| |
| |||||||
Log-Analyse und Auswertung: und noch einer: "windowssystem... blockiert... bezahlen... runterladen"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
19.12.2011, 23:11
| #1 |
 |  und noch einer: "windowssystem... blockiert... bezahlen... runterladen" nu hats mich auch erwischt.  hier der bericht vom aktuellen malwarebyte: ------------------------------------------ Malwarebytes' Anti-Malware 1.51.2.1300----------------------------------------------------------------------- ich hab dann problembehebung gem. malwarebyte ausgeführt. system lief dann wieder kurze zeit normal, dann der allseits beliebte schwarze bildschirm mit der nachricht, s. titel. hab dann also otl gemacht, anbei die files. mache e-banking auf dem pc... ist es bereits gefährlich, mich mit dem noch ins internet zu begeben (wie jetzt)? hiiiilfee!  und viiieeelen dank schonmal!!  ps: gezipptes file folgt gleich nach! |
|
19.12.2011, 23:38
| #2 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" und hier noch die zip-files...
__________________thx! |
|
20.12.2011, 00:58
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
20.12.2011, 19:33
| #4 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" uff, gerade von der arbeit gekommen, gleich an den havarierten pc. ok, habs glaub kapiert. OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2011 23:14:36 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,84 Gb Available Physical Memory | 85,76% Memory free 15,96 Gb Paging File | 15,07 Gb Available in Paging File | 94,41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,90 Gb Total Space | 83,74 Gb Free Space | 55,87% Space Free | Partition Type: NTFS Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.22 20:00:56 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2011.10.22 20:00:54 | 000,190,256 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.02.04 12:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007.07.19 15:46:17 | 000,777,576 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nb.exe -- (pr2ah4nb) SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.04.23 21:28:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.03.01 08:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.05.14 13:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.08.10 20:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Stopped] -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.27 02:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2011.10.27 02:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.10.22 20:00:56 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011.10.22 20:00:56 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011.10.22 20:00:55 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011.10.22 20:00:55 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011.10.22 20:00:54 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.29 05:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.07.19 15:45:45 | 000,072,296 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nb.sys -- (pe3ah4nb) DiRT Environment Driver (pe3ah4nb) DRV:64bit: - [2007.07.19 15:43:49 | 000,102,000 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nb.sys -- (ps6ah4nb) DiRT Synchronization Driver (ps6ah4nb) DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) DRV - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.04.09 09:48:08 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z) DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2009.08.07 21:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\temp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 3B C3 DD F3 01 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ncbi.nlm.nih.gov/sites/entrez" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uzh.ch/id/proxy/config.pac" FF - prefs.js..network.proxy.backup.ftp: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch " FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch " FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.uzh.ch " FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch " FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2011.10.27 21:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.02 21:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions [2011.09.04 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions [2011.06.27 22:30:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.12 22:06:35 | 000,000,000 | ---D | M] (Swisscom Quick Help) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [McAfeeUpdaterUI] D:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [{FAF5E1EA-5FA4-11E0-9955-806E6F6E6963}] C:\Users\Admin\AppData\Roaming\Microsoft\dllhsts.exe (Mozilla Foundation) O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A45037E-F0E3-43B0-8CD4-367D5BEF7EBC}: DhcpNameServer = 194.230.1.103 194.230.1.39 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.19 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.19 21:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.12.19 20:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.19 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE} [2011.12.19 10:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332} [2011.12.18 15:42:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B} [2011.12.18 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5} [2011.12.18 12:08:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF} [2011.12.17 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508} [2011.12.17 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0} [2011.12.17 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D} [2011.12.17 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7} [2011.12.17 12:48:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956} [2011.12.16 23:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286} [2011.12.16 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194} [2011.12.16 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF} [2011.12.15 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A} [2011.12.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A} [2011.12.15 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78} [2011.12.15 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB} [2011.12.14 13:22:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62} [2011.12.14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5} [2011.12.14 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43} [2011.12.14 11:14:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993} [2011.12.13 16:42:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.12.13 16:42:39 | 000,095,928 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2011.12.13 15:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\EndNote [2011.12.13 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd [2011.12.13 15:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft [2011.12.13 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote [2011.12.13 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X2 [2011.12.13 15:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers [2011.12.13 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6} [2011.12.13 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52} [2011.12.09 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5} [2011.12.09 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6} [2011.12.08 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E} [2011.12.08 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4} [2011.12.07 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F} [2011.12.07 20:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1} [2011.12.06 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29} [2011.12.06 19:21:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F} [2011.12.05 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5} [2011.12.05 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1} [2011.12.05 10:18:56 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.04 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2011.12.04 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238} [2011.12.04 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC} [2011.12.04 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4} [2011.12.03 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3} [2011.12.03 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C} [2011.12.01 21:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.12.01 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.12.01 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.12.01 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2011.12.01 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621} [2011.11.30 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D} [2011.11.30 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A} [2011.11.29 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6} [2011.11.29 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072} [2011.11.28 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4} [2011.11.28 08:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF} [2011.11.26 09:03:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E} [2011.11.26 09:03:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2} [2011.11.25 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4} [2011.11.25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE} [2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.19 22:16:01 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\c3yl4kki.exe [2011.12.19 22:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2011.12.19 22:14:35 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.12.19 22:07:53 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.19 22:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.19 22:07:43 | 2131,877,887 | -HS- | M] () -- C:\hiberfil.sys [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.12.19 21:58:42 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.19 21:58:42 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.19 21:57:04 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.19 21:57:04 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.19 21:57:04 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.19 21:57:04 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.19 21:57:04 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.19 21:51:02 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.19 21:51:00 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job [2011.12.19 19:32:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.16 08:33:37 | 563,741,110 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.16 08:00:16 | 000,452,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.04 09:46:17 | 000,000,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2011.12.01 20:29:01 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2011.11.26 12:18:16 | 000,031,232 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.25 09:44:37 | 000,001,568 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.19 22:16:06 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\c3yl4kki.exe [2011.12.19 22:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2011.12.19 22:14:45 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.12.01 20:29:01 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2011.11.25 09:44:37 | 000,001,568 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 22:37:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.06 10:39:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.07.21 12:00:48 | 000,948,096 | ---- | C] () -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll [2011.06.18 11:26:28 | 000,037,047 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.06.18 11:19:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.15 18:51:13 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2011.06.02 21:05:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.19 20:49:36 | 000,037,095 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.05.17 22:25:48 | 000,012,997 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2011.05.17 22:19:22 | 000,012,994 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL [2011.05.17 21:52:20 | 000,031,232 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.09 21:48:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.09 21:48:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.09 21:48:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.05.09 21:18:17 | 000,000,312 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.04.25 09:17:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.24 19:19:19 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda [2011.04.24 00:09:27 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.05 18:25:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.04.05 18:25:32 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.12.15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2010.12.15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft [2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM [2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop [2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations [2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote [2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer [2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro [2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios [2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI [2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo [2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF [2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit [2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress [2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense [2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung [2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3 [2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.12.19 21:51:00 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job [2011.10.16 16:07:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.05 18:05:34 | 000,000,000 | ---D | M] -- C:\$Recycle.Bin [2011.04.23 22:04:01 | 000,000,000 | ---D | M] -- C:\36855b19b092064c5b28fc79223cd3 [2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\downloads [2011.04.25 08:28:43 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver [2011.04.05 18:13:21 | 000,000,000 | ---D | M] -- C:\Intel [2011.11.04 22:37:06 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.12.04 21:22:59 | 000,000,000 | ---D | M] -- C:\Program Files [2011.12.19 22:10:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.12.13 15:27:30 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.04.05 18:05:21 | 000,000,000 | ---D | M] -- C:\Recovery [2010.11.20 03:24:36 | 000,000,000 | -H-D | M] -- C:\SysApp [2011.12.16 01:08:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.15 11:27:34 | 000,000,000 | ---D | M] -- C:\Temp [2011.05.09 22:03:30 | 000,000,000 | ---D | M] -- C:\Users [2011.12.19 20:45:36 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 00:23:36 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > --- --- ---OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.12.2011 22:17:44 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 7,12 Gb Available Physical Memory | 89,22% Memory free
15,96 Gb Paging File | 15,21 Gb Available in Paging File | 95,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 83,74 Gb Free Space | 55,86% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "d:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = d:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = d:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = d:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = d:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02233C32-A584-4337-9FD1-864F6BC43F67}" = Nitro PDF Reader
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{BE83E4A4-A678-4211-AF2B-2EC8ECC0AC73}" = HP Print View Software
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Profi Business 2011.SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.6.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"WinGimp-2.0_is1" = GIMP 2.6.8
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002B1E90-3241-4D45-8831-E89020F8E7E6}" = EndNote X2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{594F6A23-9FF2-4D03-8761-97483E55CE79}" = NVIDIA 3D Vision Video Player
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8AB607-DBA4-4367-BDB0-D1E827BE2D9A}" = Swisscom Quick Help
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D9198056-A296-4583-A790-C0E73694CFE8}" = D-Link DWA-131 Wireless N Nano USB Adapter
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Anonymity 4 Proxy_is1" = Anonymity 4 Proxy version 2.8
"AnyDVD" = AnyDVD
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Clickster16342" = Clickster
"DTGDesktop" = Documents To Go Desktop for iPhone
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.2.1
"Free Video to Samsung Phones Converter_is1" = Free Video to Samsung Phones Converter version 1.1.4.920
"Free YouTube Download_is1" = Free YouTube Download version 3.0.0.602
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Chrome" = Google Chrome
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HTTS 2.10" = HTTS 2.10
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"iTwin_is1" = iTwin 3.2 Final
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Miranda IM" = Miranda IM 0.9.13
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA 3D Vision PowerPack - Batman Arkham Asylum_is1" = NVIDIA 3D Vision PowerPack - Batman Arkham Asylum
"NVIDIA 3D Vision PowerPack - QuakeCon 2009_is1" = NVIDIA 3D Vision PowerPack - QuakeCon 2009
"NVIDIA 3D Vision PowerPack - Santa Clara Classic~59A618D7_is1" = NVIDIA 3D Vision PowerPack - Santa Clara Classic Car Show 2009
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"StartEd Lite" = StartEd Lite
"Steam App 105400" = Fable III
"Steam App 23490" = Tropico 3 - Steam Special Edition
"Steam App 33230" = Assassin's Creed II
"Steam App 33670" = Disciples III: Renaissance
"Steam App 34030" = Napoleon: Total War
"Steam App 43110" = Metro 2033
"Steam App 47870" = Need for Speed: Hot Pursuit
"Steam App 50130" = Mafia II
"Steam App 50620" = Darksiders
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 57600" = Tropico 3: Absolute Power
"Steam App 620" = Portal 2
"Sweet Home 3D_is1" = Sweet Home 3D version 3.2
"Swisscom Quick Help" = Swisscom Quick Help
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"UpdateYeti_is1" = UpdateYeti
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
bin sehr gespannt! thx a lot, Rob. |
|
20.12.2011, 21:45
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen"Zitat:
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.12.2011, 22:07
| #6 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" ja, hatte inzwischen nochmal laufen lassen und die drei gemeldeten infektionen (hoffentlich) beheben lassen. here we go: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 8405
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
20.12.2011 21:51:52
mbam-log-2011-12-20 (21-51-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 377255
Laufzeit: 24 Minute(n), 48 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{FAF5E1EA-5FA4-11E0-9955-806E6F6E6963} (Trojan.FakeFF) -> Value: {FAF5E1EA-5FA4-11E0-9955-806E6F6E6963} -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Admin\AppData\Roaming\microsoft\dllhsts.exe (Trojan.FakeFF) -> No action taken.
c:\Users\Admin\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54\277103f6-23722205 (Trojan.FakeFF) -> No action taken.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8399
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421
19.12.2011 21:49:24
mbam-log-2011-12-19 (21-49-24).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 546805
Laufzeit: 45 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
d:\docs\PUK\misc\Progs\freeripmp3.exe (Adware.MyWaySearch) -> Quarantined and deleted successfully.
c:\Users\Admin\AppData\Local\Temp\0.4609722247639225.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
war's das wohlmöglich schon?!  bin jetzt wieder im normalen modus online - ist das bedenklich? wie verhindere ich sowas künftig?? lg und thx! Rob. |
|
20.12.2011, 22:13
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2011, 07:31
| #8 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" und da noch...  Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 11:23:23
# local_time=2011-12-21 12:23:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 5106193 76045988 0 0
# compatibility_mode=8192 67108863 100 0 3678 3678 0 0
# scanned=375300
# found=1
# cleaned=0
# scan_time=7264
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3afd8f9c-7409c003 a variant of Java/Exploit.CVE-2011-3544.G trojan (unable to clean) 00000000000000000000000000000000 I
what next?  thx! |
|
21.12.2011, 10:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Mach ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2011, 00:24
| #10 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" gerade zurück von der betriebs-weihnachtsfeier... here we go again: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.12.2011 00:02:29 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Admin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,61 Gb Available Physical Memory | 82,85% Memory free 15,96 Gb Paging File | 14,08 Gb Available in Paging File | 88,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,90 Gb Total Space | 83,18 Gb Free Space | 55,49% Space Free | Partition Type: NTFS Drive D: | 390,76 Gb Total Space | 315,34 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive E: | 390,76 Gb Total Space | 148,36 Gb Free Space | 37,97% Space Free | Partition Type: NTFS Drive H: | 931,51 Gb Total Space | 587,92 Gb Free Space | 63,11% Space Free | Partition Type: NTFS Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe PRC - [2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.01.12 15:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe PRC - [2011.01.12 15:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe PRC - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe PRC - [2011.01.12 15:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- D:\Program Files (x86)\McAfee\Common Framework\McTray.exe PRC - [2011.01.12 07:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe PRC - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2011.01.12 07:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.12.13 16:35:59 | 000,115,137 | ---- | M] () -- C:\Users\Admin\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll MOD - [2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2007.04.18 18:30:46 | 000,471,040 | ---- | M] () -- D:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll MOD - [2007.04.18 18:30:46 | 000,393,216 | ---- | M] () -- D:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.22 20:00:56 | 000,156,248 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2011.10.22 20:00:54 | 000,190,256 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.02.04 12:10:20 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool) SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007.07.19 15:46:17 | 000,777,576 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nb.exe -- (pr2ah4nb) SRV:64bit: - [2007.05.18 20:53:45 | 000,754,288 | ---- | M] (CODEMASTERS) [Auto | Stopped] -- C:\Windows\SysNative\pr2ah4nc.exe -- (pr2ah4nc) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.09 21:48:53 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.04.23 21:28:33 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.01 17:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011.03.01 08:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2011.01.12 15:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- D:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011.01.12 07:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.05.14 13:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- E:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.08.10 20:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.06.26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- d:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.27 02:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2011.10.27 02:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.10.22 20:00:56 | 000,281,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011.10.22 20:00:56 | 000,097,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011.10.22 20:00:55 | 000,607,152 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011.10.22 20:00:55 | 000,217,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011.10.22 20:00:54 | 000,153,952 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.29 05:01:46 | 000,695,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.07.19 15:45:45 | 000,072,296 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nb.sys -- (pe3ah4nb) DiRT Environment Driver (pe3ah4nb) DRV:64bit: - [2007.07.19 15:43:49 | 000,102,000 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nb.sys -- (ps6ah4nb) DiRT Synchronization Driver (ps6ah4nb) DRV:64bit: - [2007.05.18 20:53:12 | 000,072,560 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pe3ah4nc.sys -- (pe3ah4nc) DiRT Environment Driver (pe3ah4nc) DRV:64bit: - [2007.05.18 20:52:49 | 000,077,176 | ---- | M] (CODEMASTERS) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ps6ah4nc.sys -- (ps6ah4nc) DiRT Synchronization Driver (ps6ah4nc) DRV - [2011.08.19 16:01:33 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.04.09 09:48:08 | 000,027,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Admin\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z) DRV - [2010.12.18 12:03:58 | 000,025,280 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2009.08.07 21:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = E:\temp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 3B C3 DD F3 01 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ncbi.nlm.nih.gov/sites/entrez" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.uzh.ch/id/proxy/config.pac" FF - prefs.js..network.proxy.backup.ftp: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "proxy.uzh.ch " FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "proxy.uzh.ch " FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy.uzh.ch " FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.uzh.ch " FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.uzh.ch " FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.100: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2011.10.27 21:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.02 21:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions [2011.09.04 13:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions [2011.06.27 22:30:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vuk64sm6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.12 22:06:35 | 000,000,000 | ---D | M] (Swisscom Quick Help) -- D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{6A6114A5-EEF5-45F4-BCD1-B00A7B33E04B} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files (x86)\NOS\bin\np_gp.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111022210200.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [McAfeeUpdaterUI] D:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A45037E-F0E3-43B0-8CD4-367D5BEF7EBC}: DhcpNameServer = 194.230.1.103 194.230.1.39 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet:64bit: mfevtp - C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FFDS - ff_vfw.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.20 22:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.19 21:59:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.12.19 20:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.19 10:38:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE} [2011.12.19 10:38:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332} [2011.12.18 15:42:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B} [2011.12.18 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5} [2011.12.18 12:08:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF} [2011.12.17 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508} [2011.12.17 15:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0} [2011.12.17 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D} [2011.12.17 15:01:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7} [2011.12.17 12:48:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956} [2011.12.16 23:25:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286} [2011.12.16 08:44:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194} [2011.12.16 08:44:12 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF} [2011.12.15 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A} [2011.12.15 22:12:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A} [2011.12.15 10:01:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78} [2011.12.15 10:01:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB} [2011.12.14 13:22:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62} [2011.12.14 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5} [2011.12.14 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43} [2011.12.14 11:14:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993} [2011.12.13 16:42:39 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys [2011.12.13 16:42:39 | 000,095,928 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys [2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2011.12.13 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2011.12.13 15:40:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\EndNote [2011.12.13 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Risxtd [2011.12.13 15:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ResearchSoft [2011.12.13 15:28:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EndNote [2011.12.13 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EndNote X2 [2011.12.13 15:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Thomson.ResearchSoft.Installers [2011.12.13 11:56:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6} [2011.12.13 11:56:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52} [2011.12.09 00:22:26 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5} [2011.12.09 00:22:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6} [2011.12.08 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E} [2011.12.08 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4} [2011.12.07 20:05:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F} [2011.12.07 20:05:14 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1} [2011.12.06 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29} [2011.12.06 19:21:51 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F} [2011.12.05 12:15:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5} [2011.12.05 12:15:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1} [2011.12.05 10:18:56 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.04 21:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro [2011.12.04 13:00:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238} [2011.12.04 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC} [2011.12.04 09:24:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4} [2011.12.03 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3} [2011.12.03 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C} [2011.12.01 21:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.12.01 20:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.12.01 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.12.01 20:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2011.12.01 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621} [2011.11.30 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D} [2011.11.30 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A} [2011.11.29 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6} [2011.11.29 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072} [2011.11.28 08:50:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4} [2011.11.28 08:50:43 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF} [2011.11.26 09:03:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E} [2011.11.26 09:03:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2} [2011.11.25 09:52:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4} [2011.11.25 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE} [2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.25 09:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.22 00:01:36 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.22 00:01:36 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.21 23:44:08 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job [2011.12.21 23:41:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.21 23:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.21 00:32:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.20 22:00:22 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.20 22:00:22 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.20 22:00:22 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.20 22:00:22 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.20 22:00:22 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.20 21:53:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.20 21:53:29 | 2131,877,887 | -HS- | M] () -- C:\hiberfil.sys [2011.12.19 23:36:56 | 000,030,565 | ---- | M] () -- C:\Users\Admin\Desktop\logfiles.zip [2011.12.19 22:16:01 | 000,302,592 | ---- | M] () -- C:\Users\Admin\Desktop\c3yl4kki.exe [2011.12.19 22:15:12 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2011.12.19 22:14:35 | 000,050,477 | ---- | M] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.12.19 21:59:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe [2011.12.16 08:33:37 | 563,741,110 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.16 08:00:16 | 000,452,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.04 09:46:17 | 000,000,771 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2011.12.01 20:29:01 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2011.11.26 12:18:16 | 000,031,232 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.25 09:44:37 | 000,001,568 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.19 23:19:19 | 000,030,565 | ---- | C] () -- C:\Users\Admin\Desktop\logfiles.zip [2011.12.19 22:16:06 | 000,302,592 | ---- | C] () -- C:\Users\Admin\Desktop\c3yl4kki.exe [2011.12.19 22:15:12 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2011.12.19 22:14:45 | 000,050,477 | ---- | C] () -- C:\Users\Admin\Desktop\Defogger.exe [2011.12.01 20:29:01 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk [2011.11.25 09:44:37 | 000,001,568 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 22:37:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.06 10:39:49 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2011.07.21 12:00:48 | 000,948,096 | ---- | C] () -- C:\Windows\SysWow64\M2ElevatedNetworkAdapters.dll [2011.06.18 11:26:28 | 000,037,047 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.06.18 11:19:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2011.06.15 18:51:13 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2011.06.02 21:05:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.05.19 20:49:36 | 000,037,095 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.05.17 22:25:48 | 000,012,997 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Kommagetrennte Werte (Windows).CAL [2011.05.17 22:19:22 | 000,012,994 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Tabulatorgetrennte Werte (Windows).CAL [2011.05.17 21:52:20 | 000,031,232 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.09 21:48:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.09 21:48:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.09 21:48:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.05.09 21:18:17 | 000,000,312 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.04.25 09:17:07 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.04.24 19:19:19 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda [2011.04.24 00:09:27 | 001,532,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.05 18:25:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.04.05 18:25:32 | 000,026,999 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2010.12.15 16:59:54 | 000,692,224 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2010.12.15 16:59:54 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS ========== LOP Check ========== [2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft [2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM [2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop [2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations [2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote [2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer [2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro [2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios [2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI [2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo [2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF [2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit [2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress [2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense [2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung [2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3 [2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2011.12.21 23:44:08 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job [2011.10.16 16:07:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.04 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Abelssoft [2011.12.01 23:16:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.05.17 22:13:24 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2011.12.13 16:46:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\BOM [2011.04.24 11:40:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2011.07.01 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink [2011.05.23 19:56:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DocumentsToGoDesktop [2011.04.30 06:55:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Downloaded Installations [2011.11.02 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2011.11.06 20:46:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dvdcss [2011.11.06 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.06.27 22:30:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.13 15:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\EndNote [2011.04.24 19:14:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFileViewer [2011.07.28 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google [2011.07.17 22:49:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\GrabPro [2011.10.11 21:53:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0 [2011.10.06 22:57:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lionhead Studios [2011.04.24 11:27:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2011.06.06 21:58:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2011.10.22 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\McAfee [2011.02.25 07:19:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.12.19 12:28:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI [2011.10.03 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo [2011.04.24 16:15:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Miranda [2011.06.02 21:00:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.12.03 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nitro PDF [2011.09.04 22:12:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NVIDIA [2011.04.24 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org [2011.12.19 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Orbit [2011.11.05 01:14:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress [2011.09.04 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ProgSense [2011.05.17 21:50:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung [2011.04.28 22:10:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SecuROM [2011.10.16 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype [2011.10.27 21:50:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Corporation [2011.07.03 16:06:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\The Creative Assembly [2011.12.18 21:58:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tropico 3 [2011.09.04 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft [2011.09.25 23:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent [2011.10.07 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\vlc [2011.04.26 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Winamp [2011.04.24 14:47:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.09.21 09:43:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.09.21 09:43:18 | 000,278,928 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.09.16 03:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2011.09.21 09:43:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.09.16 03:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.09.16 03:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.09.16 03:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.09.21 09:43:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.09.16 03:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2011.09.16 03:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2011.09.21 09:43:22 | 000,131,984 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.09.21 09:43:24 | 000,020,880 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.09.21 09:43:26 | 004,662,392 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.09.16 03:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.09.21 09:43:28 | 000,364,432 | ---- | M] (ml) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\Admin\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > besten dank! Rob. |
|
22.12.2011, 13:44
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell - "" = AutoRun
O33 - MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell - "" = AutoRun
O33 - MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Start.exe
:Files
C:\Users\Admin\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2011, 22:14
| #12 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" ok, hier das ergebnis... !? Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{013b4801-225b-11e1-bb73-14d64d08d690}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b305-1e50-11e1-b929-bcaec5761180}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a36b309-1e50-11e1-b929-bcaec5761180}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85afecf5-a40d-11e0-82c6-bcaec5761180}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Start.exe not found.
========== FILES ==========
C:\Users\Admin\AppData\Local\{00449953-7AAA-4F93-90BF-93CCB7672F43} folder moved successfully.
C:\Users\Admin\AppData\Local\{006DBCCD-0983-4AD0-B4D6-E7FAD849B28D} folder moved successfully.
C:\Users\Admin\AppData\Local\{00737A6E-36BC-4E76-8AD0-D395CB1D07F7} folder moved successfully.
C:\Users\Admin\AppData\Local\{033CDFA4-8452-4393-8C10-618D249BD0BB} folder moved successfully.
C:\Users\Admin\AppData\Local\{04120969-67AA-4DF2-AF4A-AAC21EA41034} folder moved successfully.
C:\Users\Admin\AppData\Local\{052E60D6-FAB2-4908-BFB0-A4A7DC5A0A74} folder moved successfully.
C:\Users\Admin\AppData\Local\{05B9A2AE-BF12-41C6-961D-A54C8DBD8ED5} folder moved successfully.
C:\Users\Admin\AppData\Local\{0726E27E-CDD3-4D3F-AFE9-2FE51D7483BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{08E7F5E7-C8B0-4C30-94D2-682FE1E4C48F} folder moved successfully.
C:\Users\Admin\AppData\Local\{0923D0A2-A8C4-4842-929A-9DF0A0EE4725} folder moved successfully.
C:\Users\Admin\AppData\Local\{0A3DC3C1-C642-4208-8C70-07ABACBAD949} folder moved successfully.
C:\Users\Admin\AppData\Local\{0AF0AE8E-54BB-402B-8816-77D6FDDB7557} folder moved successfully.
C:\Users\Admin\AppData\Local\{0BEEBE08-AF5C-4526-A3F7-59D129FBE085} folder moved successfully.
C:\Users\Admin\AppData\Local\{0BEFD3DD-96B6-43E0-B127-1D8036E08B4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{0D7DDFF4-A220-4D84-8063-67929C9E7B58} folder moved successfully.
C:\Users\Admin\AppData\Local\{0D7E4846-3D75-476B-83F8-2521CFBA21E3} folder moved successfully.
C:\Users\Admin\AppData\Local\{0E032CCB-48A9-4E7E-9734-65F198F54FD2} folder moved successfully.
C:\Users\Admin\AppData\Local\{0E2AD6FA-DD76-461F-A786-640FF0EC396A} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F04AEE8-D00B-4C35-8AAF-DB929D6AD798} folder moved successfully.
C:\Users\Admin\AppData\Local\{0F2A97A0-0A37-478A-AAE9-66333EF1F212} folder moved successfully.
C:\Users\Admin\AppData\Local\{0FB44A56-B769-4977-AE41-CF554AA3C974} folder moved successfully.
C:\Users\Admin\AppData\Local\{103C77AC-31B7-47BE-B5E3-5796DB9F3221} folder moved successfully.
C:\Users\Admin\AppData\Local\{10EC14C4-B18E-40CF-BB20-D81A1C348FF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{10ECA0E0-7EEA-4BC2-A4EA-63E25C260D5C} folder moved successfully.
C:\Users\Admin\AppData\Local\{110FC940-B00A-433C-83A4-24044078CC61} folder moved successfully.
C:\Users\Admin\AppData\Local\{11A638E4-E31A-42C0-AC6C-9CEDBB124710} folder moved successfully.
C:\Users\Admin\AppData\Local\{13F6C982-7463-4D34-96A1-230068DC0B62} folder moved successfully.
C:\Users\Admin\AppData\Local\{1462832A-CA01-4F15-9870-6912A73CDBAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{14C02EC7-BB44-4ADC-9EA2-061F3DCB86D0} folder moved successfully.
C:\Users\Admin\AppData\Local\{15032DA0-D35F-4D4C-BF1C-425C34F574CC} folder moved successfully.
C:\Users\Admin\AppData\Local\{15E13E43-85F0-49EB-AFB3-66CFCBC12194} folder moved successfully.
C:\Users\Admin\AppData\Local\{16248560-B470-4542-ADC7-B3D86051444A} folder moved successfully.
C:\Users\Admin\AppData\Local\{167FA079-127D-46F0-AA15-49774DC3F903} folder moved successfully.
C:\Users\Admin\AppData\Local\{171B0999-D511-4DEA-8EF4-C1BC57866B6B} folder moved successfully.
C:\Users\Admin\AppData\Local\{17AD9BFE-DEF3-4670-8D6E-21CF04009FD6} folder moved successfully.
C:\Users\Admin\AppData\Local\{182F5575-7289-451B-BAD3-F55DF085193E} folder moved successfully.
C:\Users\Admin\AppData\Local\{18B42808-A7B8-4874-966C-C18F49CDB164} folder moved successfully.
C:\Users\Admin\AppData\Local\{191EC8D0-42B8-4A42-9F43-6C01E9C08C40} folder moved successfully.
C:\Users\Admin\AppData\Local\{1BD98FBB-3BDE-45D9-AEB6-CC7AE4C16B57} folder moved successfully.
C:\Users\Admin\AppData\Local\{1EED2456-F2E5-42A0-ADFA-486AF85D01A5} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F1C002D-4383-4184-825E-B1E500294A5A} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F2C7C36-4924-419B-8010-239C3BFA32C2} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F46F5A4-3D57-4FF7-B184-5C6947AB77D3} folder moved successfully.
C:\Users\Admin\AppData\Local\{1F87DA29-2486-4906-BC8B-4EE7475AEFE5} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FAB0B94-DFAD-43DC-A257-9AE22B6AAE29} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FBA0EDC-7968-4088-808F-81E846CE530B} folder moved successfully.
C:\Users\Admin\AppData\Local\{1FF3330C-1789-40C9-A395-66B5D0B0DDA3} folder moved successfully.
C:\Users\Admin\AppData\Local\{2082BC1E-1528-4255-B734-87FE2C9EB21A} folder moved successfully.
C:\Users\Admin\AppData\Local\{20A7C882-66B2-4426-86FC-A82D4FF31B80} folder moved successfully.
C:\Users\Admin\AppData\Local\{21164582-F378-4FA9-83E8-D61BA4A2AE27} folder moved successfully.
C:\Users\Admin\AppData\Local\{21467250-501F-4B7A-9BBB-EE03356B1D68} folder moved successfully.
C:\Users\Admin\AppData\Local\{220E36A0-E65E-45C9-9E4B-92706D1C4904} folder moved successfully.
C:\Users\Admin\AppData\Local\{23DD85B6-29E4-42D9-AF1A-1807AD677DE6} folder moved successfully.
C:\Users\Admin\AppData\Local\{23FDCCAF-C90C-4458-AC80-B3AA9269E70E} folder moved successfully.
C:\Users\Admin\AppData\Local\{240A97B0-D5C1-479A-996D-DAFC8969A63F} folder moved successfully.
C:\Users\Admin\AppData\Local\{241C8739-C5C1-4637-86A9-69D1A83354BF} folder moved successfully.
C:\Users\Admin\AppData\Local\{244316AE-5CD0-482B-812B-59CF36BF398C} folder moved successfully.
C:\Users\Admin\AppData\Local\{2487A288-6DB7-4174-AFB0-25219322AC14} folder moved successfully.
C:\Users\Admin\AppData\Local\{25135756-13BA-43E1-923F-D6608ED627B6} folder moved successfully.
C:\Users\Admin\AppData\Local\{25164044-7A86-4145-AD0B-424CD8C91DF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{2552EEF7-D83E-49BE-A2A4-90B853E59CF5} folder moved successfully.
C:\Users\Admin\AppData\Local\{2667AE30-3950-4C20-BE0E-D3F59793BEB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{27AD781C-7E40-4051-BDCD-B145A2B55EE3} folder moved successfully.
C:\Users\Admin\AppData\Local\{28A40B28-7F87-4604-90FF-EC6A79A1F9FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{296DB918-12B5-4490-BB82-2980F5F0A159} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AC59CF3-1DB1-4617-9DF9-681655987D29} folder moved successfully.
C:\Users\Admin\AppData\Local\{2AC7BAEC-5562-45A6-AE32-8EFAA714B99B} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B18C799-6228-4CF9-94E4-BEE1B9D4F6F8} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B6A5F9E-EF8D-4ADF-9D01-7BFF6327E5AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{2B6CF5D1-C0CF-4F7B-ABFA-43A765B65D7C} folder moved successfully.
C:\Users\Admin\AppData\Local\{2C63A471-89DF-4322-8164-159011EF62B7} folder moved successfully.
C:\Users\Admin\AppData\Local\{2E492456-0C85-479B-9D29-DFB0EDA605E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{2E558F3F-73C4-4A86-94EB-EBCF5A63975B} folder moved successfully.
C:\Users\Admin\AppData\Local\{2EED9D1C-D820-49CE-91B0-C6DDC153221B} folder moved successfully.
C:\Users\Admin\AppData\Local\{32E83B6F-BE43-4CA4-AA65-F6B9AEEDD470} folder moved successfully.
C:\Users\Admin\AppData\Local\{345F9F7C-8133-45BF-A24D-3BEC746B7C96} folder moved successfully.
C:\Users\Admin\AppData\Local\{3468A910-7761-4ED3-828F-452387363AF2} folder moved successfully.
C:\Users\Admin\AppData\Local\{349F85A7-E424-476A-86DD-FABFE187D13F} folder moved successfully.
C:\Users\Admin\AppData\Local\{35B08925-7F82-4E81-BD8D-1DD2403FBA15} folder moved successfully.
C:\Users\Admin\AppData\Local\{360A4FF2-66FD-4C66-8FD9-F55C03D07E28} folder moved successfully.
C:\Users\Admin\AppData\Local\{36518612-8607-4FD2-A879-DBE203F7FE1C} folder moved successfully.
C:\Users\Admin\AppData\Local\{36B32911-88A7-40A8-B324-B25EC9A67E93} folder moved successfully.
C:\Users\Admin\AppData\Local\{371A1863-4445-495D-942A-E19FC37BD28B} folder moved successfully.
C:\Users\Admin\AppData\Local\{37370D35-0660-4CA6-8AD0-73A0F19AD7D2} folder moved successfully.
C:\Users\Admin\AppData\Local\{37686AEC-3AC9-484B-8E8C-4C5BEEA1F5A0} folder moved successfully.
C:\Users\Admin\AppData\Local\{383C13A5-0EA9-4088-B369-E5A7CCDD8BB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{388DE5A6-ECE4-4EC8-894E-9C888F7F2A9D} folder moved successfully.
C:\Users\Admin\AppData\Local\{39257209-670C-42B8-8BF7-4CA44A0ACECF} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A18BF47-63B4-4862-BF87-E6C3F4287DA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A408243-1990-417E-9689-BFAD0695B697} folder moved successfully.
C:\Users\Admin\AppData\Local\{3A895010-51A0-4E28-A3B1-5D3E1B908EDB} folder moved successfully.
C:\Users\Admin\AppData\Local\{3B310D71-7BB9-4802-BFB2-A36B6E383993} folder moved successfully.
C:\Users\Admin\AppData\Local\{3BDE017A-8C81-4ECD-B62D-0762A98B127B} folder moved successfully.
C:\Users\Admin\AppData\Local\{3D290971-4158-492D-BC37-B14F9B43D7A5} folder moved successfully.
C:\Users\Admin\AppData\Local\{3DBC4621-D704-42CD-8222-5999BD194AAB} folder moved successfully.
C:\Users\Admin\AppData\Local\{3F457537-FFD7-4FD8-8FAD-3ECBC3959E52} folder moved successfully.
C:\Users\Admin\AppData\Local\{3F7B5C72-C737-4E9A-9003-A73648B477DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{40232049-3BA2-4E28-901E-738A7C17CA45} folder moved successfully.
C:\Users\Admin\AppData\Local\{407455A4-BA56-439A-9633-766DD13DA970} folder moved successfully.
C:\Users\Admin\AppData\Local\{40CBCF59-9044-4924-95B0-A181B7A6D673} folder moved successfully.
C:\Users\Admin\AppData\Local\{40CF7AFA-9604-49F0-A3E6-F4A966B7D7E2} folder moved successfully.
C:\Users\Admin\AppData\Local\{40ED7413-A8B8-4011-9322-96FC81E9883C} folder moved successfully.
C:\Users\Admin\AppData\Local\{41975D64-2E8E-4B27-A6FA-8EDF9467D464} folder moved successfully.
C:\Users\Admin\AppData\Local\{41A85A44-148A-42E7-9224-0FF232116300} folder moved successfully.
C:\Users\Admin\AppData\Local\{423C3ECF-0784-43F3-A930-10D61F2777D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{42C3F536-97A1-4B41-898E-B939109C3492} folder moved successfully.
C:\Users\Admin\AppData\Local\{4342F707-F022-45A3-AD6A-23B80D4D9D37} folder moved successfully.
C:\Users\Admin\AppData\Local\{435F9D3C-4935-494F-88E9-8CFA07522E20} folder moved successfully.
C:\Users\Admin\AppData\Local\{43667F97-ECB2-4A25-8881-8EDC863FDA08} folder moved successfully.
C:\Users\Admin\AppData\Local\{440B19C2-65ED-4133-8C2E-5B1D1D5D388E} folder moved successfully.
C:\Users\Admin\AppData\Local\{454E4B23-C84F-42AC-85E5-F84AE02CF7A7} folder moved successfully.
C:\Users\Admin\AppData\Local\{45769F1A-1342-48F8-960F-047915E2627B} folder moved successfully.
C:\Users\Admin\AppData\Local\{458567F2-D606-49AC-955C-CFB182A0D33D} folder moved successfully.
C:\Users\Admin\AppData\Local\{45B7D378-00CC-4873-BBBC-60617D598AAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{466D6622-05D6-414B-B8DE-8959883E3CB2} folder moved successfully.
C:\Users\Admin\AppData\Local\{47007526-E539-43AE-A24F-4E425D5B2955} folder moved successfully.
C:\Users\Admin\AppData\Local\{47B60242-9188-4A8E-90FD-B080F1EB6B3E} folder moved successfully.
C:\Users\Admin\AppData\Local\{4952C85E-17B0-4EDC-BC6A-A08151DC5BCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{496F127F-3A91-400B-8C24-6F3A2C234E92} folder moved successfully.
C:\Users\Admin\AppData\Local\{49AC3A8B-2466-4057-B4E8-91BFC90832AB} folder moved successfully.
C:\Users\Admin\AppData\Local\{4A24624D-FF85-40E3-9285-7C825ADCC1B0} folder moved successfully.
C:\Users\Admin\AppData\Local\{4A94F734-4711-430C-B1A5-74629E145C9C} folder moved successfully.
C:\Users\Admin\AppData\Local\{4AF46E16-2E34-4139-95FB-DCAAC679660F} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B0E7995-8914-462D-98E2-4EAF2534BB19} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B18A9E5-596B-44BA-9EEC-E55643704860} folder moved successfully.
C:\Users\Admin\AppData\Local\{4B2A35B7-64BE-433A-BE54-64AD9B658C55} folder moved successfully.
C:\Users\Admin\AppData\Local\{4C396E07-EABF-40B9-955B-FA416E17F5F1} folder moved successfully.
C:\Users\Admin\AppData\Local\{4DB1400B-27C5-4234-A4FD-5339FBF9192F} folder moved successfully.
C:\Users\Admin\AppData\Local\{4E412259-DEF4-40C8-AF8C-E514BECE2911} folder moved successfully.
C:\Users\Admin\AppData\Local\{4EF38820-4A6F-4668-B366-71797036BB5D} folder moved successfully.
C:\Users\Admin\AppData\Local\{500D841E-ECBF-4F68-BBB9-223451024207} folder moved successfully.
C:\Users\Admin\AppData\Local\{5063506A-C442-4A1A-B551-C17768B0CFAE} folder moved successfully.
C:\Users\Admin\AppData\Local\{506780AA-C3EB-4268-80FE-B16CCF90130E} folder moved successfully.
C:\Users\Admin\AppData\Local\{51196E99-D82E-4412-9041-D28E7B37340A} folder moved successfully.
C:\Users\Admin\AppData\Local\{519D0A39-3864-4F48-BDF8-8443FDD1A90E} folder moved successfully.
C:\Users\Admin\AppData\Local\{52961D52-540D-4DAB-A8AC-BD20C3C5F9A2} folder moved successfully.
C:\Users\Admin\AppData\Local\{52B1D313-1D2F-49CF-B018-AF78CC05721C} folder moved successfully.
C:\Users\Admin\AppData\Local\{5347E550-1BA8-4DC3-AC28-5DC31BB02AB6} folder moved successfully.
C:\Users\Admin\AppData\Local\{534C6B28-B1DB-4ABB-9383-C87F76980DD5} folder moved successfully.
C:\Users\Admin\AppData\Local\{53F06354-5D48-455C-A5F6-29DFD74C1867} folder moved successfully.
C:\Users\Admin\AppData\Local\{54B5BDBE-54BB-4555-95C5-031B3A16445B} folder moved successfully.
C:\Users\Admin\AppData\Local\{54DAF5B0-1430-4C71-91B8-7C7F83EA24C1} folder moved successfully.
C:\Users\Admin\AppData\Local\{55D5DDAD-C975-4305-B509-A0399021E944} folder moved successfully.
C:\Users\Admin\AppData\Local\{5724F692-9B91-4A09-B296-3A4920970CC7} folder moved successfully.
C:\Users\Admin\AppData\Local\{57F5F7EB-A866-42E4-84CD-04C84C5923DE} folder moved successfully.
C:\Users\Admin\AppData\Local\{58EBF592-2CC9-4008-BADB-7305FA51CD3F} folder moved successfully.
C:\Users\Admin\AppData\Local\{58F53F9A-BC8F-4EE5-B256-F75C8EDB36C3} folder moved successfully.
C:\Users\Admin\AppData\Local\{59F66153-6E08-4A59-8D48-9AC29971D0C4} folder moved successfully.
C:\Users\Admin\AppData\Local\{5A45DD01-CD2C-4F86-862B-7ADA4D6A2F5E} folder moved successfully.
C:\Users\Admin\AppData\Local\{5A51C231-A10B-46A3-A5B5-5663AD993FFE} folder moved successfully.
C:\Users\Admin\AppData\Local\{5AF2E172-F265-4D4C-9690-2651073961DB} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B0078AF-4664-4E99-8A98-DDF13DB66072} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B5BA6ED-1B1D-475D-8F93-5FEC32200D3F} folder moved successfully.
C:\Users\Admin\AppData\Local\{5B69C74A-BD0A-485B-B3EC-40799A0B8BD1} folder moved successfully.
C:\Users\Admin\AppData\Local\{5C73BEA4-DE80-4C13-96BA-14A134E4AEAD} folder moved successfully.
C:\Users\Admin\AppData\Local\{5C8D4AF0-A295-467F-AE4D-85C6DA710E57} folder moved successfully.
C:\Users\Admin\AppData\Local\{5E3D8B05-FC1E-49A8-ADF2-F362934D8779} folder moved successfully.
C:\Users\Admin\AppData\Local\{5E474D5E-DCB8-4EE1-AF2B-9E2EE34AC12F} folder moved successfully.
C:\Users\Admin\AppData\Local\{5EC21889-77B3-4937-98DE-94A21201D7F9} folder moved successfully.
C:\Users\Admin\AppData\Local\{5F7D930D-CD05-460B-BE95-DE8E8096D80A} folder moved successfully.
C:\Users\Admin\AppData\Local\{5FD2F237-0590-42F4-951D-6A47C149AD70} folder moved successfully.
C:\Users\Admin\AppData\Local\{5FE45541-B68C-497A-827B-4365D5E06221} folder moved successfully.
C:\Users\Admin\AppData\Local\{60410BFF-B8EE-4B50-93A2-8E71E20AFA91} folder moved successfully.
C:\Users\Admin\AppData\Local\{60917E8C-4671-49F5-8055-348A3B1F9377} folder moved successfully.
C:\Users\Admin\AppData\Local\{609FE1FD-0AF8-46E5-B04E-B1CE3D65D59A} folder moved successfully.
C:\Users\Admin\AppData\Local\{622FE24B-7EDF-468A-81BE-3AFFDFA3CA01} folder moved successfully.
C:\Users\Admin\AppData\Local\{6284626E-F0C3-49CF-B1C4-066F32F33E0C} folder moved successfully.
C:\Users\Admin\AppData\Local\{635D8570-B5C2-4B54-A92A-72C0E9204FCE} folder moved successfully.
C:\Users\Admin\AppData\Local\{643428F0-F431-4BE1-8361-9C70AE896FA7} folder moved successfully.
C:\Users\Admin\AppData\Local\{6491452D-F90B-47F5-8137-4E3F4200B9DC} folder moved successfully.
C:\Users\Admin\AppData\Local\{64C85B06-0B5A-4993-9E7F-EAE15344B03B} folder moved successfully.
C:\Users\Admin\AppData\Local\{6536789A-0BEB-466B-92A3-D0FA0812E29C} folder moved successfully.
C:\Users\Admin\AppData\Local\{65788122-10C7-4C1E-BEE8-CDEDCA92CBF1} folder moved successfully.
C:\Users\Admin\AppData\Local\{659E4521-489E-4A96-970B-32F6FF62D447} folder moved successfully.
C:\Users\Admin\AppData\Local\{66204D98-0EBF-49BB-9147-BAC296F0DD5D} folder moved successfully.
C:\Users\Admin\AppData\Local\{66A3BB6E-E5B7-4D6A-8A95-CF1EFCE363FC} folder moved successfully.
C:\Users\Admin\AppData\Local\{688D7FB2-B557-4A75-9F54-F667C8DE979A} folder moved successfully.
C:\Users\Admin\AppData\Local\{68A1D47A-BE9C-43AF-9720-9A275A5CD6A4} folder moved successfully.
C:\Users\Admin\AppData\Local\{69307B52-1CA4-4417-B213-89EC210DCE86} folder moved successfully.
C:\Users\Admin\AppData\Local\{6974EDFB-EC5D-45BB-897E-5FB43E0CF286} folder moved successfully.
C:\Users\Admin\AppData\Local\{6A3880FD-0AE5-4E6D-A41B-DC1D6694B042} folder moved successfully.
C:\Users\Admin\AppData\Local\{6AA7BAE5-1EC0-4ECF-8DAF-DBF368DC6CE4} folder moved successfully.
C:\Users\Admin\AppData\Local\{6B08597F-18EB-4F46-9318-6B73B5E89A2D} folder moved successfully.
C:\Users\Admin\AppData\Local\{6B5C106C-64EF-40FD-B42F-1B1FB20EBBA6} folder moved successfully.
C:\Users\Admin\AppData\Local\{6BCCFB05-4CFE-46AC-AFFD-49D4914776D9} folder moved successfully.
C:\Users\Admin\AppData\Local\{6C10B381-085B-452C-B206-0CCE2BEA946F} folder moved successfully.
C:\Users\Admin\AppData\Local\{6C735283-DD60-4687-8AAD-DD4E12B227F9} folder moved successfully.
C:\Users\Admin\AppData\Local\{6DE2C222-E987-4CC8-A363-D7B7EC2DAA6C} folder moved successfully.
C:\Users\Admin\AppData\Local\{6E3776F2-9B6C-4FB1-8D38-A2DAAC1DE40D} folder moved successfully.
C:\Users\Admin\AppData\Local\{6F61FF4D-957C-4839-B2CA-C58A68684C42} folder moved successfully.
C:\Users\Admin\AppData\Local\{71166EC7-2C70-41D7-8DA2-5E12CB35B580} folder moved successfully.
C:\Users\Admin\AppData\Local\{7191DC2D-9007-49A0-B846-2F68D2CCE025} folder moved successfully.
C:\Users\Admin\AppData\Local\{72B059A9-84F0-414A-BB7F-E8D7CA032366} folder moved successfully.
C:\Users\Admin\AppData\Local\{72DD09CC-3B7C-4BDC-AF04-3EC820ED6C04} folder moved successfully.
C:\Users\Admin\AppData\Local\{73298416-BD81-464E-8DF5-2433D9558C78} folder moved successfully.
C:\Users\Admin\AppData\Local\{73B248D9-D4A1-406A-B163-6B42D719FBBB} folder moved successfully.
C:\Users\Admin\AppData\Local\{73F6C0F2-FC87-4ACF-9D9A-24349A799EA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{74435246-5558-41C5-A772-0C9393CBBD4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{747AC6DC-68B1-4079-9D60-7060BB08AE97} folder moved successfully.
C:\Users\Admin\AppData\Local\{74ED2C8D-5300-4B48-9B52-ECE6015133FB} folder moved successfully.
C:\Users\Admin\AppData\Local\{7504939D-6919-4E4E-A5EA-5845653C82AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{75A2DCFC-933A-49B9-B1AD-5B9CFD31AD62} folder moved successfully.
C:\Users\Admin\AppData\Local\{75BB93F0-827D-4D1C-BF9F-6119DA14A063} folder moved successfully.
C:\Users\Admin\AppData\Local\{75D1E8B6-9997-4074-927C-5EC6B7DA2621} folder moved successfully.
C:\Users\Admin\AppData\Local\{76309B9F-1195-4175-B7F5-4815713F705D} folder moved successfully.
C:\Users\Admin\AppData\Local\{769BF7FF-26C1-4A18-83DC-84D8CF3F4AC2} folder moved successfully.
C:\Users\Admin\AppData\Local\{76AB0FCA-DA96-41C3-BC1D-AA39A575FDD6} folder moved successfully.
C:\Users\Admin\AppData\Local\{76E66AAB-9F62-497A-AE19-1B42E7EA8FC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{77351F9D-07B5-496C-BCF3-5A58BABF8C9E} folder moved successfully.
C:\Users\Admin\AppData\Local\{77FB085D-B1B9-4479-B875-6E75F94E933D} folder moved successfully.
C:\Users\Admin\AppData\Local\{78CE0C36-BCC1-486B-A7F1-494D529430A4} folder moved successfully.
C:\Users\Admin\AppData\Local\{7979C1F7-4F47-4140-83B6-3785FC25247F} folder moved successfully.
C:\Users\Admin\AppData\Local\{7A7E73DD-734D-43CA-8805-F4F16D18CEFE} folder moved successfully.
C:\Users\Admin\AppData\Local\{7ADB837A-743A-4D76-A09F-0EEFE95F3B4A} folder moved successfully.
C:\Users\Admin\AppData\Local\{7AE97A81-D470-4409-B312-3146A4D3BAA8} folder moved successfully.
C:\Users\Admin\AppData\Local\{7B1864FA-56B4-456B-A7B7-05E33A9EFA3A} folder moved successfully.
C:\Users\Admin\AppData\Local\{7C385428-5908-4DDE-8F83-FF362D0EDCFC} folder moved successfully.
C:\Users\Admin\AppData\Local\{7CC4EF15-8797-4E1F-AE47-876891DC51AC} folder moved successfully.
C:\Users\Admin\AppData\Local\{7DE6388C-BA32-42AD-A24F-32598CA0C3D8} folder moved successfully.
C:\Users\Admin\AppData\Local\{7DF6DA5C-A478-462E-8F1C-6B51B33DECF1} folder moved successfully.
C:\Users\Admin\AppData\Local\{7E12DFE3-1EFA-4280-AF1F-421DABA9B8C6} folder moved successfully.
C:\Users\Admin\AppData\Local\{7E742FE0-986D-445F-A3D9-806581966DCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{7EE9F606-75F6-43AA-909A-E44CB6695A7C} folder moved successfully.
C:\Users\Admin\AppData\Local\{7EEE02E3-5328-458C-90B0-A0FC97BB4C43} folder moved successfully.
C:\Users\Admin\AppData\Local\{80EF6A03-69A1-4E76-A307-421B73E278F0} folder moved successfully.
C:\Users\Admin\AppData\Local\{812A9044-1575-453A-A747-99BCE7D8406C} folder moved successfully.
C:\Users\Admin\AppData\Local\{81C6544F-06D6-4F5E-B24D-CA51B353B3B0} folder moved successfully.
C:\Users\Admin\AppData\Local\{82DC6DD4-A893-49B0-830E-2D7DA39A7202} folder moved successfully.
C:\Users\Admin\AppData\Local\{83345BD3-A3F0-4A91-9F15-83907DD02E47} folder moved successfully.
C:\Users\Admin\AppData\Local\{83491308-B7E7-4499-B72F-1A3DD7E21994} folder moved successfully.
C:\Users\Admin\AppData\Local\{841B4F7B-EB9F-4176-8042-0314B2F37676} folder moved successfully.
C:\Users\Admin\AppData\Local\{84615652-B8DE-4CE7-82C1-772D7F762DCF} folder moved successfully.
C:\Users\Admin\AppData\Local\{846B77EB-C3B4-4274-8D81-1255912339FB} folder moved successfully.
C:\Users\Admin\AppData\Local\{8500EC66-86BE-4857-97D3-53221698FC9A} folder moved successfully.
C:\Users\Admin\AppData\Local\{8512C35B-0A18-42DB-9052-F1A54C75E13C} folder moved successfully.
C:\Users\Admin\AppData\Local\{856A7DD8-F1FD-409C-8CB4-8E6EFCC81430} folder moved successfully.
C:\Users\Admin\AppData\Local\{85744BC4-F0C9-4E35-A856-E83CE51467C8} folder moved successfully.
C:\Users\Admin\AppData\Local\{870EF4CF-D500-457E-9804-9B8AFC874C47} folder moved successfully.
C:\Users\Admin\AppData\Local\{877604CB-2FAE-41C7-B16E-5B7E76A6CEE1} folder moved successfully.
C:\Users\Admin\AppData\Local\{87BC6BF3-F258-4383-AA17-CEF9EAF755C4} folder moved successfully.
C:\Users\Admin\AppData\Local\{87EC3C68-0DC7-4889-9BAF-5E95B0DED2DC} folder moved successfully.
C:\Users\Admin\AppData\Local\{888F8F53-E215-4636-833B-71AF3A2AF774} folder moved successfully.
C:\Users\Admin\AppData\Local\{8908AF5C-3840-4250-82F4-858D0D158E3E} folder moved successfully.
C:\Users\Admin\AppData\Local\{89A8FB2A-9EBF-42BF-9CB9-CF9256C42AB5} folder moved successfully.
C:\Users\Admin\AppData\Local\{89CA8D3E-9A77-4B3F-A2A1-257785687238} folder moved successfully.
C:\Users\Admin\AppData\Local\{8B7B54FF-6844-461E-98E0-A862978DBD0C} folder moved successfully.
C:\Users\Admin\AppData\Local\{8D6B5B0A-EA93-458A-BA6E-BCAC9E56BB53} folder moved successfully.
C:\Users\Admin\AppData\Local\{8E295A32-7808-4516-9CBA-A28B6B9662D9} folder moved successfully.
C:\Users\Admin\AppData\Local\{8EA4EEBA-E7EC-4CE0-A1AA-21A8450BA325} folder moved successfully.
C:\Users\Admin\AppData\Local\{904FA62A-CC84-472B-9C8B-DA2939382AA0} folder moved successfully.
C:\Users\Admin\AppData\Local\{913B671C-B73A-4D63-8E37-A9B97CD2EDAF} folder moved successfully.
C:\Users\Admin\AppData\Local\{9295C6A3-65D2-4328-9529-C3A555C1240E} folder moved successfully.
C:\Users\Admin\AppData\Local\{9317CBAB-C5CC-4BBA-8E2B-12ED459C2C8E} folder moved successfully.
C:\Users\Admin\AppData\Local\{932669C6-1F55-4588-9EF8-D445FE61746D} folder moved successfully.
C:\Users\Admin\AppData\Local\{9498AAB5-CA52-4B23-9EA5-AC3895D1829A} folder moved successfully.
C:\Users\Admin\AppData\Local\{94C673DF-FAE7-4BD7-B750-FB37401E4607} folder moved successfully.
C:\Users\Admin\AppData\Local\{97E43181-84FF-4C6F-AA0A-58EBCCC3CE1E} folder moved successfully.
C:\Users\Admin\AppData\Local\{98F52FCC-923A-4811-AA09-DD5D9959F205} folder moved successfully.
C:\Users\Admin\AppData\Local\{99286F94-AAED-41FE-9AEA-B99D6E74B0D0} folder moved successfully.
C:\Users\Admin\AppData\Local\{996CB169-560B-422D-AE37-E23B645323B2} folder moved successfully.
C:\Users\Admin\AppData\Local\{9A995EFE-110E-47EB-A491-36B242F44BC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{9AB84523-DEC1-409B-B26B-14F442B257E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{9ACDC4C1-2481-4F0C-969A-0B250DE5D334} folder moved successfully.
C:\Users\Admin\AppData\Local\{9BB7A1B4-774E-475E-A592-DCC7CAD04BAB} folder moved successfully.
C:\Users\Admin\AppData\Local\{9DBED515-CAD0-41F1-B925-8E69BEBCD0D7} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E6E0195-A1EE-4A6E-998E-60DE21094C52} folder moved successfully.
C:\Users\Admin\AppData\Local\{9E8D9612-39DC-4F3D-8DD7-949E6B5436C8} folder moved successfully.
C:\Users\Admin\AppData\Local\{9ECD7734-6F1A-45C8-B888-0A2272A8C0EC} folder moved successfully.
C:\Users\Admin\AppData\Local\{9EE93812-177F-4208-8743-440E953CD8BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{9FC4300C-CD28-452B-8EA6-4ACE910F9CF6} folder moved successfully.
C:\Users\Admin\AppData\Local\{9FEF158D-A9FA-42C4-B20F-C2F93830A1B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{A00E86D1-192C-4446-ABC8-594D7BA747E8} folder moved successfully.
C:\Users\Admin\AppData\Local\{A051A8E5-9437-48C6-8F1E-A3EFBD8D4AD9} folder moved successfully.
C:\Users\Admin\AppData\Local\{A052AA89-4036-4663-A556-907AE18EFBCD} folder moved successfully.
C:\Users\Admin\AppData\Local\{A198DFB3-6822-4C84-A502-35721AAD5BE1} folder moved successfully.
C:\Users\Admin\AppData\Local\{A408568C-9E67-4CF7-8966-4302F85C37B3} folder moved successfully.
C:\Users\Admin\AppData\Local\{A4583D49-B0A5-4EDB-BF3F-F4D3867C5EEF} folder moved successfully.
C:\Users\Admin\AppData\Local\{A52A845F-E90F-42ED-A5C2-F9D02BF8A5D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{A53BEEFC-7796-4EE9-9089-A06BC7E65741} folder moved successfully.
C:\Users\Admin\AppData\Local\{A54A6210-F201-49BF-8860-E893A3955059} folder moved successfully.
C:\Users\Admin\AppData\Local\{A5BA3D0D-3BF6-4ADC-A22C-7A833B7CAEC4} folder moved successfully.
C:\Users\Admin\AppData\Local\{A5F55B5D-86FA-4A30-BF89-FEC3661C3E99} folder moved successfully.
C:\Users\Admin\AppData\Local\{A935BC1C-85AD-46E6-9E1D-2A40D54076D5} folder moved successfully.
C:\Users\Admin\AppData\Local\{A9667B21-D834-4D5E-B165-B98CC4A967CB} folder moved successfully.
C:\Users\Admin\AppData\Local\{A9E32716-D70E-4FD5-B027-5E65763242DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{AA9BE1E5-EC3F-4D3D-9595-281C6A257EBF} folder moved successfully.
C:\Users\Admin\AppData\Local\{AB9ACBF9-7885-4D9F-A709-23547B6B1FBD} folder moved successfully.
C:\Users\Admin\AppData\Local\{AC21C114-4C76-4BCF-A87F-3C443807BD61} folder moved successfully.
C:\Users\Admin\AppData\Local\{AE8B9E44-7559-4253-A28A-63DEC8F1A4B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF253593-B74B-4410-AA68-3DF66D1C554B} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF4ED743-D747-4D89-836E-1941B6E45DF3} folder moved successfully.
C:\Users\Admin\AppData\Local\{AF9C2B69-FF7A-4EFD-A7F8-6D9219254F4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B02C9B16-98A2-4373-A8F2-FE10F6BEC95F} folder moved successfully.
C:\Users\Admin\AppData\Local\{B06D61BF-1948-49C6-9861-A15347A49770} folder moved successfully.
C:\Users\Admin\AppData\Local\{B08CE8B2-3897-429B-BB95-B55D6917790B} folder moved successfully.
C:\Users\Admin\AppData\Local\{B1936B4A-AC72-4D9E-BFCA-11BF783CDC85} folder moved successfully.
C:\Users\Admin\AppData\Local\{B219EBE4-4D8B-4442-B576-2C752BE25BC5} folder moved successfully.
C:\Users\Admin\AppData\Local\{B24F1250-B4E4-4BB0-8934-815E67E6BB90} folder moved successfully.
C:\Users\Admin\AppData\Local\{B3C11412-FDE0-4494-BFD7-1388D5BE00CE} folder moved successfully.
C:\Users\Admin\AppData\Local\{B4AEA2A0-63F1-426F-8BCA-6C925AD823CB} folder moved successfully.
C:\Users\Admin\AppData\Local\{B50364D4-E944-49D5-AF79-E5975DCDD245} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5245818-1B2A-4B49-86C2-1A3EDD896225} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5ABD890-66F8-4325-A5C4-4B3198C7A705} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5C1942E-8F65-43AF-97AD-DCF1240797AE} folder moved successfully.
C:\Users\Admin\AppData\Local\{B5C3044E-C717-4DD1-9F8F-08A14F2C8DF7} folder moved successfully.
C:\Users\Admin\AppData\Local\{B60DFC6D-5951-4FFF-9E17-8C33E053E7A0} folder moved successfully.
C:\Users\Admin\AppData\Local\{B63AB85C-1F4D-4BB5-BA22-9791DDD727F4} folder moved successfully.
C:\Users\Admin\AppData\Local\{B6DCFE41-20A0-4496-A42B-6C88432B9146} folder moved successfully.
C:\Users\Admin\AppData\Local\{B7EA74DD-0EDC-4267-8E5F-E3CC727A56D1} folder moved successfully.
C:\Users\Admin\AppData\Local\{B801BCE5-9C17-47E0-91D3-348F70B9CBC1} folder moved successfully.
C:\Users\Admin\AppData\Local\{B815ED10-4C94-4EB6-991C-60F08592B1DF} folder moved successfully.
C:\Users\Admin\AppData\Local\{B830D009-F431-4F7E-A9FF-1B4E67391116} folder moved successfully.
C:\Users\Admin\AppData\Local\{B86A2BE0-B577-470E-B043-5C0DF323237E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B9196145-52DF-4B9D-AB3E-AB97A0ADC57E} folder moved successfully.
C:\Users\Admin\AppData\Local\{B93F5A4F-9557-4676-B016-846D89F65C85} folder moved successfully.
C:\Users\Admin\AppData\Local\{BAAB6E8C-2118-4F04-97F2-A77FBC8B6508} folder moved successfully.
C:\Users\Admin\AppData\Local\{BB4B9C24-C360-4C05-8E33-C382CF206566} folder moved successfully.
C:\Users\Admin\AppData\Local\{BB85160F-E8AB-4FD2-9FCC-96AB798EBFD2} folder moved successfully.
C:\Users\Admin\AppData\Local\{BBA3143C-72F4-4BA5-A17F-6FA476FE9956} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD1C463D-BD77-4117-85AD-40D477889DCC} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD610DD2-D7B3-472C-8E9A-28DB1048ECA4} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD68E90B-7866-41F3-910D-7BD4576022B6} folder moved successfully.
C:\Users\Admin\AppData\Local\{BD87BE83-3954-492F-A35C-D32E01184981} folder moved successfully.
C:\Users\Admin\AppData\Local\{BE76D23E-E414-410D-9DF4-9BE96859B145} folder moved successfully.
C:\Users\Admin\AppData\Local\{BEA77777-D93C-4EC3-B4F1-63F96D7A79B5} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF3C2E74-7E0C-4673-9209-8FAC546B2017} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF3EF24C-2DC8-46E8-8D58-07D4918272EE} folder moved successfully.
C:\Users\Admin\AppData\Local\{BF5904E2-70AD-40B0-9DBC-FCDEB90F45FD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C0FE7E19-1C40-43EA-87D6-D64959AED31E} folder moved successfully.
C:\Users\Admin\AppData\Local\{C18B5654-E7AF-4417-807F-77A40FBFBBBD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C1F57301-6EFB-4C9A-88C3-ACC26380C19D} folder moved successfully.
C:\Users\Admin\AppData\Local\{C223F870-6A79-4BCD-A7ED-0CBBBA87E1D6} folder moved successfully.
C:\Users\Admin\AppData\Local\{C2845A8A-8876-4FBB-88A0-9C51B26390BD} folder moved successfully.
C:\Users\Admin\AppData\Local\{C2EDBE81-CC38-4495-B020-3BBB53654B54} folder moved successfully.
C:\Users\Admin\AppData\Local\{C3208DFB-9CE5-464F-939F-C00BA6A50D8C} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4162759-DAA9-46DE-A038-4DA853173C5B} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4296B36-36CF-4915-8DD5-C56E3E45BB1C} folder moved successfully.
C:\Users\Admin\AppData\Local\{C4F2BF72-054D-4F55-848F-A070866C29A6} folder moved successfully.
C:\Users\Admin\AppData\Local\{C5400866-BF67-40F7-9F66-ABB343E39D1B} folder moved successfully.
C:\Users\Admin\AppData\Local\{C5680412-9369-47F8-9322-7492982C9332} folder moved successfully.
C:\Users\Admin\AppData\Local\{C64E648C-838A-4C61-82A5-B61E7D16E7E9} folder moved successfully.
C:\Users\Admin\AppData\Local\{C810CDC7-F8E9-48F0-98E5-892555895259} folder moved successfully.
C:\Users\Admin\AppData\Local\{C83C037E-AD6F-4B17-B508-E7787DAB2B56} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB0B7848-DB40-434E-83FA-BE45BFDDAC71} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB234404-7E1E-4BBB-ADEF-DD92F31D89B2} folder moved successfully.
C:\Users\Admin\AppData\Local\{CB2D0615-7095-4AE1-B1E3-D585B383D386} folder moved successfully.
C:\Users\Admin\AppData\Local\{CCABA481-55D9-4A62-8B3D-07531ADC852A} folder moved successfully.
C:\Users\Admin\AppData\Local\{CCE7C76E-A897-4685-A151-B57BC2010B8F} folder moved successfully.
C:\Users\Admin\AppData\Local\{CD59E1FE-F93A-4DD7-AD3D-F1B8DC05B5E4} folder moved successfully.
C:\Users\Admin\AppData\Local\{CD698BF9-C496-43A8-BE6D-A7A6FC46F0F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{CEA10E36-9271-4556-9367-133BE898A12F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D027A15E-903B-4AAA-A89F-27284BA4286D} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0AECFE1-738B-45B3-B7CB-B888CE6C47CD} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0BE226E-8765-410F-ABC2-2CB5654D6B77} folder moved successfully.
C:\Users\Admin\AppData\Local\{D0E1C5AE-7DE1-4EBD-8324-BBD987227F7E} folder moved successfully.
C:\Users\Admin\AppData\Local\{D10A57D5-EC9A-4084-9565-962928919A53} folder moved successfully.
C:\Users\Admin\AppData\Local\{D120FC4F-51E5-403D-A671-F3CEB78413D3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D23DACE7-0D3F-433A-97A7-A44FA65FA750} folder moved successfully.
C:\Users\Admin\AppData\Local\{D45282A9-0B64-4C61-9A3D-91B8F9A7185A} folder moved successfully.
C:\Users\Admin\AppData\Local\{D5E686C3-89C0-4EE9-A2FA-12A01B155AE7} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6515423-608D-4415-AED4-9030DD10E857} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6856003-8951-4CA2-B060-E8DEC4914715} folder moved successfully.
C:\Users\Admin\AppData\Local\{D6897422-259A-4E65-A38D-69F758ED4160} folder moved successfully.
C:\Users\Admin\AppData\Local\{D689F2C7-86C3-4029-A1E6-778C6A9ECC3C} folder moved successfully.
C:\Users\Admin\AppData\Local\{D765F5D7-7F4A-468C-9546-286AEDAD974C} folder moved successfully.
C:\Users\Admin\AppData\Local\{D7E69B67-297E-44A9-A826-E985DFEE8F5F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D826EFEE-30BC-49E6-9C4C-FAAB85266BA3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D8537C8D-256E-48C7-A9A8-C46EA1E49FCE} folder moved successfully.
C:\Users\Admin\AppData\Local\{D8719D94-1618-487E-838B-39D9384FEC0F} folder moved successfully.
C:\Users\Admin\AppData\Local\{D911BB82-C65F-4FBC-B237-F76A11C7E5F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{D923B036-A8EB-4195-B2C0-F5DAF1C7A580} folder moved successfully.
C:\Users\Admin\AppData\Local\{DA29A98A-B26A-42B0-86E6-A4C21207C62A} folder moved successfully.
C:\Users\Admin\AppData\Local\{DABDD214-58CF-48D7-8AC4-8238DB5BFD1A} folder moved successfully.
C:\Users\Admin\AppData\Local\{DB34D0CC-E907-40F5-8D99-24B1CD5483DA} folder moved successfully.
C:\Users\Admin\AppData\Local\{DB8D4861-6B7B-43B5-9B89-AF9946BAFEE0} folder moved successfully.
C:\Users\Admin\AppData\Local\{DC8F82D9-8FA1-43E4-8E00-E98145D94920} folder moved successfully.
C:\Users\Admin\AppData\Local\{DD8EAC9A-3B46-454E-B4CD-2E54FAC71D4E} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF0A46AD-3E0A-403B-9F97-1BDE8B6F43ED} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF335167-D955-49C8-8195-39DCDD305F65} folder moved successfully.
C:\Users\Admin\AppData\Local\{DF62C9D6-8B70-479D-A0F5-40C1CD051F7D} folder moved successfully.
C:\Users\Admin\AppData\Local\{E04E67BC-54BB-418F-9D4F-2671FF23C799} folder moved successfully.
C:\Users\Admin\AppData\Local\{E07061D7-E84F-4697-8421-5CEC02462459} folder moved successfully.
C:\Users\Admin\AppData\Local\{E24E813D-252C-4DCB-8578-885F1D5DCD4C} folder moved successfully.
C:\Users\Admin\AppData\Local\{E2DBF1BC-1C9A-415D-AFC0-6E6B7340C951} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3085C85-C7A6-481F-AF5C-38B33BF0BE46} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3433796-D44D-4225-814F-B76724C305EB} folder moved successfully.
C:\Users\Admin\AppData\Local\{E3C9783D-CEFA-4E1F-97D4-4B251B6557F3} folder moved successfully.
C:\Users\Admin\AppData\Local\{E4E0FCEF-BC6B-4EFD-B623-8DF3E44F01F6} folder moved successfully.
C:\Users\Admin\AppData\Local\{E55957D0-FDFC-4FE8-AC9A-71FB1D1B32B3} folder moved successfully.
C:\Users\Admin\AppData\Local\{E61694A1-92F7-40C9-AF93-9B3AA8ED73E5} folder moved successfully.
C:\Users\Admin\AppData\Local\{E6A36DEF-BA14-46B0-9917-B32A3AE6A9CA} folder moved successfully.
C:\Users\Admin\AppData\Local\{E6F014DC-046C-46F7-BE93-1AD051DAFB0B} folder moved successfully.
C:\Users\Admin\AppData\Local\{E7119FEF-B2AE-49A5-8A1A-DD8B2016B09A} folder moved successfully.
C:\Users\Admin\AppData\Local\{E72D5087-DA3F-423B-94B3-12DCF2441637} folder moved successfully.
C:\Users\Admin\AppData\Local\{E7D742AF-FAB1-4D50-9825-A3C6B4EB315B} folder moved successfully.
C:\Users\Admin\AppData\Local\{E96780E5-BDE8-4091-B7A8-B41F666C5927} folder moved successfully.
C:\Users\Admin\AppData\Local\{E9F7E157-B864-4414-9F53-F2DBBD271F8A} folder moved successfully.
C:\Users\Admin\AppData\Local\{EB13064B-4D32-4877-89CE-0665D1096941} folder moved successfully.
C:\Users\Admin\AppData\Local\{ECA60E6E-C336-4D0E-AEF2-68EF4CBDCA5F} folder moved successfully.
C:\Users\Admin\AppData\Local\{ECBF4C9E-C860-47EF-8195-7981362E9A04} folder moved successfully.
C:\Users\Admin\AppData\Local\{EF7E52B2-6EA9-48AD-BF0B-20492DEF7CA5} folder moved successfully.
C:\Users\Admin\AppData\Local\{F1522562-C505-420E-AD51-70FBD57102B1} folder moved successfully.
C:\Users\Admin\AppData\Local\{F2B3AD64-D206-4748-96B4-18456D462C10} folder moved successfully.
C:\Users\Admin\AppData\Local\{F400885D-93E9-491E-9340-E74A77C83306} folder moved successfully.
C:\Users\Admin\AppData\Local\{F514A68B-5F5D-4668-AE5A-EEB2D7B46C37} folder moved successfully.
C:\Users\Admin\AppData\Local\{F606C923-D50A-47E8-913F-C452BF376131} folder moved successfully.
C:\Users\Admin\AppData\Local\{F608FDB7-B0A2-44B4-AB72-D140463A2544} folder moved successfully.
C:\Users\Admin\AppData\Local\{F66F8659-9B5F-4A05-9CF8-99A50BF6B916} folder moved successfully.
C:\Users\Admin\AppData\Local\{F73E9B8F-3222-494D-A315-D971686064FF} folder moved successfully.
C:\Users\Admin\AppData\Local\{F7BA2EA1-7768-464E-8000-66BB52219B0F} folder moved successfully.
C:\Users\Admin\AppData\Local\{F8326B39-A9B6-4BF5-A74E-FA3DB14F24A8} folder moved successfully.
C:\Users\Admin\AppData\Local\{F85BB833-4993-4E72-9E2B-D54662CBF2C5} folder moved successfully.
C:\Users\Admin\AppData\Local\{F884DE21-6618-46FC-A172-0840BD08800A} folder moved successfully.
C:\Users\Admin\AppData\Local\{F97E145D-1798-4B06-AFD6-9D5D23981FE4} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA1D88AB-EEDC-47BC-B30D-7B363EEAAC09} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA2EFF7B-EB95-405D-BC3B-427F8EB89CFF} folder moved successfully.
C:\Users\Admin\AppData\Local\{FA5E4F6B-2CB5-4C13-B692-38B813F5A89D} folder moved successfully.
C:\Users\Admin\AppData\Local\{FAEC9E45-0FD0-42ED-BB60-E12A86032029} folder moved successfully.
C:\Users\Admin\AppData\Local\{FB6D394B-9FAD-4E2F-88C2-8740F538A7AE} folder moved successfully.
C:\Users\Admin\AppData\Local\{FC968916-7763-4905-9676-7FE2799A0144} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE0A7E62-1C4C-437A-A6A2-0053A85A113F} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE509DDE-5A77-4734-9235-40720463891D} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE6504FB-27F2-45ED-90BB-2C8AA167A511} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE7C00A9-53E6-4D03-BE51-3D18632B124F} folder moved successfully.
C:\Users\Admin\AppData\Local\{FE943F8A-8968-44D9-9F2F-966063917C2A} folder moved successfully.
C:\Users\Admin\AppData\Local\{FFE11F33-B207-448B-A71E-107B097AF88E} folder moved successfully.
C:\Users\Admin\AppData\Local\{FFEEB751-EA1F-4DE7-B5CF-9AC0D2EA3D4D} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 3600655307 bytes
->Temporary Internet Files folder emptied: 489338633 bytes
->Java cache emptied: 1590544 bytes
->FireFox cache emptied: 80686943 bytes
->Google Chrome cache emptied: 21029976 bytes
->Flash cache emptied: 5676 bytes
User: Default
->Flash cache emptied: 56466 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2336215 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 614820188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 6452038815 bytes
Total Files Cleaned = 10.741,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12222011_220451
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\McAfeeLogs\UpdaterUI_ADMIN-PC.log moved successfully.
C:\Users\Admin\AppData\Local\Temp\McAfeeLogs\UpdaterUI_ADMIN-PC_error.log moved successfully.
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Rob. |
|
22.12.2011, 22:47
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2011, 23:28
| #14 |
| | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" und hier: Code:
ATTFilter 23:26:48.0396 2140 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27
23:26:48.0474 2140 ============================================================
23:26:48.0474 2140 Current date / time: 2011/12/22 23:26:48.0474
23:26:48.0474 2140 SystemInfo:
23:26:48.0474 2140
23:26:48.0474 2140 OS Version: 6.1.7601 ServicePack: 1.0
23:26:48.0474 2140 Product type: Workstation
23:26:48.0474 2140 ComputerName: ADMIN-PC
23:26:48.0474 2140 UserName: Admin
23:26:48.0474 2140 Windows directory: C:\Windows
23:26:48.0474 2140 System windows directory: C:\Windows
23:26:48.0474 2140 Running under WOW64
23:26:48.0474 2140 Processor architecture: Intel x64
23:26:48.0474 2140 Number of processors: 4
23:26:48.0474 2140 Page size: 0x1000
23:26:48.0474 2140 Boot type: Normal boot
23:26:48.0474 2140 ============================================================
23:26:49.0238 2140 Initialize success
23:26:55.0400 4160 ============================================================
23:26:55.0400 4160 Scan started
23:26:55.0400 4160 Mode: Manual; SigCheck; TDLFS;
23:26:55.0400 4160 ============================================================
23:26:55.0806 4160 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:26:55.0868 4160 1394ohci - ok
23:26:55.0884 4160 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:26:55.0899 4160 ACPI - ok
23:26:55.0915 4160 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:26:55.0915 4160 AcpiPmi - ok
23:26:55.0977 4160 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:26:56.0008 4160 adp94xx - ok
23:26:56.0024 4160 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:26:56.0024 4160 adpahci - ok
23:26:56.0040 4160 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:26:56.0040 4160 adpu320 - ok
23:26:56.0102 4160 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:26:56.0118 4160 AFD - ok
23:26:56.0133 4160 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:26:56.0149 4160 agp440 - ok
23:26:56.0164 4160 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:26:56.0164 4160 aliide - ok
23:26:56.0180 4160 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:26:56.0180 4160 amdide - ok
23:26:56.0196 4160 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:26:56.0211 4160 AmdK8 - ok
23:26:56.0227 4160 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:26:56.0227 4160 AmdPPM - ok
23:26:56.0258 4160 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:26:56.0258 4160 amdsata - ok
23:26:56.0274 4160 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:26:56.0289 4160 amdsbs - ok
23:26:56.0305 4160 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:26:56.0305 4160 amdxata - ok
23:26:56.0336 4160 AnyDVD (2c4a05fcef72ef614dcd11d0872498c9) C:\Windows\system32\Drivers\AnyDVD.sys
23:26:56.0367 4160 AnyDVD - ok
23:26:56.0398 4160 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:26:56.0414 4160 AppID - ok
23:26:56.0430 4160 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:26:56.0445 4160 arc - ok
23:26:56.0445 4160 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:26:56.0461 4160 arcsas - ok
23:26:56.0476 4160 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:56.0492 4160 AsyncMac - ok
23:26:56.0523 4160 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:26:56.0523 4160 atapi - ok
23:26:56.0539 4160 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
23:26:56.0554 4160 AthBTPort - ok
23:26:56.0570 4160 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
23:26:56.0586 4160 ATHDFU - ok
23:26:56.0617 4160 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:26:56.0632 4160 b06bdrv - ok
23:26:56.0648 4160 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:26:56.0664 4160 b57nd60a - ok
23:26:56.0679 4160 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:26:56.0710 4160 Beep - ok
23:26:56.0726 4160 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:26:56.0742 4160 blbdrive - ok
23:26:56.0773 4160 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:26:56.0788 4160 bowser - ok
23:26:56.0804 4160 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:26:56.0820 4160 BrFiltLo - ok
23:26:56.0835 4160 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:26:56.0835 4160 BrFiltUp - ok
23:26:56.0866 4160 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:26:56.0866 4160 Brserid - ok
23:26:56.0882 4160 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:26:56.0898 4160 BrSerWdm - ok
23:26:56.0913 4160 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:26:56.0929 4160 BrUsbMdm - ok
23:26:56.0929 4160 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:26:56.0944 4160 BrUsbSer - ok
23:26:56.0960 4160 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
23:26:56.0976 4160 BTATH_A2DP - ok
23:26:56.0991 4160 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
23:26:56.0991 4160 BTATH_BUS - ok
23:26:57.0007 4160 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:26:57.0022 4160 BTATH_HCRP - ok
23:26:57.0022 4160 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:26:57.0038 4160 BTATH_LWFLT - ok
23:26:57.0054 4160 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
23:26:57.0054 4160 BTATH_RCP - ok
23:26:57.0085 4160 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
23:26:57.0085 4160 BtFilter - ok
23:26:57.0132 4160 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:26:57.0132 4160 BthEnum - ok
23:26:57.0147 4160 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:26:57.0163 4160 BTHMODEM - ok
23:26:57.0163 4160 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:26:57.0178 4160 BthPan - ok
23:26:57.0225 4160 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:26:57.0225 4160 BTHPORT - ok
23:26:57.0256 4160 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:26:57.0272 4160 BTHUSB - ok
23:26:57.0303 4160 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:26:57.0334 4160 cdfs - ok
23:26:57.0366 4160 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:26:57.0381 4160 cdrom - ok
23:26:57.0397 4160 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:26:57.0412 4160 circlass - ok
23:26:57.0459 4160 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:26:57.0475 4160 CLFS - ok
23:26:57.0522 4160 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:26:57.0522 4160 CmBatt - ok
23:26:57.0553 4160 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:26:57.0568 4160 cmdide - ok
23:26:57.0600 4160 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:26:57.0631 4160 CNG - ok
23:26:57.0646 4160 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:26:57.0646 4160 Compbatt - ok
23:26:57.0662 4160 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:26:57.0678 4160 CompositeBus - ok
23:26:57.0693 4160 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:26:57.0693 4160 crcdisk - ok
23:26:57.0724 4160 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
23:26:57.0740 4160 CVirtA - ok
23:26:57.0756 4160 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
23:26:57.0771 4160 CVPNDRVA - ok
23:26:57.0802 4160 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:26:57.0818 4160 DfsC - ok
23:26:57.0818 4160 dgderdrv - ok
23:26:57.0849 4160 dg_ssudbus (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
23:26:57.0849 4160 dg_ssudbus - ok
23:26:57.0880 4160 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:26:57.0896 4160 discache - ok
23:26:57.0927 4160 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:26:57.0927 4160 Disk - ok
23:26:57.0943 4160 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
23:26:57.0958 4160 DNE - ok
23:26:57.0990 4160 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:26:58.0005 4160 drmkaud - ok
23:26:58.0052 4160 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:26:58.0083 4160 DXGKrnl - ok
23:26:58.0130 4160 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
23:26:58.0146 4160 e1cexpress - ok
23:26:58.0208 4160 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:26:58.0239 4160 ebdrv - ok
23:26:58.0286 4160 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:26:58.0302 4160 ElbyCDIO - ok
23:26:58.0333 4160 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:26:58.0348 4160 elxstor - ok
23:26:58.0380 4160 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:26:58.0395 4160 ErrDev - ok
23:26:58.0411 4160 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:26:58.0426 4160 exfat - ok
23:26:58.0442 4160 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:26:58.0473 4160 fastfat - ok
23:26:58.0489 4160 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:26:58.0504 4160 fdc - ok
23:26:58.0520 4160 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:26:58.0520 4160 FileInfo - ok
23:26:58.0520 4160 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:26:58.0551 4160 Filetrace - ok
23:26:58.0567 4160 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:26:58.0567 4160 flpydisk - ok
23:26:58.0598 4160 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:26:58.0614 4160 FltMgr - ok
23:26:58.0629 4160 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:26:58.0629 4160 FsDepends - ok
23:26:58.0660 4160 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:26:58.0676 4160 fssfltr - ok
23:26:58.0692 4160 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:26:58.0707 4160 Fs_Rec - ok
23:26:58.0738 4160 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:26:58.0754 4160 fvevol - ok
23:26:58.0770 4160 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:26:58.0770 4160 gagp30kx - ok
23:26:58.0832 4160 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:26:58.0848 4160 GEARAspiWDM - ok
23:26:58.0910 4160 GPU-Z - ok
23:26:58.0941 4160 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:26:58.0972 4160 hcw85cir - ok
23:26:59.0019 4160 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:26:59.0035 4160 HdAudAddService - ok
23:26:59.0066 4160 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:26:59.0082 4160 HDAudBus - ok
23:26:59.0097 4160 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:26:59.0113 4160 HidBatt - ok
23:26:59.0113 4160 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:26:59.0128 4160 HidBth - ok
23:26:59.0144 4160 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:26:59.0160 4160 HidIr - ok
23:26:59.0191 4160 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:26:59.0206 4160 HidUsb - ok
23:26:59.0222 4160 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:26:59.0238 4160 HpSAMD - ok
23:26:59.0269 4160 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:26:59.0316 4160 HTTP - ok
23:26:59.0347 4160 hwdatacard - ok
23:26:59.0362 4160 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:26:59.0378 4160 hwpolicy - ok
23:26:59.0409 4160 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:26:59.0425 4160 i8042prt - ok
23:26:59.0456 4160 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:26:59.0472 4160 iaStorV - ok
23:26:59.0503 4160 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:26:59.0503 4160 iirsp - ok
23:26:59.0581 4160 IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
23:26:59.0628 4160 IntcAzAudAddService - ok
23:26:59.0643 4160 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:26:59.0643 4160 intelide - ok
23:26:59.0659 4160 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:26:59.0674 4160 intelppm - ok
23:26:59.0706 4160 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:26:59.0737 4160 IpFilterDriver - ok
23:26:59.0768 4160 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:26:59.0768 4160 IPMIDRV - ok
23:26:59.0784 4160 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:26:59.0815 4160 IPNAT - ok
23:26:59.0846 4160 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:26:59.0877 4160 IRENUM - ok
23:26:59.0877 4160 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:26:59.0893 4160 isapnp - ok
23:26:59.0908 4160 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:26:59.0924 4160 iScsiPrt - ok
23:26:59.0940 4160 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:26:59.0940 4160 kbdclass - ok
23:26:59.0955 4160 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:26:59.0971 4160 kbdhid - ok
23:26:59.0986 4160 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:26:59.0986 4160 KSecDD - ok
23:27:00.0049 4160 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:27:00.0064 4160 KSecPkg - ok
23:27:00.0127 4160 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:27:00.0174 4160 ksthunk - ok
23:27:00.0220 4160 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:27:00.0236 4160 lltdio - ok
23:27:00.0252 4160 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:27:00.0252 4160 LSI_FC - ok
23:27:00.0267 4160 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:27:00.0283 4160 LSI_SAS - ok
23:27:00.0283 4160 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:27:00.0298 4160 LSI_SAS2 - ok
23:27:00.0298 4160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:27:00.0314 4160 LSI_SCSI - ok
23:27:00.0314 4160 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:27:00.0345 4160 luafv - ok
23:27:00.0376 4160 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:27:00.0376 4160 megasas - ok
23:27:00.0408 4160 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:27:00.0408 4160 MegaSR - ok
23:27:00.0439 4160 mfeapfk (0d121a46e0148a3bc941fa3bb0269329) C:\Windows\system32\drivers\mfeapfk.sys
23:27:00.0454 4160 mfeapfk - ok
23:27:00.0470 4160 mfeavfk (93f251905c028809ffb49f95a63fcbc9) C:\Windows\system32\drivers\mfeavfk.sys
23:27:00.0501 4160 mfeavfk - ok
23:27:00.0517 4160 mfeavfk01 - ok
23:27:00.0564 4160 mfehidk (a282a937127ea7b15eb85559e59ae576) C:\Windows\system32\drivers\mfehidk.sys
23:27:00.0579 4160 mfehidk - ok
23:27:00.0595 4160 mferkdet (04d7e0e2a48730a1c535837f105e6352) C:\Windows\system32\drivers\mferkdet.sys
23:27:00.0610 4160 mferkdet - ok
23:27:00.0626 4160 mfewfpk (325dd1031cfd71bd4d8afdb1faaf3bea) C:\Windows\system32\drivers\mfewfpk.sys
23:27:00.0642 4160 mfewfpk - ok
23:27:00.0673 4160 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:27:00.0688 4160 Modem - ok
23:27:00.0704 4160 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:27:00.0704 4160 monitor - ok
23:27:00.0735 4160 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:27:00.0735 4160 mouclass - ok
23:27:00.0751 4160 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:27:00.0751 4160 mouhid - ok
23:27:00.0782 4160 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:27:00.0798 4160 mountmgr - ok
23:27:00.0813 4160 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:27:00.0813 4160 mpio - ok
23:27:00.0829 4160 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:27:00.0844 4160 mpsdrv - ok
23:27:00.0876 4160 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:27:00.0876 4160 MRxDAV - ok
23:27:00.0907 4160 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:27:00.0922 4160 mrxsmb - ok
23:27:00.0954 4160 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:27:00.0954 4160 mrxsmb10 - ok
23:27:00.0985 4160 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:27:01.0000 4160 mrxsmb20 - ok
23:27:01.0032 4160 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:27:01.0032 4160 msahci - ok
23:27:01.0047 4160 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:27:01.0063 4160 msdsm - ok
23:27:01.0078 4160 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:27:01.0110 4160 Msfs - ok
23:27:01.0125 4160 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:27:01.0141 4160 mshidkmdf - ok
23:27:01.0156 4160 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:27:01.0156 4160 msisadrv - ok
23:27:01.0188 4160 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:27:01.0203 4160 MSKSSRV - ok
23:27:01.0219 4160 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:27:01.0250 4160 MSPCLOCK - ok
23:27:01.0250 4160 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:27:01.0281 4160 MSPQM - ok
23:27:01.0312 4160 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:27:01.0328 4160 MsRPC - ok
23:27:01.0359 4160 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:27:01.0359 4160 mssmbios - ok
23:27:01.0375 4160 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:27:01.0390 4160 MSTEE - ok
23:27:01.0406 4160 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:27:01.0422 4160 MTConfig - ok
23:27:01.0437 4160 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:27:01.0453 4160 Mup - ok
23:27:01.0484 4160 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:27:01.0500 4160 NativeWifiP - ok
23:27:01.0546 4160 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:27:01.0562 4160 NDIS - ok
23:27:01.0593 4160 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:27:01.0609 4160 NdisCap - ok
23:27:01.0640 4160 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:27:01.0656 4160 NdisTapi - ok
23:27:01.0687 4160 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:27:01.0702 4160 Ndisuio - ok
23:27:01.0718 4160 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:27:01.0734 4160 NdisWan - ok
23:27:01.0780 4160 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:27:01.0796 4160 NDProxy - ok
23:27:01.0796 4160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:27:01.0827 4160 NetBIOS - ok
23:27:01.0843 4160 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:27:01.0858 4160 NetBT - ok
23:27:01.0890 4160 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:27:01.0905 4160 nfrd960 - ok
23:27:01.0968 4160 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:27:01.0983 4160 Npfs - ok
23:27:01.0983 4160 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:27:02.0014 4160 nsiproxy - ok
23:27:02.0061 4160 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:27:02.0077 4160 Ntfs - ok
23:27:02.0092 4160 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:27:02.0108 4160 Null - ok
23:27:02.0124 4160 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:27:02.0139 4160 nusb3hub - ok
23:27:02.0155 4160 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:27:02.0155 4160 nusb3xhc - ok
23:27:02.0186 4160 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:27:02.0202 4160 NVHDA - ok
23:27:02.0389 4160 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:27:02.0498 4160 nvlddmkm - ok
23:27:02.0529 4160 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:27:02.0545 4160 nvraid - ok
23:27:02.0560 4160 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:27:02.0576 4160 nvstor - ok
23:27:02.0623 4160 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:27:02.0638 4160 nv_agp - ok
23:27:02.0670 4160 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:27:02.0685 4160 ohci1394 - ok
23:27:02.0732 4160 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:27:02.0748 4160 Parport - ok
23:27:02.0779 4160 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:27:02.0779 4160 partmgr - ok
23:27:02.0794 4160 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:27:02.0810 4160 pci - ok
23:27:02.0826 4160 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:27:02.0826 4160 pciide - ok
23:27:02.0841 4160 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:27:02.0857 4160 pcmcia - ok
23:27:02.0872 4160 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:27:02.0888 4160 pcw - ok
23:27:02.0904 4160 pe3ah4nb (971c08914ed3a6b1c4612042c0f93680) C:\Windows\system32\drivers\pe3ah4nb.sys
23:27:02.0919 4160 pe3ah4nb - ok
23:27:02.0935 4160 pe3ah4nc (958754a37c85e18eb53fa2139787113c) C:\Windows\system32\drivers\pe3ah4nc.sys
23:27:02.0950 4160 pe3ah4nc - ok
23:27:02.0966 4160 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:27:02.0997 4160 PEAUTH - ok
23:27:03.0075 4160 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:27:03.0122 4160 PptpMiniport - ok
23:27:03.0153 4160 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:27:03.0184 4160 Processor - ok
23:27:03.0200 4160 ps6ah4nb (844f3618684228adef124705944b479b) C:\Windows\system32\drivers\ps6ah4nb.sys
23:27:03.0216 4160 ps6ah4nb - ok
23:27:03.0247 4160 ps6ah4nc (0e998144e0c05affbb6cc66b5999958c) C:\Windows\system32\drivers\ps6ah4nc.sys
23:27:03.0262 4160 ps6ah4nc - ok
23:27:03.0278 4160 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:27:03.0309 4160 Psched - ok
23:27:03.0340 4160 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:27:03.0340 4160 PxHlpa64 - ok
23:27:03.0372 4160 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:27:03.0387 4160 ql2300 - ok
23:27:03.0403 4160 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:27:03.0418 4160 ql40xx - ok
23:27:03.0418 4160 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:27:03.0434 4160 QWAVEdrv - ok
23:27:03.0450 4160 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:27:03.0465 4160 RasAcd - ok
23:27:03.0496 4160 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:27:03.0512 4160 RasAgileVpn - ok
23:27:03.0543 4160 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:27:03.0574 4160 Rasl2tp - ok
23:27:03.0574 4160 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:27:03.0606 4160 RasPppoe - ok
23:27:03.0606 4160 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:27:03.0621 4160 RasSstp - ok
23:27:03.0652 4160 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:27:03.0684 4160 rdbss - ok
23:27:03.0699 4160 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:27:03.0715 4160 rdpbus - ok
23:27:03.0715 4160 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:27:03.0746 4160 RDPCDD - ok
23:27:03.0762 4160 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:27:03.0777 4160 RDPENCDD - ok
23:27:03.0793 4160 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:27:03.0808 4160 RDPREFMP - ok
23:27:03.0840 4160 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:27:03.0855 4160 RDPWD - ok
23:27:03.0886 4160 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:27:03.0902 4160 rdyboost - ok
23:27:03.0918 4160 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:27:03.0933 4160 RFCOMM - ok
23:27:03.0949 4160 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:27:03.0964 4160 rspndr - ok
23:27:04.0011 4160 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\Windows\system32\DRIVERS\RTL8192su.sys
23:27:04.0027 4160 RTL8192su - ok
23:27:04.0105 4160 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) D:\Program Files\SiSoftware Sandra Profi Business 2011.SP1\WNt500x64\Sandra.sys
23:27:04.0120 4160 SANDRA - ok
23:27:04.0167 4160 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:27:04.0183 4160 sbp2port - ok
23:27:04.0198 4160 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:27:04.0230 4160 scfilter - ok
23:27:04.0245 4160 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:27:04.0261 4160 secdrv - ok
23:27:04.0276 4160 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:27:04.0292 4160 Serenum - ok
23:27:04.0323 4160 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:27:04.0354 4160 Serial - ok
23:27:04.0370 4160 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:27:04.0401 4160 sermouse - ok
23:27:04.0417 4160 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:27:04.0417 4160 sffdisk - ok
23:27:04.0432 4160 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:27:04.0448 4160 sffp_mmc - ok
23:27:04.0464 4160 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:27:04.0464 4160 sffp_sd - ok
23:27:04.0479 4160 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:27:04.0495 4160 sfloppy - ok
23:27:04.0510 4160 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:27:04.0510 4160 SiSRaid2 - ok
23:27:04.0510 4160 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:27:04.0526 4160 SiSRaid4 - ok
23:27:04.0542 4160 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:27:04.0588 4160 Smb - ok
23:27:04.0620 4160 speedfan - ok
23:27:04.0651 4160 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:27:04.0666 4160 spldr - ok
23:27:04.0698 4160 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:27:04.0729 4160 srv - ok
23:27:04.0760 4160 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:27:04.0760 4160 srv2 - ok
23:27:04.0791 4160 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:27:04.0791 4160 srvnet - ok
23:27:04.0838 4160 ssudmdm (daa02a6e84a4f99b5b9cd3ef8d59d652) C:\Windows\system32\DRIVERS\ssudmdm.sys
23:27:04.0854 4160 ssudmdm - ok
23:27:04.0900 4160 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:27:04.0916 4160 stexstor - ok
23:27:04.0932 4160 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:27:04.0947 4160 swenum - ok
23:27:05.0010 4160 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:27:05.0041 4160 Tcpip - ok
23:27:05.0072 4160 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:27:05.0088 4160 TCPIP6 - ok
23:27:05.0134 4160 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:27:05.0166 4160 tcpipreg - ok
23:27:05.0275 4160 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:27:05.0306 4160 TDPIPE - ok
23:27:05.0322 4160 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:27:05.0337 4160 TDTCP - ok
23:27:05.0384 4160 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:27:05.0400 4160 tdx - ok
23:27:05.0415 4160 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:27:05.0431 4160 TermDD - ok
23:27:05.0462 4160 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:27:05.0478 4160 tssecsrv - ok
23:27:05.0509 4160 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:27:05.0509 4160 TsUsbFlt - ok
23:27:05.0540 4160 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:27:05.0556 4160 tunnel - ok
23:27:05.0571 4160 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:27:05.0587 4160 uagp35 - ok
23:27:05.0602 4160 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:27:05.0634 4160 udfs - ok
23:27:05.0665 4160 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:27:05.0665 4160 uliagpkx - ok
23:27:05.0696 4160 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:27:05.0712 4160 umbus - ok
23:27:05.0727 4160 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:27:05.0727 4160 UmPass - ok
23:27:05.0758 4160 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
23:27:05.0758 4160 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
23:27:05.0758 4160 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
23:27:05.0790 4160 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:27:05.0805 4160 usbccgp - ok
23:27:05.0836 4160 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:27:05.0836 4160 usbcir - ok
23:27:05.0852 4160 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:27:05.0868 4160 usbehci - ok
23:27:05.0883 4160 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:27:05.0899 4160 usbhub - ok
23:27:05.0914 4160 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:27:05.0914 4160 usbohci - ok
23:27:05.0930 4160 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:27:05.0946 4160 usbprint - ok
23:27:05.0961 4160 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:27:05.0977 4160 USBSTOR - ok
23:27:05.0992 4160 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:27:05.0992 4160 usbuhci - ok
23:27:06.0024 4160 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:27:06.0039 4160 vdrvroot - ok
23:27:06.0055 4160 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:27:06.0070 4160 vga - ok
23:27:06.0070 4160 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:27:06.0102 4160 VgaSave - ok
23:27:06.0117 4160 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:27:06.0117 4160 vhdmp - ok
23:27:06.0133 4160 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:27:06.0148 4160 viaide - ok
23:27:06.0164 4160 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:27:06.0164 4160 volmgr - ok
23:27:06.0195 4160 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:27:06.0195 4160 volmgrx - ok
23:27:06.0226 4160 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:27:06.0226 4160 volsnap - ok
23:27:06.0258 4160 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:27:06.0273 4160 vsmraid - ok
23:27:06.0273 4160 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:27:06.0289 4160 vwifibus - ok
23:27:06.0320 4160 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:27:06.0336 4160 vwififlt - ok
23:27:06.0351 4160 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:27:06.0367 4160 WacomPen - ok
23:27:06.0398 4160 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:06.0445 4160 WANARP - ok
23:27:06.0445 4160 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:27:06.0460 4160 Wanarpv6 - ok
23:27:06.0492 4160 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:27:06.0492 4160 Wd - ok
23:27:06.0523 4160 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:27:06.0538 4160 Wdf01000 - ok
23:27:06.0554 4160 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:27:06.0585 4160 WfpLwf - ok
23:27:06.0601 4160 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:27:06.0616 4160 WIMMount - ok
23:27:06.0648 4160 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:27:06.0663 4160 WinUsb - ok
23:27:06.0710 4160 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:27:06.0726 4160 WmiAcpi - ok
23:27:06.0757 4160 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:27:06.0772 4160 ws2ifsl - ok
23:27:06.0804 4160 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:27:06.0835 4160 WudfPf - ok
23:27:06.0850 4160 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:27:06.0882 4160 WUDFRd - ok
23:27:06.0882 4160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:27:06.0913 4160 \Device\Harddisk0\DR0 - ok
23:27:06.0913 4160 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:27:06.0975 4160 \Device\Harddisk1\DR1 - ok
23:27:06.0975 4160 Boot (0x1200) (02a042694e3d9bf254e84bf4932fe101) \Device\Harddisk0\DR0\Partition0
23:27:06.0975 4160 \Device\Harddisk0\DR0\Partition0 - ok
23:27:06.0975 4160 Boot (0x1200) (f7f83b282c652e92cb9551f8b6c39b00) \Device\Harddisk1\DR1\Partition0
23:27:06.0975 4160 \Device\Harddisk1\DR1\Partition0 - ok
23:27:07.0006 4160 Boot (0x1200) (1bee1348a0081d2f0456fa1a6f6cce5d) \Device\Harddisk1\DR1\Partition1
23:27:07.0006 4160 \Device\Harddisk1\DR1\Partition1 - ok
23:27:07.0022 4160 Boot (0x1200) (f7aa58dd3e0f86763bc49c7286ccd7e7) \Device\Harddisk1\DR1\Partition2
23:27:07.0022 4160 \Device\Harddisk1\DR1\Partition2 - ok
23:27:07.0038 4160 Boot (0x1200) (7356f01256021c88d6292493142525f9) \Device\Harddisk1\DR1\Partition3
23:27:07.0038 4160 \Device\Harddisk1\DR1\Partition3 - ok
23:27:07.0038 4160 ============================================================
23:27:07.0038 4160 Scan finished
23:27:07.0038 4160 ============================================================
23:27:07.0053 4780 Detected object count: 1
23:27:07.0053 4780 Actual detected object count: 1
23:27:09.0487 4780 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
23:27:09.0487 4780 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
 |
|
23.12.2011, 16:46
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | und noch einer: "windowssystem... blockiert... bezahlen... runterladen" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu und noch einer: "windowssystem... blockiert... bezahlen... runterladen" |
| action, admin, adware.mywaysearch, aktuelle, anti-malware, appdata, bereits, bericht, bezahlen, bildschirm, blockiert, bösartige, dateien, e-banking, exploit.drop.2, explorer, gefährlich, kurze, malwarebytes, minute, nachricht, progs, runterladen, schonmal, schwarze, schwarze bildschirm, service, temp, version, verzeichnisse, vollständiger, windowssystem |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
