|
Log-Analyse und Auswertung: Polizeivirus .LPD BM.IWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.05.2013, 13:55 | #1 |
| Polizeivirus .LPD BM.I habe seit gestern den Polizeivirus und versuche seit stunden ihn wieder loszuwerden...ohne erfolg. Habe zunächst im abgesicherten modus einen TeeSupport erstellt. Habe alles aus den programmen rausgelöscht, was mir "spanisch" vorkam. Habe Spybot und Trojan Killer drüberlaufen lassen - auch ohne erfolg. Bin echt ratlos, was ich noch machen könnte. Bitte um Hilfe! |
14.05.2013, 13:56 | #2 |
/// Malware-holic | Polizeivirus .LPD BM.I hi
__________________was hast du erstellt? bitte nicht einfach drauf los löschen,d as richtet meist eher mehr Schaden an. im abges. Modus: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
14.05.2013, 18:15 | #3 |
| Polizeivirus .LPD BM.I OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 14.05.2013 17:22:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TeeSupport.Markus2010\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 57,12% Memory free 7,50 Gb Paging File | 5,66 Gb Available in Paging File | 75,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290,26 Gb Total Space | 99,63 Gb Free Space | 34,33% Space Free | Partition Type: NTFS Drive D: | 7,74 Gb Total Space | 0,91 Gb Free Space | 11,72% Space Free | Partition Type: NTFS Computer Name: MARKUS2010 | User Name: TeeSupport | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\TeeSupport.Markus2010\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\IKARUS\virus.utilities\bin\guardxservice.exe (IKARUS Security Software GmbH) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (GuardX) -- C:\Program Files (x86)\IKARUS\virus.utilities\bin\guardxservice.exe (IKARUS Security Software GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (IviRegMgr) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (TrojanKillerDriver) -- C:\Windows\SysNative\drivers\gtkdrv.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NTGUARD) -- C:\Program Files (x86)\IKARUS\virus.utilities\bin\ntguard_x64.sys (IKARUS Security Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = Google IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = Google IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT469 IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\SearchScopes\{8A541E5B-0B6F-4C12-B915-62C88EA10F69}: "URL" = hxxp://findgala.com/?&uid=2247&q={searchTerms} IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\..\SearchScopes,bProtectorDefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_de IE - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 17:09:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 18:18:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.16 15:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.04 17:09:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.03 17:24:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.04 17:09:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.03 17:24:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.03 17:24:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.03 17:24:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.03 17:24:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Ikarus-GuardX] C:\Program Files (x86)\IKARUS\virus.utilities\bin\guardxkickoff_x64.exe (IKARUS Security Software GmbH) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002..\Run: [EPSON Stylus S20 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEAE.EXE /FU "C:\Windows\TEMP\E_SA811.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3144646722-3477851633-984445032-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{283D6EE8-DAAB-404C-A0D4-635D935EAD98}: DhcpNameServer = 192.168.10.253 213.33.99.70 80.120.17.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE71A383-6E7A-4C71-B63C-60100C1CBD31}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002 Winlogon: Shell - (C:\Users\Markus\AppData\Roaming\skype.dat) - C:\Users\Markus\AppData\Roaming\skype.dat (Sftware ) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.13 22:25:24 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.14 13:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2013.05.14 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2013.05.14 07:40:46 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\CyberLink [2013.05.13 22:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.13 22:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.13 18:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.13 18:24:50 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.05.13 18:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.13 18:19:15 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\TeamViewer [2013.05.13 18:17:41 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Macromedia [2013.05.13 18:17:32 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Adobe [2013.05.13 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Google [2013.05.13 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Google [2013.05.13 18:16:38 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Scansoft [2013.05.13 18:15:41 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.13 18:15:41 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Searches [2013.05.13 18:15:41 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.13 18:15:28 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Identities [2013.05.13 18:15:26 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Contacts [2013.05.13 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\VirtualStore [2013.05.13 17:50:57 | 000,000,000 | --SD | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Videos [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Saved Games [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Pictures [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Music [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Links [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Favorites [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Downloads [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Documents [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\Desktop [2013.05.13 17:50:57 | 000,000,000 | R--D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Vorlagen [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Verlauf [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Temporary Internet Files [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Startmenü [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\SendTo [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Recent [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Netzwerkumgebung [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Lokale Einstellungen [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Documents\Eigene Videos [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Documents\Eigene Musik [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Eigene Dateien [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Documents\Eigene Bilder [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Druckumgebung [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Cookies [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Anwendungsdaten [2013.05.13 17:50:57 | 000,000,000 | -HSD | C] -- C:\Users\TeeSupport.Markus2010\Anwendungsdaten [2013.05.13 17:50:57 | 000,000,000 | -H-D | C] -- C:\Users\TeeSupport.Markus2010\AppData [2013.05.13 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Temp [2013.05.13 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Microsoft Help [2013.05.13 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Local\Microsoft [2013.05.13 17:50:57 | 000,000,000 | ---D | C] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Media Center Programs [2013.04.17 19:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.14 17:22:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 17:22:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 17:15:38 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.14 17:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.14 17:14:42 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys [2013.05.14 16:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.14 16:00:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.14 13:59:19 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2013.05.13 22:25:24 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.13 22:19:34 | 000,000,484 | RHS- | M] () -- C:\Users\TeeSupport.Markus2010\ntuser.pol [2013.05.13 20:55:14 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.13 20:55:14 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.13 20:55:14 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.13 20:55:14 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.13 20:55:14 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.13 20:38:14 | 000,000,105 | ---- | M] () -- C:\Windows\wininit.ini [2013.05.13 18:24:57 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.05 19:31:12 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2013.04.25 03:18:12 | 000,420,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 19:10:12 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.14 13:59:19 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2013.05.13 22:25:24 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.05.13 20:38:14 | 000,000,105 | ---- | C] () -- C:\Windows\wininit.ini [2013.05.13 18:24:57 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.13 18:24:57 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.05.13 18:16:07 | 000,001,411 | ---- | C] () -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.05.13 18:15:57 | 000,001,445 | ---- | C] () -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.13 18:15:19 | 000,000,484 | RHS- | C] () -- C:\Users\TeeSupport.Markus2010\ntuser.pol [2013.04.17 19:10:12 | 000,001,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.04.17 19:10:12 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2012.01.28 15:50:53 | 000,000,256 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.01.28 15:50:53 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.01.28 15:49:57 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.28 15:47:31 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2012.01.28 15:47:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.01.28 15:47:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.01.28 15:47:01 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.01.28 15:46:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.01.28 15:42:51 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.09.27 20:25:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automator [2011.09.27 20:25:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Automatic Filter [2011.09.27 20:25:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.09.27 20:25:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.09.27 20:25:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.09.27 20:25:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\CMMs [2011.09.27 20:25:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.04 20:21:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\0A1O1O [2012.05.16 16:21:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Audacity [2013.04.04 20:11:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Babylon [2013.04.04 20:20:49 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\DealPly [2013.05.14 17:15:37 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Dropbox [2012.05.06 19:55:54 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\FileZilla [2011.10.05 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Nikon [2011.01.22 14:03:08 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Personal Security Sentinel [2013.01.08 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TeamViewer [2010.10.31 19:39:52 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird [2013.05.13 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Yontoo [2013.05.13 18:19:15 | 000,000,000 | ---D | M] -- C:\Users\TeeSupport.Markus2010\AppData\Roaming\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.05.14 17:15:14 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.10.31 18:19:45 | 000,000,000 | ---D | M] -- C:\alterPC [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.31 17:02:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.07.21 22:17:52 | 000,000,000 | -H-D | M] -- C:\hp [2010.10.31 19:09:16 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.13 22:24:55 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.14 16:45:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.05.13 20:39:42 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.31 17:02:42 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.21 17:26:27 | 000,000,000 | ---D | M] -- C:\SAVEJUC [2010.10.31 17:49:10 | 000,000,000 | ---D | M] -- C:\SAVEJUC_alt [2010.07.21 22:18:23 | 000,000,000 | ---D | M] -- C:\SWSETUP [2013.05.14 17:24:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.07.21 22:09:41 | 000,000,000 | RHSD | M] -- C:\system.sav [2013.05.13 17:50:57 | 000,000,000 | R--D | M] -- C:\Users [2013.05.13 22:23:48 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.04 16:25:07 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.02.04 16:25:08 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.03.29 17:28:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\alterPC\HDD1\Windows\i386\sp2.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\agp440.sys [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\alterPC\HDD1\Windows\system32\drivers\AGP440.SYS [2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\alterPC\HDD1\Windows\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\alterPC\HDD1\Windows\i386\sp2.cab:atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\alterPC\HDD1\Windows\system32\dllcache\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\alterPC\HDD1\Windows\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\alterPC\HDD1\Windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\alterPC\HDD1\Windows\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2010.07.22 07:41:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010.07.22 07:43:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\alterPC\HDD1\Windows\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\alterPC\HDD1\Windows\system32\dllcache\explorer.exe [2010.07.22 07:41:57 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010.07.22 07:40:23 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.07.22 07:43:07 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.07.22 07:40:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010.07.22 07:43:06 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.07.22 07:40:23 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010.07.22 07:43:07 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010.07.22 07:41:57 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe [2010.07.22 07:40:23 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010.07.22 07:41:57 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\alterPC\HDD1\Windows\system32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\alterPC\HDD1\Windows\system32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\alterPC\HDD1\Windows\system32\dllcache\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\alterPC\HDD1\Windows\system32\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\alterPC\HDD1\Windows\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\alterPC\HDD1\Windows\system32\winlogon.exe [2010.07.22 07:43:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.22 07:43:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\alterPC\HDD1\Windows\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\alterPC\HDD1\Windows\system32\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.03.09 04:03:48 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2012.03.09 04:03:48 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2013.02.22 05:47:17 | 009,738,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2013.05.14 17:24:53 | 001,572,864 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\NTUSER.DAT [2013.05.14 17:24:53 | 000,262,144 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\ntuser.dat.LOG1 [2013.05.13 17:50:57 | 000,000,000 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\ntuser.dat.LOG2 [2013.05.13 17:50:57 | 000,065,536 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2013.05.13 17:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2013.05.13 17:50:57 | 000,524,288 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.05.13 17:50:57 | 000,000,020 | -HS- | M] () -- C:\Users\TeeSupport.Markus2010\ntuser.ini [2013.05.13 22:19:34 | 000,000,484 | RHS- | M] () -- C:\Users\TeeSupport.Markus2010\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 17:22:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TeeSupport.Markus2010\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 57,12% Memory free 7,50 Gb Paging File | 5,66 Gb Available in Paging File | 75,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290,26 Gb Total Space | 99,63 Gb Free Space | 34,33% Space Free | Partition Type: NTFS Drive D: | 7,74 Gb Total Space | 0,91 Gb Free Space | 11,72% Space Free | Partition Type: NTFS Computer Name: MARKUS2010 | User Name: TeeSupport | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AAC7DD5-9F28-4F6B-9B67-F44C7204F30D}" = lport=138 | protocol=17 | dir=in | app=system | "{13C7EA91-7EBF-476B-A613-6E8A7C5E19E1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1A489D9B-FF9E-4156-B36F-5B519176586B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2B1DFCCF-0D53-43FA-A619-13B2F3261D31}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3CE415DB-357A-42FB-8952-F6264F7842B5}" = rport=138 | protocol=17 | dir=out | app=system | "{3F059299-2F4E-4608-85FA-B5B8AB7746B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4B3F6C16-A66C-4F48-B181-3B1E234D8D26}" = lport=10243 | protocol=6 | dir=in | app=system | "{562B442C-ED9B-47C7-8B8D-DA9DAB24D274}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6E486F0E-5443-42FB-A963-9450CE90B8D8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{72B393B2-DBE0-41DB-890B-AD6861F24CA3}" = lport=139 | protocol=6 | dir=in | app=system | "{74BA59CC-C16D-4ACE-989C-C141C6376836}" = lport=445 | protocol=6 | dir=in | app=system | "{75366BC2-890D-4B59-BECD-B964D1D92F72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{758DD5C8-E1F7-45BD-B291-3FC3A7011A00}" = lport=137 | protocol=17 | dir=in | app=system | "{7B7F72D8-516B-4D92-A205-E89A4725BB75}" = rport=10243 | protocol=6 | dir=out | app=system | "{84E3E71B-1B60-4B0D-8764-D1DECBF32084}" = rport=137 | protocol=17 | dir=out | app=system | "{8A63C268-BC79-4BFE-8F4A-07BBD751A2FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D06ED38-C8C9-434E-AE7A-319CE35D8523}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8FDCF4E3-BECC-4BFC-8124-CCCAD450AD0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A42484FD-6719-4B76-BCBF-2860F0F2FF97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CB21B5A0-05C4-4A14-9EC8-58D0EDD475D3}" = rport=445 | protocol=6 | dir=out | app=system | "{DAEFCC27-6D8B-4689-9417-9CD95E7582BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{DE539725-F43B-4DD2-BDC2-D4887AF42BC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EA302146-A8A8-4724-8458-B3474C670EEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F9E6A785-74D9-47DA-83BB-3A3BAD8A2C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE2D1B06-2627-4650-9A43-A8AEEDAF6A1B}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02EC5383-9B97-4F3D-A428-45C238318AFE}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "{19FD09AC-01E3-4D86-A84A-1E34582C78F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1C83B52F-2F5B-4C04-94CC-307FF655FE3B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{28B96049-B3DD-40EC-9C31-612BC7C9F241}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{33F096F0-4AB8-410D-B400-9008B0297203}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4518A162-7609-456B-981C-895DA13D4713}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | "{4BD839B0-B24C-4E1F-8E05-0F2BC9A6089B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A1608F1-CE14-46D2-AF5A-09BAD1CDF334}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{60A20C27-E0CE-43C0-BBD8-67AE0EF08614}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62504C16-7223-46D7-B1B1-E41A0A6466FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{69BC01FB-B716-4D7D-A894-3D62A2C4F5C6}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe | "{74AB577C-6609-4F40-9CE3-7A597C82B524}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7BDF77AB-F758-4E09-A8AE-C3DD8322746A}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | "{7F226FD3-EE67-43FD-B5F9-705EF2941BED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{7FC075B3-BC2B-43B2-BF24-B50FC545D60B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8123C268-5E9D-4C6F-9572-ACF6DE0F5B43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{83D93B96-F859-4B5C-AE64-8D6B0FF3864A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9BA32A5F-2982-4531-BDF0-18BFAB99A884}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A1D1B932-6707-44CF-8F36-640D38E61FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08j\faxrx.exe | "{B2CF77D5-B438-41DE-9203-C5A1BCA43CAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BFB17F49-C794-406C-B446-E8B23D3B8DAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C23B185B-220B-47D6-8AEB-5DE9C4BF28EB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C7215735-D56A-4428-80EA-111692FEBF34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C972C63D-00BE-41F8-B865-72883D7B35B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{CB40C9DD-3B78-451D-B9A2-6AF5ACB050B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CDAC9500-071E-457A-8A64-8CA620C217E1}" = protocol=6 | dir=out | app=system | "{D1D7D96B-0C4E-418D-90E3-3A2C99E690A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D63D1A32-A2C4-4EA7-82E8-0DBDD2DE115C}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | "TCP Query User{20D03B47-297E-4381-9042-539043CC867E}C:\programdata\a2b537\psa2b_2247.exe" = protocol=6 | dir=in | app=c:\programdata\a2b537\psa2b_2247.exe | "TCP Query User{B691DDC3-4206-4E1E-BE95-246D11508638}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{BB88DBC9-CF69-4193-825B-0480ADE8774D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{6043C039-DF39-4807-A6E6-4442AC161F8E}C:\programdata\a2b537\psa2b_2247.exe" = protocol=17 | dir=in | app=c:\programdata\a2b537\psa2b_2247.exe | "UDP Query User{A1C7AE6E-3A7A-4B8E-8AAD-41A9966E52B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{E26F01AB-2273-4800-A748-A4E40F2373F4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{948B1FD6-9F98-47EE-AABF-8697F2FD44B0}" = ccc-utility64 "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{E50A5077-1654-BEAE-986B-7B7133DA7C48}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "EPSON Stylus S20 Series" = EPSON Stylus S20 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08235411-48C8-A293-8642-D9575891E7D9}" = Catalyst Control Center InstallProxy "{08548558-3EC9-BD0B-3D09-632500268F59}" = CCC Help Portuguese "{137B2CE7-30A2-4836-0830-707F1010F517}" = CCC Help English "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{25F2A86D-E2E2-C2AD-8173-86C18632F214}" = CCC Help Chinese Traditional "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{2842077A-7895-5310-4F0C-42C83501E770}" = CCC Help Thai "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2ACAB850-69A5-8090-08B7-D27CC6D8652C}" = CCC Help German "{2BAD00A4-7FD1-61C5-10C3-8275723943AD}" = CCC Help Danish "{2BF943D5-1468-589A-50E3-DD0ED6596022}" = Catalyst Control Center Graphics Full New "{34DB1D69-9FFC-7899-6F4D-22C4C15ADD54}" = CCC Help Polish "{3F310D8D-AC3B-5478-5AEA-D2EF5D7437E7}" = CCC Help Swedish "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{595007B2-E139-535C-D723-4B0442FC40F5}" = CCC Help Italian "{5A21C631-0494-7377-1E3B-99353E04F83B}" = CCC Help Japanese "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{695C04CF-CF98-FAD6-9590-6C555B2E2E79}" = CCC Help Chinese Standard "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F277272-77D6-1E03-B8BB-B408B26C5140}" = CCC Help Czech "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7240A994-0ED4-4841-AD3B-5E5F72850F67}" = Catalyst Control Center Graphics Previews Vista "{7C66E480-E42D-3664-B207-5CE9A706BC1F}" = Catalyst Control Center Graphics Light "{7CAAA7B2-D9EA-2416-9D63-DDBC8E669059}" = CCC Help French "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10 "{84B4C4F4-F244-6A7E-EDC6-ECD46ACAAE59}" = CCC Help Greek "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9120CN "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{AF4A82A7-F453-CE12-A942-E55FAC234387}" = ccc-core-static "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B5B7E8FF-62F6-FA85-4C4A-83AAF816CE6E}" = CCC Help Spanish "{B8089767-9A45-0E84-FCDE-15698650FF17}" = CCC Help Hungarian "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C9496C0E-BE4C-7800-900B-5E66B958AEC1}" = CCC Help Russian "{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2 "{D5B950C0-1AC3-4E4B-8C83-370575D6F083}" = EINS PLUS Schularbeiten Band 4 "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{EB1A6595-613F-9654-E58E-0876F8B0E8F3}" = Catalyst Control Center Localization All "{EDD1E22B-249A-5ED7-BA0A-C41BAA8256ED}" = CCC Help Korean "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F252C428-A4AE-C73E-031A-C451FDD660A9}" = CCC Help Norwegian "{F67EA3C6-38B0-675A-E2F9-8C343DE1C826}" = Catalyst Control Center Graphics Full Existing "{F686E613-03C4-085F-188A-9E5DC1455787}" = CCC Help Turkish "{F7F7626C-4612-BF7B-38D5-07E247973A1A}" = Catalyst Control Center Core Implementation "{F8CA8746-F561-61D7-A496-8D4C4E1F8A57}" = CCC Help Dutch "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software "{FCDDC9D3-5524-9AD1-651C-467910CC1903}" = CCC Help Finnish "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "Audacity_is1" = Audacity 2.0 "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "GridinSoft Trojan Killer" = Trojan Killer "HappyFoto-Designer_is1" = HappyFoto-Designer 2.7 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "LView Pro 2006 - Trial Version" = LView Pro 2006 - Trial Version "Mahjong Holidays 2005_is1" = Mahjong Holidays 2005 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PDF Complete" = PDF Complete Special Edition "Picasa 3" = Picasa 3 "virus utilities.2" = IKARUS anti.virus 2.2.14 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "FLV Player" = FLV Player "FLV Player Packages" = FLV Player Packages ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.10.2012 08:27:31 | Computer Name = Markus2010 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4c9b259e Ausnahmecode: 0xc0000005 Fehleroffset: 0x5c4ccc37 ID des fehlerhaften Prozesses: 0x1c9c Startzeit der fehlerhaften Anwendung: 0x01cda48522d782c3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroRd32.dll Berichtskennung: 5cb2b395-107a-11e2-b8e3-1cc1de63e462 Error - 07.10.2012 09:16:01 | Computer Name = Markus2010 | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450, Zeitstempel: 0x503723f6 Name des fehlerhaften Moduls: AcroRd32.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4c9b259e Ausnahmecode: 0xc000041d Fehleroffset: 0x5c4ccc37 ID des fehlerhaften Prozesses: 0x1c9c Startzeit der fehlerhaften Anwendung: 0x01cda48522d782c3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: AcroRd32.dll Berichtskennung: 232c60c7-1081-11e2-b8e3-1cc1de63e462 Error - 07.10.2012 21:01:16 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 08.10.2012 21:01:01 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 09.10.2012 21:01:03 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 10.10.2012 21:02:46 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 11.10.2012 10:19:56 | Computer Name = Markus2010 | Source = Application Hang | ID = 1002 Description = Programm NktTransfer2.exe, Version 2.0.2.3000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1098 Startzeit: 01cda7bb53a04d02 Endzeit: 47 Anwendungspfad: C:\Program Files (x86)\Nikon\ViewNX 2\Nikon Transfer 2\NktTransfer2.exe Berichts-ID: b9734dba-13ae-11e2-9e89-1cc1de63e462 Error - 11.10.2012 10:20:23 | Computer Name = Markus2010 | Source = Application Hang | ID = 1002 Description = Programm NktTransfer2.exe, Version 2.0.2.3000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b1c Startzeit: 01cda7bb7e686846 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Nikon\ViewNX 2\Nikon Transfer 2\NktTransfer2.exe Berichts-ID: c9a84c34-13ae-11e2-9e89-1cc1de63e462 Error - 11.10.2012 21:01:17 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 12.10.2012 21:01:12 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = Error - 13.10.2012 21:01:00 | Computer Name = Markus2010 | Source = MsiInstaller | ID = 11316 Description = [ Hewlett-Packard Events ] Error - 25.02.2013 03:00:16 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 04.03.2013 02:06:12 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 04.03.2013 02:06:13 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 11.03.2013 02:36:46 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 11.03.2013 02:36:47 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 18.03.2013 02:49:44 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 18.03.2013 02:49:44 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 07.04.2013 13:10:23 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 07.04.2013 13:10:23 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) Error - 07.04.2013 13:11:30 | Computer Name = Markus2010 | Source = Hewlett-Packard | ID = 0 Description = de-AT Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks, Int32 bufferSize) bei System.IO.StreamReader..ctor(String path, Encoding encoding) bei System.IO.File.ReadAllText(String path, Encoding encoding) bei n.a(Object A_0, EventArgs A_1) [ Media Center Events ] Error - 12.03.2011 10:09:35 | Computer Name = Markus2010 | Source = MCUpdate | ID = 0 Description = 15:09:35 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 12.03.2011 10:10:45 | Computer Name = Markus2010 | Source = MCUpdate | ID = 0 Description = 15:10:42 - Broadband konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) [ Spybot - Search and Destroy Events ] Error - 13.05.2013 14:38:15 | Computer Name = Markus2010 | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 13.05.2013 12:13:29 | Computer Name = Markus2010 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: discache spldr Wanarpv6 Error - 13.05.2013 12:13:29 | Computer Name = Markus2010 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.05.2013 12:13:29 | Computer Name = Markus2010 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.05.2013 12:13:29 | Computer Name = Markus2010 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 13.05.2013 12:13:42 | Computer Name = Markus2010 | Source = DCOM | ID = 10005 Description = Error - 13.05.2013 14:38:14 | Computer Name = Markus2010 | Source = Service Control Manager | ID = 7034 Description = Dienst "Yontoo Desktop Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 13.05.2013 14:45:19 | Computer Name = Markus2010 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727) Error - 13.05.2013 21:01:47 | Computer Name = Markus2010 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727) Error - 14.05.2013 07:48:12 | Computer Name = Markus2010 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727) Error - 14.05.2013 10:50:29 | Computer Name = Markus2010 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727) < End of report > |
14.05.2013, 18:20 | #4 |
/// Malware-holic | Polizeivirus .LPD BM.I Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O20 - HKU\S-1-5-21-3144646722-3477851633-984445032-1002 Winlogon: Shell - (C:\Users\Markus\AppData\Roaming\skype.dat) - C:\Users\Markus\AppData\Roaming\skype.dat (Sftware ) :files :Commands [emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.05.2013, 18:33 | #5 |
| Polizeivirus .LPD BM.I All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-3144646722-3477851633-984445032-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Markus\AppData\Roaming\skype.dat deleted successfully. C:\Users\Markus\AppData\Roaming\skype.dat moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Markus ->Temp folder emptied: 281567 bytes ->Temporary Internet Files folder emptied: 1618979284 bytes ->Java cache emptied: 33980443 bytes ->FireFox cache emptied: 685544822 bytes ->Google Chrome cache emptied: 14137521 bytes ->Flash cache emptied: 4268 bytes User: Public User: TeeSupport ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: TeeSupport.Markus2010 ->Temp folder emptied: 28057467 bytes ->Temporary Internet Files folder emptied: 71139120 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 1007 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1150142 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1111420 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 350073 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36063133 bytes RecycleBin emptied: 5992011471 bytes Total Files Cleaned = 8.090,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05142013_192335 Files\Folders moved on Reboot... File\Folder C:\Users\Markus\AppData\Local\Temp\OICE_7A0121CB-0099-46B6-94B5-BF00034DB683.0\893CA1A9. not found! C:\Users\Markus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\TeeSupport.Markus2010\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\TeeSupport.Markus2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UA19SKMP\134920-polizeivirus-lpd-bm-i[1].htm moved successfully. C:\Users\TeeSupport.Markus2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5LMPYCV1\adsCAVUPGO8.htm moved successfully. C:\Users\TeeSupport.Markus2010\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... das kam nach dem neustart. bin ich soweit richtig? Vorgang erfolgreich abgeschlossen! Ich kann zum ersten mal wieder den normalen Modus starten! Juhuuuu! DANKE! Wie geht es jetzt weiter? Ist das jetzt erledigt oder muss ich noch etwas tun? |
14.05.2013, 19:15 | #6 |
/// Malware-holic | Polizeivirus .LPD BM.I danke fürs hochladen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Polizeivirus .LPD BM.I |
14.05.2013, 19:38 | #7 |
| Polizeivirus .LPD BM.I 20:34:30.0900 4952 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:34:31.0181 4952 ============================================================ 20:34:31.0181 4952 Current date / time: 2013/05/14 20:34:31.0181 20:34:31.0181 4952 SystemInfo: 20:34:31.0181 4952 20:34:31.0181 4952 OS Version: 6.1.7601 ServicePack: 1.0 20:34:31.0181 4952 Product type: Workstation 20:34:31.0181 4952 ComputerName: MARKUS2010 20:34:31.0181 4952 UserName: Markus 20:34:31.0181 4952 Windows directory: C:\Windows 20:34:31.0181 4952 System windows directory: C:\Windows 20:34:31.0181 4952 Running under WOW64 20:34:31.0181 4952 Processor architecture: Intel x64 20:34:31.0181 4952 Number of processors: 2 20:34:31.0181 4952 Page size: 0x1000 20:34:31.0181 4952 Boot type: Normal boot 20:34:31.0181 4952 ============================================================ 20:34:32.0382 4952 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:34:32.0382 4952 ============================================================ 20:34:32.0382 4952 \Device\Harddisk0\DR0: 20:34:32.0382 4952 MBR partitions: 20:34:32.0382 4952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:34:32.0382 4952 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x24482FC1 20:34:32.0382 4952 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x244B5800, BlocksNum 0xF78800 20:34:32.0397 4952 ============================================================ 20:34:32.0397 4952 C: <-> \Device\Harddisk0\DR0\Partition2 20:34:32.0444 4952 D: <-> \Device\Harddisk0\DR0\Partition3 20:34:32.0444 4952 ============================================================ 20:34:32.0444 4952 Initialize success 20:34:32.0444 4952 ============================================================ 20:34:38.0279 4816 ============================================================ 20:34:38.0279 4816 Scan started 20:34:38.0279 4816 Mode: Manual; SigCheck; TDLFS; 20:34:38.0279 4816 ============================================================ 20:34:39.0355 4816 ================ Scan system memory ======================== 20:34:39.0355 4816 System memory - ok 20:34:39.0355 4816 ================ Scan services ============================= 20:34:39.0527 4816 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:34:39.0636 4816 1394ohci - ok 20:34:39.0714 4816 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:34:39.0761 4816 ACPI - ok 20:34:39.0823 4816 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:34:39.0870 4816 AcpiPmi - ok 20:34:40.0073 4816 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:34:40.0119 4816 AdobeFlashPlayerUpdateSvc - ok 20:34:40.0166 4816 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:34:40.0229 4816 adp94xx - ok 20:34:40.0260 4816 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:34:40.0307 4816 adpahci - ok 20:34:40.0322 4816 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:34:40.0369 4816 adpu320 - ok 20:34:40.0400 4816 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:34:40.0525 4816 AeLookupSvc - ok 20:34:40.0587 4816 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:34:40.0650 4816 AFD - ok 20:34:40.0697 4816 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:34:40.0728 4816 agp440 - ok 20:34:40.0759 4816 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:34:40.0790 4816 ALG - ok 20:34:40.0821 4816 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:34:40.0853 4816 aliide - ok 20:34:40.0884 4816 [ C4C88CD854B28FC85495C841A0F6A069 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:34:40.0931 4816 AMD External Events Utility - ok 20:34:40.0946 4816 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:34:40.0977 4816 amdide - ok 20:34:41.0009 4816 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:34:41.0040 4816 AmdK8 - ok 20:34:41.0352 4816 [ 1147F8816D4DDC9FC43A40DF52F40500 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys 20:34:41.0633 4816 amdkmdag - ok 20:34:41.0664 4816 [ EBC963D8F5B04C98F5EF597AAE79CDDD ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:34:41.0695 4816 amdkmdap - ok 20:34:41.0742 4816 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:34:41.0773 4816 AmdPPM - ok 20:34:41.0789 4816 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys 20:34:41.0820 4816 amdsata - ok 20:34:41.0867 4816 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:34:41.0898 4816 amdsbs - ok 20:34:41.0913 4816 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys 20:34:41.0929 4816 amdxata - ok 20:34:41.0991 4816 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:34:42.0101 4816 AppID - ok 20:34:42.0132 4816 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:34:42.0225 4816 AppIDSvc - ok 20:34:42.0272 4816 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:34:42.0350 4816 Appinfo - ok 20:34:42.0397 4816 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 20:34:42.0444 4816 AppMgmt - ok 20:34:42.0475 4816 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:34:42.0506 4816 arc - ok 20:34:42.0522 4816 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:34:42.0553 4816 arcsas - ok 20:34:42.0600 4816 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:34:42.0678 4816 AsyncMac - ok 20:34:42.0725 4816 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:34:42.0756 4816 atapi - ok 20:34:42.0834 4816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:34:42.0959 4816 AudioEndpointBuilder - ok 20:34:42.0974 4816 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:34:43.0068 4816 AudioSrv - ok 20:34:43.0130 4816 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:34:43.0193 4816 AxInstSV - ok 20:34:43.0224 4816 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:34:43.0271 4816 b06bdrv - ok 20:34:43.0317 4816 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:34:43.0349 4816 b57nd60a - ok 20:34:43.0395 4816 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:34:43.0427 4816 BDESVC - ok 20:34:43.0442 4816 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:34:43.0536 4816 Beep - ok 20:34:43.0598 4816 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:34:43.0739 4816 BFE - ok 20:34:43.0801 4816 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:34:43.0926 4816 BITS - ok 20:34:43.0957 4816 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:34:43.0988 4816 blbdrive - ok 20:34:44.0019 4816 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:34:44.0051 4816 bowser - ok 20:34:44.0082 4816 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:34:44.0129 4816 BrFiltLo - ok 20:34:44.0144 4816 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:34:44.0175 4816 BrFiltUp - ok 20:34:44.0222 4816 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:34:44.0253 4816 Browser - ok 20:34:44.0316 4816 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:34:44.0347 4816 Brserid - ok 20:34:44.0378 4816 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:34:44.0409 4816 BrSerWdm - ok 20:34:44.0425 4816 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:34:44.0472 4816 BrUsbMdm - ok 20:34:44.0487 4816 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:34:44.0519 4816 BrUsbSer - ok 20:34:44.0534 4816 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:34:44.0565 4816 BTHMODEM - ok 20:34:44.0628 4816 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:34:44.0721 4816 bthserv - ok 20:34:44.0737 4816 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:34:44.0831 4816 cdfs - ok 20:34:44.0862 4816 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\drivers\cdrom.sys 20:34:44.0893 4816 cdrom - ok 20:34:44.0940 4816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:34:45.0033 4816 CertPropSvc - ok 20:34:45.0049 4816 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:34:45.0080 4816 circlass - ok 20:34:45.0111 4816 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:34:45.0174 4816 CLFS - ok 20:34:45.0221 4816 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:34:45.0252 4816 clr_optimization_v2.0.50727_32 - ok 20:34:45.0299 4816 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:34:45.0314 4816 clr_optimization_v2.0.50727_64 - ok 20:34:45.0377 4816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:34:45.0408 4816 clr_optimization_v4.0.30319_32 - ok 20:34:45.0439 4816 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:34:45.0455 4816 clr_optimization_v4.0.30319_64 - ok 20:34:45.0501 4816 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:34:45.0533 4816 CmBatt - ok 20:34:45.0548 4816 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:34:45.0579 4816 cmdide - ok 20:34:45.0626 4816 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:34:45.0689 4816 CNG - ok 20:34:45.0720 4816 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:34:45.0751 4816 Compbatt - ok 20:34:45.0767 4816 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:34:45.0798 4816 CompositeBus - ok 20:34:45.0813 4816 COMSysApp - ok 20:34:45.0845 4816 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:34:45.0876 4816 crcdisk - ok 20:34:45.0938 4816 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:34:45.0969 4816 CryptSvc - ok 20:34:46.0032 4816 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 20:34:46.0079 4816 CSC - ok 20:34:46.0141 4816 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 20:34:46.0188 4816 CscService - ok 20:34:46.0250 4816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:34:46.0344 4816 DcomLaunch - ok 20:34:46.0375 4816 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:34:46.0484 4816 defragsvc - ok 20:34:46.0531 4816 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:34:46.0625 4816 DfsC - ok 20:34:46.0656 4816 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:34:46.0718 4816 Dhcp - ok 20:34:46.0718 4816 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:34:46.0812 4816 discache - ok 20:34:46.0859 4816 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:34:46.0874 4816 Disk - ok 20:34:46.0905 4816 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:34:46.0952 4816 Dnscache - ok 20:34:46.0999 4816 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:34:47.0093 4816 dot3svc - ok 20:34:47.0139 4816 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:34:47.0233 4816 DPS - ok 20:34:47.0264 4816 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:34:47.0295 4816 drmkaud - ok 20:34:47.0373 4816 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:34:47.0451 4816 DXGKrnl - ok 20:34:47.0483 4816 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:34:47.0576 4816 EapHost - ok 20:34:47.0670 4816 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:34:47.0826 4816 ebdrv - ok 20:34:47.0873 4816 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:34:47.0904 4816 EFS - ok 20:34:47.0951 4816 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:34:47.0997 4816 ehRecvr - ok 20:34:48.0029 4816 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:34:48.0060 4816 ehSched - ok 20:34:48.0107 4816 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:34:48.0153 4816 elxstor - ok 20:34:48.0200 4816 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:34:48.0232 4816 ErrDev - ok 20:34:48.0294 4816 esgiguard - ok 20:34:48.0341 4816 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:34:48.0450 4816 EventSystem - ok 20:34:48.0481 4816 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:34:48.0575 4816 exfat - ok 20:34:48.0606 4816 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:34:48.0700 4816 fastfat - ok 20:34:48.0762 4816 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:34:48.0840 4816 Fax - ok 20:34:48.0871 4816 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:34:48.0902 4816 fdc - ok 20:34:48.0934 4816 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:34:49.0027 4816 fdPHost - ok 20:34:49.0043 4816 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:34:49.0121 4816 FDResPub - ok 20:34:49.0152 4816 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:34:49.0168 4816 FileInfo - ok 20:34:49.0183 4816 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:34:49.0277 4816 Filetrace - ok 20:34:49.0292 4816 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:34:49.0324 4816 flpydisk - ok 20:34:49.0370 4816 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:34:49.0417 4816 FltMgr - ok 20:34:49.0464 4816 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:34:49.0558 4816 FontCache - ok 20:34:49.0620 4816 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:34:49.0636 4816 FontCache3.0.0.0 - ok 20:34:49.0682 4816 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:34:49.0714 4816 FsDepends - ok 20:34:49.0760 4816 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:34:49.0792 4816 Fs_Rec - ok 20:34:49.0854 4816 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:34:49.0901 4816 fvevol - ok 20:34:49.0932 4816 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:34:49.0963 4816 gagp30kx - ok 20:34:50.0010 4816 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:34:50.0135 4816 gpsvc - ok 20:34:50.0244 4816 [ D3DF32EF5B8F6657CAD9456921238B7F ] GuardX C:\Program Files (x86)\IKARUS\virus.utilities\bin\guardxservice.exe 20:34:50.0338 4816 GuardX - ok 20:34:50.0462 4816 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:34:50.0494 4816 gupdate - ok 20:34:50.0525 4816 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:34:50.0556 4816 gupdatem - ok 20:34:50.0587 4816 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:34:50.0618 4816 gusvc - ok 20:34:50.0650 4816 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:34:50.0681 4816 hcw85cir - ok 20:34:50.0728 4816 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:34:50.0774 4816 HDAudBus - ok 20:34:50.0790 4816 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:34:50.0821 4816 HidBatt - ok 20:34:50.0852 4816 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:34:50.0884 4816 HidBth - ok 20:34:50.0915 4816 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:34:50.0946 4816 HidIr - ok 20:34:50.0977 4816 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:34:51.0071 4816 hidserv - ok 20:34:51.0102 4816 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 20:34:51.0133 4816 HidUsb - ok 20:34:51.0180 4816 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:34:51.0274 4816 hkmsvc - ok 20:34:51.0320 4816 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:34:51.0352 4816 HomeGroupListener - ok 20:34:51.0414 4816 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:34:51.0445 4816 HomeGroupProvider - ok 20:34:51.0508 4816 [ C84BCC03858DAEAC4DB1E95EFCCE1934 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 20:34:51.0523 4816 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 20:34:51.0523 4816 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 20:34:51.0570 4816 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 20:34:51.0601 4816 hpqwmiex - ok 20:34:51.0648 4816 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:34:51.0679 4816 HpSAMD - ok 20:34:51.0742 4816 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:34:51.0866 4816 HTTP - ok 20:34:51.0898 4816 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:34:51.0929 4816 hwpolicy - ok 20:34:51.0976 4816 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:34:52.0007 4816 i8042prt - ok 20:34:52.0054 4816 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:34:52.0100 4816 iaStorV - ok 20:34:52.0194 4816 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:34:52.0210 4816 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:34:52.0210 4816 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:34:52.0272 4816 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:34:52.0334 4816 idsvc - ok 20:34:52.0381 4816 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:34:52.0412 4816 iirsp - ok 20:34:52.0475 4816 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:34:52.0600 4816 IKEEXT - ok 20:34:52.0693 4816 [ C0AE19E528AFEF42D22E00E20BB1D1F7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:34:52.0834 4816 IntcAzAudAddService - ok 20:34:52.0880 4816 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:34:52.0912 4816 intelide - ok 20:34:52.0943 4816 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:34:52.0974 4816 intelppm - ok 20:34:53.0005 4816 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:34:53.0099 4816 IPBusEnum - ok 20:34:53.0130 4816 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:34:53.0224 4816 IpFilterDriver - ok 20:34:53.0270 4816 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:34:53.0333 4816 iphlpsvc - ok 20:34:53.0380 4816 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:34:53.0411 4816 IPMIDRV - ok 20:34:53.0442 4816 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:34:53.0520 4816 IPNAT - ok 20:34:53.0551 4816 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:34:53.0598 4816 IRENUM - ok 20:34:53.0614 4816 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:34:53.0645 4816 isapnp - ok 20:34:53.0692 4816 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:34:53.0723 4816 iScsiPrt - ok 20:34:53.0770 4816 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 20:34:53.0801 4816 IviRegMgr - ok 20:34:53.0816 4816 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:34:53.0848 4816 kbdclass - ok 20:34:53.0863 4816 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:34:53.0894 4816 kbdhid - ok 20:34:53.0910 4816 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:34:53.0941 4816 KeyIso - ok 20:34:53.0988 4816 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:34:54.0019 4816 KSecDD - ok 20:34:54.0066 4816 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:34:54.0097 4816 KSecPkg - ok 20:34:54.0128 4816 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:34:54.0222 4816 ksthunk - ok 20:34:54.0269 4816 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:34:54.0362 4816 KtmRm - ok 20:34:54.0409 4816 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:34:54.0503 4816 LanmanServer - ok 20:34:54.0550 4816 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:34:54.0643 4816 LanmanWorkstation - ok 20:34:54.0674 4816 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 20:34:54.0690 4816 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 20:34:54.0690 4816 LightScribeService - detected UnsignedFile.Multi.Generic (1) 20:34:54.0721 4816 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:34:54.0815 4816 lltdio - ok 20:34:54.0862 4816 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:34:54.0955 4816 lltdsvc - ok 20:34:54.0986 4816 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:34:55.0064 4816 lmhosts - ok 20:34:55.0111 4816 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:34:55.0142 4816 LSI_FC - ok 20:34:55.0174 4816 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:34:55.0205 4816 LSI_SAS - ok 20:34:55.0236 4816 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:34:55.0252 4816 LSI_SAS2 - ok 20:34:55.0283 4816 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:34:55.0314 4816 LSI_SCSI - ok 20:34:55.0330 4816 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:34:55.0423 4816 luafv - ok 20:34:55.0470 4816 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:34:55.0517 4816 Mcx2Svc - ok 20:34:55.0532 4816 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:34:55.0564 4816 megasas - ok 20:34:55.0595 4816 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:34:55.0626 4816 MegaSR - ok 20:34:55.0657 4816 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:34:55.0751 4816 MMCSS - ok 20:34:55.0766 4816 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:34:55.0860 4816 Modem - ok 20:34:55.0891 4816 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:34:55.0922 4816 monitor - ok 20:34:55.0985 4816 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 20:34:56.0000 4816 mouclass - ok 20:34:56.0032 4816 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:34:56.0063 4816 mouhid - ok 20:34:56.0094 4816 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:34:56.0125 4816 mountmgr - ok 20:34:56.0188 4816 [ 9CE4C8A46B585EB5103EFE5FDEF3703F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:34:56.0219 4816 MozillaMaintenance - ok 20:34:56.0250 4816 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:34:56.0297 4816 mpio - ok 20:34:56.0312 4816 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:34:56.0406 4816 mpsdrv - ok 20:34:56.0468 4816 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:34:56.0578 4816 MpsSvc - ok 20:34:56.0624 4816 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:34:56.0671 4816 MRxDAV - ok 20:34:56.0734 4816 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:34:56.0765 4816 mrxsmb - ok 20:34:56.0812 4816 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:34:56.0843 4816 mrxsmb10 - ok 20:34:56.0890 4816 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:34:56.0921 4816 mrxsmb20 - ok 20:34:56.0952 4816 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:34:56.0983 4816 msahci - ok 20:34:57.0014 4816 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:34:57.0046 4816 msdsm - ok 20:34:57.0061 4816 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:34:57.0092 4816 MSDTC - ok 20:34:57.0139 4816 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:34:57.0217 4816 Msfs - ok 20:34:57.0233 4816 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:34:57.0326 4816 mshidkmdf - ok 20:34:57.0373 4816 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:34:57.0389 4816 msisadrv - ok 20:34:57.0436 4816 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:34:57.0529 4816 MSiSCSI - ok 20:34:57.0529 4816 msiserver - ok 20:34:57.0560 4816 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:34:57.0654 4816 MSKSSRV - ok 20:34:57.0670 4816 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:34:57.0763 4816 MSPCLOCK - ok 20:34:57.0779 4816 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:34:57.0857 4816 MSPQM - ok 20:34:57.0919 4816 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:34:57.0966 4816 MsRPC - ok 20:34:58.0013 4816 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:34:58.0044 4816 mssmbios - ok 20:34:58.0060 4816 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:34:58.0153 4816 MSTEE - ok 20:34:58.0169 4816 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:34:58.0200 4816 MTConfig - ok 20:34:58.0231 4816 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:34:58.0262 4816 Mup - ok 20:34:58.0325 4816 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:34:58.0434 4816 napagent - ok 20:34:58.0465 4816 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:34:58.0512 4816 NativeWifiP - ok 20:34:58.0574 4816 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 20:34:58.0621 4816 NAUpdate - ok 20:34:58.0699 4816 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:34:58.0762 4816 NDIS - ok 20:34:58.0793 4816 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:34:58.0886 4816 NdisCap - ok 20:34:58.0902 4816 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:34:58.0996 4816 NdisTapi - ok 20:34:59.0027 4816 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:34:59.0120 4816 Ndisuio - ok 20:34:59.0152 4816 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:34:59.0245 4816 NdisWan - ok 20:34:59.0292 4816 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:34:59.0370 4816 NDProxy - ok 20:34:59.0386 4816 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:34:59.0479 4816 NetBIOS - ok 20:34:59.0542 4816 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:34:59.0635 4816 NetBT - ok 20:34:59.0651 4816 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:34:59.0666 4816 Netlogon - ok 20:34:59.0713 4816 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:34:59.0822 4816 Netman - ok 20:34:59.0838 4816 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:34:59.0947 4816 netprofm - ok 20:34:59.0978 4816 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:35:00.0010 4816 NetTcpPortSharing - ok 20:35:00.0025 4816 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:35:00.0056 4816 nfrd960 - ok 20:35:00.0072 4816 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:35:00.0119 4816 NlaSvc - ok 20:35:00.0134 4816 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:35:00.0228 4816 Npfs - ok 20:35:00.0244 4816 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:35:00.0337 4816 nsi - ok 20:35:00.0368 4816 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:35:00.0462 4816 nsiproxy - ok 20:35:00.0540 4816 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:35:00.0665 4816 Ntfs - ok 20:35:00.0680 4816 [ BE703961C6FFE6B8FA2E158CA94F41DC ] NTGUARD C:\Program Files (x86)\IKARUS\virus.utilities\bin\ntguard_x64.sys 20:35:00.0712 4816 NTGUARD - ok 20:35:00.0712 4816 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:35:00.0805 4816 Null - ok 20:35:00.0836 4816 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:35:00.0868 4816 nvraid - ok 20:35:00.0914 4816 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:35:00.0946 4816 nvstor - ok 20:35:00.0992 4816 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:35:01.0024 4816 nv_agp - ok 20:35:01.0055 4816 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:35:01.0086 4816 ohci1394 - ok 20:35:01.0133 4816 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:35:01.0148 4816 ose - ok 20:35:01.0336 4816 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:35:01.0585 4816 osppsvc - ok 20:35:01.0632 4816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:35:01.0663 4816 p2pimsvc - ok 20:35:01.0679 4816 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:35:01.0726 4816 p2psvc - ok 20:35:01.0741 4816 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:35:01.0757 4816 Parport - ok 20:35:01.0804 4816 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:35:01.0819 4816 partmgr - ok 20:35:01.0835 4816 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:35:01.0882 4816 PcaSvc - ok 20:35:01.0928 4816 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:35:01.0960 4816 pci - ok 20:35:01.0991 4816 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:35:02.0006 4816 pciide - ok 20:35:02.0053 4816 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:35:02.0084 4816 pcmcia - ok 20:35:02.0116 4816 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:35:02.0147 4816 pcw - ok 20:35:02.0162 4816 pdfcDispatcher - ok 20:35:02.0194 4816 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:35:02.0318 4816 PEAUTH - ok 20:35:02.0365 4816 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 20:35:02.0443 4816 PeerDistSvc - ok 20:35:02.0537 4816 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:35:02.0568 4816 PerfHost - ok 20:35:02.0662 4816 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:35:02.0802 4816 pla - ok 20:35:02.0864 4816 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:35:02.0911 4816 PlugPlay - ok 20:35:02.0942 4816 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:35:02.0974 4816 PNRPAutoReg - ok 20:35:02.0989 4816 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:35:03.0036 4816 PNRPsvc - ok 20:35:03.0067 4816 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:35:03.0176 4816 PolicyAgent - ok 20:35:03.0208 4816 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:35:03.0301 4816 Power - ok 20:35:03.0364 4816 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:35:03.0442 4816 PptpMiniport - ok 20:35:03.0457 4816 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:35:03.0488 4816 Processor - ok 20:35:03.0535 4816 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:35:03.0582 4816 ProfSvc - ok 20:35:03.0598 4816 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:35:03.0629 4816 ProtectedStorage - ok 20:35:03.0691 4816 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:35:03.0785 4816 Psched - ok 20:35:03.0816 4816 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 20:35:03.0847 4816 PSI_SVC_2 - ok 20:35:03.0910 4816 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:35:04.0019 4816 ql2300 - ok 20:35:04.0050 4816 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:35:04.0081 4816 ql40xx - ok 20:35:04.0112 4816 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:35:04.0159 4816 QWAVE - ok 20:35:04.0175 4816 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:35:04.0222 4816 QWAVEdrv - ok 20:35:04.0237 4816 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:35:04.0331 4816 RasAcd - ok 20:35:04.0378 4816 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:35:04.0456 4816 RasAgileVpn - ok 20:35:04.0471 4816 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:35:04.0565 4816 RasAuto - ok 20:35:04.0612 4816 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:35:04.0705 4816 Rasl2tp - ok 20:35:04.0768 4816 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:35:04.0861 4816 RasMan - ok 20:35:04.0877 4816 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:35:04.0970 4816 RasPppoe - ok 20:35:05.0002 4816 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:35:05.0080 4816 RasSstp - ok 20:35:05.0142 4816 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:35:05.0236 4816 rdbss - ok 20:35:05.0251 4816 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:35:05.0298 4816 rdpbus - ok 20:35:05.0298 4816 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:35:05.0392 4816 RDPCDD - ok 20:35:05.0438 4816 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 20:35:05.0470 4816 RDPDR - ok 20:35:05.0501 4816 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:35:05.0594 4816 RDPENCDD - ok 20:35:05.0610 4816 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:35:05.0704 4816 RDPREFMP - ok 20:35:05.0735 4816 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:35:05.0766 4816 RDPWD - ok 20:35:05.0828 4816 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:35:05.0875 4816 rdyboost - ok 20:35:05.0906 4816 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:35:06.0000 4816 RemoteAccess - ok 20:35:06.0031 4816 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:35:06.0125 4816 RemoteRegistry - ok 20:35:06.0140 4816 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:35:06.0250 4816 RpcEptMapper - ok 20:35:06.0265 4816 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:35:06.0296 4816 RpcLocator - ok 20:35:06.0343 4816 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:35:06.0452 4816 RpcSs - ok 20:35:06.0484 4816 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:35:06.0577 4816 rspndr - ok 20:35:06.0608 4816 [ 79BAD3E977966AF21DF982DEF5A99C76 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 20:35:06.0640 4816 RSUSBSTOR - ok 20:35:06.0671 4816 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:35:06.0702 4816 RTL8167 - ok 20:35:06.0733 4816 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 20:35:06.0764 4816 s3cap - ok 20:35:06.0796 4816 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:35:06.0827 4816 SamSs - ok 20:35:06.0874 4816 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:35:06.0905 4816 sbp2port - ok 20:35:06.0936 4816 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:35:07.0030 4816 SCardSvr - ok 20:35:07.0076 4816 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:35:07.0170 4816 scfilter - ok 20:35:07.0232 4816 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:35:07.0357 4816 Schedule - ok 20:35:07.0404 4816 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:35:07.0498 4816 SCPolicySvc - ok 20:35:07.0544 4816 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:35:07.0576 4816 SDRSVC - ok 20:35:07.0700 4816 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 20:35:07.0763 4816 SDScannerService - ok 20:35:07.0825 4816 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 20:35:07.0903 4816 SDUpdateService - ok 20:35:07.0919 4816 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 20:35:07.0950 4816 SDWSCService - ok 20:35:07.0981 4816 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:35:08.0075 4816 secdrv - ok 20:35:08.0122 4816 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:35:08.0215 4816 seclogon - ok 20:35:08.0231 4816 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:35:08.0324 4816 SENS - ok 20:35:08.0356 4816 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:35:08.0387 4816 SensrSvc - ok 20:35:08.0402 4816 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:35:08.0434 4816 Serenum - ok 20:35:08.0449 4816 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:35:08.0480 4816 Serial - ok 20:35:08.0512 4816 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:35:08.0543 4816 sermouse - ok 20:35:08.0605 4816 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:35:08.0699 4816 SessionEnv - ok 20:35:08.0746 4816 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:35:08.0777 4816 sffdisk - ok 20:35:08.0792 4816 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:35:08.0824 4816 sffp_mmc - ok 20:35:08.0839 4816 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:35:08.0870 4816 sffp_sd - ok 20:35:08.0886 4816 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:35:08.0917 4816 sfloppy - ok 20:35:08.0948 4816 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:35:09.0058 4816 SharedAccess - ok 20:35:09.0104 4816 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:35:09.0214 4816 ShellHWDetection - ok 20:35:09.0229 4816 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:35:09.0260 4816 SiSRaid2 - ok 20:35:09.0292 4816 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:35:09.0323 4816 SiSRaid4 - ok 20:35:09.0370 4816 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:35:09.0401 4816 SkypeUpdate - ok 20:35:09.0432 4816 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:35:09.0526 4816 Smb - ok 20:35:09.0572 4816 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:35:09.0604 4816 SNMPTRAP - ok 20:35:09.0619 4816 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:35:09.0650 4816 spldr - ok 20:35:09.0697 4816 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:35:09.0760 4816 Spooler - ok 20:35:09.0884 4816 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:35:10.0087 4816 sppsvc - ok 20:35:10.0103 4816 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:35:10.0196 4816 sppuinotify - ok 20:35:10.0243 4816 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:35:10.0274 4816 srv - ok 20:35:10.0321 4816 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:35:10.0352 4816 srv2 - ok 20:35:10.0368 4816 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:35:10.0399 4816 srvnet - ok 20:35:10.0430 4816 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:35:10.0524 4816 SSDPSRV - ok 20:35:10.0540 4816 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:35:10.0633 4816 SstpSvc - ok 20:35:10.0664 4816 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:35:10.0696 4816 stexstor - ok 20:35:10.0742 4816 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 20:35:10.0774 4816 StillCam - ok 20:35:10.0836 4816 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:35:10.0898 4816 stisvc - ok 20:35:10.0945 4816 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 20:35:10.0976 4816 storflt - ok 20:35:11.0008 4816 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 20:35:11.0039 4816 StorSvc - ok 20:35:11.0054 4816 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 20:35:11.0086 4816 storvsc - ok 20:35:11.0132 4816 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:35:11.0148 4816 swenum - ok 20:35:11.0195 4816 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:35:11.0304 4816 swprv - ok 20:35:11.0398 4816 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:35:11.0491 4816 SysMain - ok 20:35:11.0538 4816 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:35:11.0585 4816 TabletInputService - ok 20:35:11.0647 4816 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:35:11.0741 4816 TapiSrv - ok 20:35:11.0756 4816 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:35:11.0850 4816 TBS - ok 20:35:11.0928 4816 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:35:12.0053 4816 Tcpip - ok 20:35:12.0131 4816 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:35:12.0224 4816 TCPIP6 - ok 20:35:12.0271 4816 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:35:12.0302 4816 tcpipreg - ok 20:35:12.0334 4816 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:35:12.0365 4816 TDPIPE - ok 20:35:12.0412 4816 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:35:12.0443 4816 TDTCP - ok 20:35:12.0490 4816 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:35:12.0583 4816 tdx - ok 20:35:12.0630 4816 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:35:12.0646 4816 TermDD - ok 20:35:12.0708 4816 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:35:12.0833 4816 TermService - ok 20:35:12.0864 4816 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:35:12.0895 4816 Themes - ok 20:35:12.0926 4816 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:35:13.0004 4816 THREADORDER - ok 20:35:13.0036 4816 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:35:13.0129 4816 TrkWks - ok 20:35:13.0176 4816 [ 9BF9E809FBB2D5D0403B32B15ABE5F30 ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys 20:35:13.0207 4816 TrojanKillerDriver - ok 20:35:13.0254 4816 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:35:13.0348 4816 TrustedInstaller - ok 20:35:13.0394 4816 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:35:13.0488 4816 tssecsrv - ok 20:35:13.0535 4816 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:35:13.0566 4816 TsUsbFlt - ok 20:35:13.0628 4816 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:35:13.0722 4816 tunnel - ok 20:35:13.0753 4816 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:35:13.0784 4816 uagp35 - ok 20:35:13.0831 4816 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:35:13.0925 4816 udfs - ok 20:35:13.0972 4816 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:35:14.0003 4816 UI0Detect - ok 20:35:14.0018 4816 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:35:14.0050 4816 uliagpkx - ok 20:35:14.0096 4816 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 20:35:14.0128 4816 umbus - ok 20:35:14.0159 4816 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:35:14.0190 4816 UmPass - ok 20:35:14.0237 4816 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 20:35:14.0284 4816 UmRdpService - ok 20:35:14.0346 4816 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:35:14.0440 4816 upnphost - ok 20:35:14.0455 4816 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:35:14.0486 4816 usbccgp - ok 20:35:14.0533 4816 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:35:14.0564 4816 usbcir - ok 20:35:14.0596 4816 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:35:14.0627 4816 usbehci - ok 20:35:14.0642 4816 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:35:14.0689 4816 usbhub - ok 20:35:14.0705 4816 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:35:14.0720 4816 usbohci - ok 20:35:14.0752 4816 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:35:14.0798 4816 usbprint - ok 20:35:14.0814 4816 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:35:14.0845 4816 USBSTOR - ok 20:35:14.0861 4816 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:35:14.0892 4816 usbuhci - ok 20:35:14.0908 4816 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:35:15.0001 4816 UxSms - ok 20:35:15.0017 4816 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:35:15.0048 4816 VaultSvc - ok 20:35:15.0064 4816 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:35:15.0095 4816 vdrvroot - ok 20:35:15.0157 4816 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:35:15.0266 4816 vds - ok 20:35:15.0298 4816 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:35:15.0329 4816 vga - ok 20:35:15.0360 4816 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:35:15.0438 4816 VgaSave - ok 20:35:15.0500 4816 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:35:15.0532 4816 vhdmp - ok 20:35:15.0578 4816 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:35:15.0594 4816 viaide - ok 20:35:15.0625 4816 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 20:35:15.0656 4816 vmbus - ok 20:35:15.0688 4816 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 20:35:15.0703 4816 VMBusHID - ok 20:35:15.0734 4816 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:35:15.0766 4816 volmgr - ok 20:35:15.0812 4816 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:35:15.0859 4816 volmgrx - ok 20:35:15.0875 4816 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:35:15.0922 4816 volsnap - ok 20:35:15.0953 4816 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:35:15.0984 4816 vsmraid - ok 20:35:16.0062 4816 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:35:16.0218 4816 VSS - ok 20:35:16.0234 4816 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:35:16.0280 4816 vwifibus - ok 20:35:16.0312 4816 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:35:16.0405 4816 W32Time - ok 20:35:16.0452 4816 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:35:16.0483 4816 WacomPen - ok 20:35:16.0530 4816 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:35:16.0624 4816 WANARP - ok 20:35:16.0639 4816 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:35:16.0717 4816 Wanarpv6 - ok 20:35:16.0811 4816 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:35:16.0904 4816 WatAdminSvc - ok 20:35:16.0982 4816 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:35:17.0076 4816 wbengine - ok 20:35:17.0107 4816 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:35:17.0154 4816 WbioSrvc - ok 20:35:17.0201 4816 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:35:17.0263 4816 wcncsvc - ok 20:35:17.0279 4816 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:35:17.0310 4816 WcsPlugInService - ok 20:35:17.0326 4816 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:35:17.0357 4816 Wd - ok 20:35:17.0419 4816 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:35:17.0482 4816 Wdf01000 - ok 20:35:17.0513 4816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:35:17.0560 4816 WdiServiceHost - ok 20:35:17.0575 4816 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:35:17.0622 4816 WdiSystemHost - ok 20:35:17.0684 4816 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:35:17.0731 4816 WebClient - ok 20:35:17.0762 4816 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:35:17.0856 4816 Wecsvc - ok 20:35:17.0872 4816 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:35:17.0965 4816 wercplsupport - ok 20:35:17.0996 4816 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:35:18.0090 4816 WerSvc - ok 20:35:18.0121 4816 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:35:18.0215 4816 WfpLwf - ok 20:35:18.0230 4816 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:35:18.0262 4816 WIMMount - ok 20:35:18.0277 4816 WinDefend - ok 20:35:18.0293 4816 WinHttpAutoProxySvc - ok 20:35:18.0340 4816 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:35:18.0449 4816 Winmgmt - ok 20:35:18.0542 4816 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:35:18.0698 4816 WinRM - ok 20:35:18.0761 4816 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:35:18.0792 4816 WinUsb - ok 20:35:18.0839 4816 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:35:18.0901 4816 Wlansvc - ok 20:35:18.0932 4816 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:35:18.0964 4816 WmiAcpi - ok 20:35:18.0979 4816 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:35:19.0010 4816 wmiApSrv - ok 20:35:19.0042 4816 WMPNetworkSvc - ok 20:35:19.0073 4816 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:35:19.0104 4816 WPCSvc - ok 20:35:19.0135 4816 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:35:19.0182 4816 WPDBusEnum - ok 20:35:19.0213 4816 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:35:19.0307 4816 ws2ifsl - ok 20:35:19.0322 4816 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:35:19.0354 4816 wscsvc - ok 20:35:19.0369 4816 WSearch - ok 20:35:19.0478 4816 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:35:19.0619 4816 wuauserv - ok 20:35:19.0681 4816 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:35:19.0697 4816 WudfPf - ok 20:35:19.0759 4816 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:35:19.0790 4816 WUDFRd - ok 20:35:19.0837 4816 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:35:19.0868 4816 wudfsvc - ok 20:35:19.0900 4816 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:35:19.0946 4816 WwanSvc - ok 20:35:19.0962 4816 ================ Scan global =============================== 20:35:19.0993 4816 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:35:20.0040 4816 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:35:20.0071 4816 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:35:20.0102 4816 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:35:20.0134 4816 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:35:20.0149 4816 [Global] - ok 20:35:20.0149 4816 ================ Scan MBR ================================== 20:35:20.0165 4816 [ 478F3FFF26CD1A0CB2C870C71E2BFE4E ] \Device\Harddisk0\DR0 20:35:20.0570 4816 \Device\Harddisk0\DR0 - ok 20:35:20.0570 4816 ================ Scan VBR ================================== 20:35:20.0570 4816 [ 6776E1FBA9E79BE0E283B61F816E43C9 ] \Device\Harddisk0\DR0\Partition1 20:35:20.0570 4816 \Device\Harddisk0\DR0\Partition1 - ok 20:35:20.0617 4816 [ 090EC32D1731340B1AABF08AA5DE7E3B ] \Device\Harddisk0\DR0\Partition2 20:35:20.0617 4816 \Device\Harddisk0\DR0\Partition2 - ok 20:35:20.0648 4816 [ 5B623FDA3E0A84A9BFE54059E0C8B095 ] \Device\Harddisk0\DR0\Partition3 20:35:20.0648 4816 \Device\Harddisk0\DR0\Partition3 - ok 20:35:20.0648 4816 ============================================================ 20:35:20.0648 4816 Scan finished 20:35:20.0648 4816 ============================================================ 20:35:20.0758 0664 Detected object count: 3 20:35:20.0758 0664 Actual detected object count: 3 20:35:23.0035 0664 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:35:23.0035 0664 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:35:23.0035 0664 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:35:23.0035 0664 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:35:23.0035 0664 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 20:35:23.0035 0664 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
14.05.2013, 19:54 | #8 |
/// Malware-holic | Polizeivirus .LPD BM.I Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.05.2013, 16:51 | #9 |
| Polizeivirus .LPD BM.ICode:
ATTFilter ComboFix 13-05-14.01 - Markus 15.05.2013 17:14:16.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.3839.2107 [GMT 2:00] ausgeführt von:: c:\users\Markus\Desktop\ComboFix.exe AV: virus.utilities *Enabled/Updated* {54915AF1-3B92-EB1D-9EAD-22745B2972A6} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: virus.utilities *Enabled/Updated* {EFF0BB15-1DA8-E493-A41D-190620AE381B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Im Speicher befindliches AV aktiv. . . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Markus\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\Markus\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\eb.exe c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\fan.sys c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\fix.dll c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\fix.drv c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\gid.dll c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\PE.drv c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys c:\users\Markus\AppData\Roaming\Microsoft\Windows\Recent\sld.sys c:\users\Markus\AppData\Roaming\Personal Security Sentinel c:\users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\TeeSupport.Markus2010\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\users\TeeSupport\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\TeeSupport\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-15 bis 2013-05-15 )))))))))))))))))))))))))))))) . . 2013-05-15 15:23 . 2013-05-15 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-15 03:54 . 2013-05-15 03:54 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A169B6EA-98A2-434E-A715-2CFB188B128B}\offreg.dll 2013-05-14 17:23 . 2013-05-14 17:44 -------- d-----w- C:\_OTL 2013-05-14 11:59 . 2013-05-14 14:31 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer 2013-05-14 08:36 . 2013-05-02 00:06 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-14 08:36 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A169B6EA-98A2-434E-A715-2CFB188B128B}\mpengine.dll 2013-05-13 20:24 . 2013-05-13 20:24 -------- d-----w- c:\program files\Enigma Software Group 2013-05-13 20:23 . 2013-05-13 20:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-05-13 16:24 . 2009-01-25 10:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe 2013-05-13 16:24 . 2013-05-13 16:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-05-13 16:24 . 2013-05-13 16:24 -------- d-----w- c:\users\Markus\AppData\Local\Programs 2013-05-13 15:47 . 2013-05-13 15:47 -------- d-----w- c:\users\TeeSupport 2013-04-24 01:24 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-17 17:09 . 2013-04-17 17:10 -------- d-----w- c:\program files\Paint.NET 2013-04-17 17:08 . 2013-04-17 17:12 -------- d-----w- c:\users\Markus\AppData\Local\Paint.NET . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 00:08 . 2012-03-29 15:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 00:08 . 2012-02-04 14:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 01:05 . 2012-05-16 14:31 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr 2013-03-19 06:04 . 2013-04-10 15:48 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 15:47 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 15:47 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 15:47 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 15:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 15:47 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-01 03:36 . 2013-04-10 15:48 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-22 06:57 . 2013-04-11 01:02 17817088 ----a-w- c:\windows\system32\mshtml.dll 2013-02-22 06:29 . 2013-04-11 01:02 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-02-22 06:27 . 2013-04-11 01:02 2312704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-22 06:21 . 2013-04-11 01:02 1346560 ----a-w- c:\windows\system32\urlmon.dll 2013-02-22 06:20 . 2013-04-11 01:02 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-02-22 06:19 . 2013-04-11 01:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-22 06:18 . 2013-04-11 01:02 237056 ----a-w- c:\windows\system32\url.dll 2013-02-22 06:17 . 2013-04-11 01:02 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-02-22 06:15 . 2013-04-11 01:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-22 06:15 . 2013-04-11 01:02 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-02-22 06:15 . 2013-04-11 01:02 816640 ----a-w- c:\windows\system32\jscript.dll 2013-02-22 06:14 . 2013-04-11 01:02 729088 ----a-w- c:\windows\system32\msfeeds.dll 2013-02-22 06:13 . 2013-04-11 01:02 2147840 ----a-w- c:\windows\system32\iertutil.dll 2013-02-22 06:13 . 2013-04-11 01:02 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-22 06:12 . 2013-04-11 01:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-22 06:09 . 2013-04-11 01:02 248320 ----a-w- c:\windows\system32\ieui.dll 2013-02-22 03:46 . 2013-04-11 01:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-02-22 03:38 . 2013-04-11 01:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2013-02-22 03:37 . 2013-04-11 01:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-02-22 03:34 . 2013-04-11 01:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-02-22 03:34 . 2013-04-11 01:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-22 03:31 . 2013-04-11 01:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-15 06:08 . 2013-04-10 15:48 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-02-15 06:06 . 2013-04-10 15:48 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-02-15 06:02 . 2013-04-10 15:48 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-02-15 04:37 . 2013-04-10 15:48 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-02-15 04:34 . 2013-04-10 15:48 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-02-15 03:25 . 2013-04-10 15:48 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Ikarus-GuardX"="c:\program files (x86)\IKARUS\virus.utilities\bin\guardxkickoff_x64.exe" [2012-10-31 4299496] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] . c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\GuardX] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTGUARD] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ntguard.sys] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-04-08 243744] R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-05 1255736] S1 NTGUARD;NTGUARD;c:\program files (x86)\IKARUS\virus.utilities\bin\ntguard_x64.sys [2012-10-31 36816] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-01 202752] S2 GuardX;GuardX;c:\program files (x86)\IKARUS\virus.utilities\bin\guardxservice.exe [2012-10-31 1805288] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 36441640 *NewlyCreated* - 64526202 *NewlyCreated* - 98741684 *Deregistered* - 36441640 *Deregistered* - 64526202 *Deregistered* - 98741684 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-11 01:55 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:08] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 14:25] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 14:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Markus\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.at/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.at mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 10.0.0.138 DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\oy1cs5ou.default\ FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=22321CC1DE63E462 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-04 20:12; ffxtlbr@delta.com; c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\oy1cs5ou.default\extensions\ffxtlbr@delta.com FF - ExtSQL: 2013-04-04 20:15; plugin@yontoo.com; c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\oy1cs5ou.default\extensions\plugin@yontoo.com FF - ExtSQL: 2013-04-04 20:20; amo@dealplyshopping.com; c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\oy1cs5ou.default\extensions\amo@dealplyshopping.com FF - ExtSQL: 2013-04-04 20:20; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\oy1cs5ou.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2} FF - ExtSQL: !HIDDEN! 2013-03-28 15:12; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutC0C0CtC0D0EyCtA0EyEyCtBtB0FtAtBtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1204230517 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutC0C0CtC0D0EyCtA0EyEyCtBtB0FtAtBtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1204230517 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutC0C0CtC0D0EyCtA0EyEyCtBtB0FtAtBtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1204230517&q= FF - user.js: extensions.funmoods.id - 1CC1DE63E4622F32 FF - user.js: extensions.funmoods.instlDay - 15660 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:21 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - download FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - download FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 22322f320000000000001cc1de63e462 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15799 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:12 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: extentions.y2layers.installId - 637f3b02-fbcc-472e-8fa8-08f91d039f45 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Notify-SDWinLogon - SDWinLogon.dll AddRemove-Mahjong Holidays 2005_is1 - c:\program files (x86)\Mahjong Holidays 2005\ReflexiveArcade\unins000.exe AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-15 17:27:44 ComboFix-quarantined-files.txt 2013-05-15 15:27 . Vor Suchlauf: 11 Verzeichnis(se), 114.828.058.624 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 115.157.516.288 Bytes frei . - - End Of File - - BD0531AB7F5DD74E63985F241AAA19FF |
15.05.2013, 17:02 | #10 |
/// Malware-holic | Polizeivirus .LPD BM.I Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.05.2013, 18:55 | #11 |
| Polizeivirus .LPD BM.ICode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Markus :: MARKUS2010 [Administrator] Schutz: Aktiviert 16.05.2013 15:23:18 mbam-log-2013-05-16 (15-23-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 516482 Laufzeit: 3 Stunde(n), 34 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\_OTL\MovedFiles.zip (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05142013_192335\C_Users\Markus\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
16.05.2013, 18:57 | #12 |
/// Malware-holic | Polizeivirus .LPD BM.I Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.05.2013, 19:00 | #13 |
| Polizeivirus .LPD BM.ICode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.16.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Markus :: MARKUS2010 [Administrator] Schutz: Aktiviert 16.05.2013 15:23:18 mbam-log-2013-05-16 (15-23-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 516482 Laufzeit: 3 Stunde(n), 34 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\_OTL\MovedFiles.zip (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\05142013_192335\C_Users\Markus\AppData\Roaming\skype.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
16.05.2013, 19:02 | #14 |
/// Malware-holic | Polizeivirus .LPD BM.I ok weiter mit CCleaner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Polizeivirus .LPD BM.I |
abgesicherte, abgesicherten, abgesicherten modus, erstell, gestern, hilfe!, killer, modus, polizeivirus, programme, programmen, ratlos, spanisch, spybot, stunde, stunden, troja, trojan, versuche, zunächst |