013.03.02 12:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.03.02 12:38:42 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.03.02 12:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.03.02 12:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.02.28 18:40:36 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Roaming\Avira
[2013.02.28 18:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.28 18:35:12 | 000,000,000 | ---D | C] -- C:\Users\Kerry\AppData\Local\DoNotTrackPlus
[2013.02.28 18:33:56 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.28 18:33:56 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.02.28 18:33:56 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.28 18:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.02.27 13:54:19 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 13:54:19 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 13:54:19 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 13:54:18 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 13:54:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 13:54:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 13:54:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 13:54:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 13:54:05 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 13:54:05 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 13:54:05 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 13:54:05 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 13:54:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 13:54:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 13:54:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 13:54:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 13:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 13:54:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 13:54:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 13:54:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 13:54:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 13:54:04 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 13:54:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 13:54:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 13:54:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 13:54:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 13:54:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 13:54:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 13:54:03 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 13:54:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 13:54:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 13:54:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 13:54:03 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 13:54:03 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.20 14:28:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 14:28:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.20 14:18:58 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.20 14:18:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.20 14:18:31 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.20 14:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.20 14:15:48 | 000,609,993 | ---- | M] () -- C:\Users\Kerry\Desktop\adwcleaner.exe
[2013.03.20 14:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.20 14:01:31 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Kerry\Desktop\JRT.exe
[2013.03.20 09:44:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.20 09:18:01 | 005,042,037 | R--- | M] (Swearware) -- C:\Users\Kerry\Desktop\ComboFix.exe
[2013.03.19 17:26:03 | 000,000,512 | ---- | M] () -- C:\Users\Kerry\Desktop\MBR.dat
[2013.03.19 15:59:57 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kerry\Desktop\tdsskiller.exe
[2013.03.19 14:57:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kerry\Desktop\aswMBR.exe
[2013.03.18 18:38:47 | 621,766,792 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.18 16:40:21 | 013,786,977 | R--- | M] () -- C:\Users\Kerry\Desktop\mbar-1.01.0.1021.zip
[2013.03.18 16:22:34 | 000,377,856 | ---- | M] () -- C:\Users\Kerry\Desktop\gmer_2.1.19155.exe
[2013.03.18 15:51:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kerry\Desktop\OTL.exe
[2013.03.17 15:10:53 | 000,000,999 | ---- | M] () -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.17 14:45:58 | 2091,673,243 | ---- | M] () -- C:\Users\Kerry\Desktop\Neuer ZIP-komprimierter Ordner.zip
[2013.03.17 14:23:42 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.17 14:23:42 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.17 14:23:42 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.17 14:23:42 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.17 14:23:42 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.13 12:09:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 12:09:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.07 20:27:32 | 000,023,812 | ---- | M] () -- C:\Users\Kerry\AppData\Roaming\UserTile.png
[2013.03.07 18:49:01 | 000,118,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.04 18:51:33 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.03.02 12:38:48 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 18:35:14 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.28 18:25:48 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.02.28 18:25:48 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.02.28 18:25:47 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.20 14:15:48 | 000,609,993 | ---- | C] () -- C:\Users\Kerry\Desktop\adwcleaner.exe
[2013.03.20 09:20:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.20 09:20:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.20 09:20:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.20 09:20:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.20 09:20:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.19 17:26:03 | 000,000,512 | ---- | C] () -- C:\Users\Kerry\Desktop\MBR.dat
[2013.03.18 18:38:47 | 621,766,792 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.18 16:40:31 | 013,786,977 | R--- | C] () -- C:\Users\Kerry\Desktop\mbar-1.01.0.1021.zip
[2013.03.18 16:22:34 | 000,377,856 | ---- | C] () -- C:\Users\Kerry\Desktop\gmer_2.1.19155.exe
[2013.03.17 15:09:19 | 000,000,999 | ---- | C] () -- C:\Users\Kerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.17 14:28:13 | 2091,673,243 | ---- | C] () -- C:\Users\Kerry\Desktop\Neuer ZIP-komprimierter Ordner.zip
[2013.03.07 18:49:01 | 000,118,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013.03.04 18:51:33 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013.03.04 18:51:33 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.03.02 12:58:06 | 000,023,812 | ---- | C] () -- C:\Users\Kerry\AppData\Roaming\UserTile.png
[2013.03.02 12:38:48 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.02.28 18:35:14 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.23 17:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011.12.23 16:59:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2011.12.23 16:59:47 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Chiller
[2011.12.23 16:59:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.12.23 16:59:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Contents
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classic Thick
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Channel
[2011.12.23 16:59:46 | 000,000,268 | RH-- | C] () -- C:\Users\Kerry\AppData\Roaming\Carbon
[2011.12.23 16:59:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.12.23 16:59:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.12.23 16:59:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Configure Folder Actions
[2011.12.23 16:59:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Compressor
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Das fängt langsam an mir Spaß zu machen

Alt 20.03.2013, 15:00   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.03.2013, 16:07   #27
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


Ich bin verwirrt, ist malewarebytes mBar?
Oder ist das ein neues Programm zum Downloaden?
Ich kann mbam.exe nicht finden.

Alt 20.03.2013, 16:08   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


MBAR = Malwarebytes Anti-Rootkit
MBAM = Malwarebytes Anti-Malware

Mit MBAM möchte ich einen Kontrollscan sehen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.03.2013, 16:29   #29
Kerry
 
4viren/trojaner - Standard

4viren/trojaner


M Bam


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kerry :: KERRY-VAIO [Administrator]

Schutz: Aktiviert

20.03.2013 16:21:02
mbam-log-2013-03-20 (16-21-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216583
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 20.03.2013, 17:01   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
4viren/trojaner - Standard

4viren/trojaner


Gut, fehlt noch ESET. Bitte in deiner nächsten AW das ESET Log posten
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu 4viren/trojaner
angezeigt, antivir, compu, computer, exp/java.a.391, html/twitscroll.a, js/blacole.kh.4, tr/dldr.dofoil.r.537, tr/injector.aoq, troja, trojaner, verschiedene


« Coupondropdown | cybercrime investigation schweizerische Eidg. Hilfe »


Zum Thema 4viren/trojaner - aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Starte die aswMBR.exe - ( aswMBR.exe Anleitung ) Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator - 4viren/trojaner...
Archiv
Du betrachtest: 4viren/trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131