Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2012, 10:52   #1
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hallo Community.

Eine Freundin von mir hat sich auch diesen Trojaner eingefangen.
Ich habe mal die gesamte Festplatte auf eine externe Festplatte kopiert um keine Daten zu verlieren/zerstören.

Die Dateien sind leider alle verschlüsselt. Backup ist keins vorhanden
Ich würde die Dateien aber gerne wieder (teilweise) herstellen, da ihre Buchhaltung auf diesem Rechner drauf ist.

Ich poste mal meine Logs und hoffe, dass ihr mir weiterhelfen könnt.
Den Rechner kann ich nur im abgesicherten Modus starten, da ja sonst diese wunderschöne ukash Meldung auf dem Bildschirm erscheint.

Anbei das Malwarebytes-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.28.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
diatrade :: ###-PC [Administrator]

28.05.2012 10:13:36
mbam-log-2012-05-28 (11-24-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 376889
Laufzeit: 48 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4A73E234 (Spyware.Password) -> Daten: C:\Users\###\AppData\Roaming\Yxegcsl\36C308B74A73E234DAAB.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\###\AppData\Roaming\Yxegcsl\36C308B74A73E234DAAB.exe (Spyware.Password) -> Keine Aktion durchgeführt.
C:\Users\###\AppData\Local\Temp\epykraxnmq.pre (Spyware.Password) -> Keine Aktion durchgeführt.
C:\Users\###\AppData\Local\Temp\wdgcirrjbp.pre (Spyware.Password) -> Keine Aktion durchgeführt.

(Ende)
         
OTL.txt:
Code:
ATTFilter
OTL logfile created on: 28.05.2012 11:37:31 - Run 1
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Users\###\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 78,53% Memory free
7,99 Gb Paging File | 7,19 Gb Available in Paging File | 90,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 186,14 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
 
Computer Name: ###-PC | User Name: ### | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.28 11:36:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\###\Downloads\OTL.exe
PRC - [2011.01.10 20:53:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.20 20:10:39 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.01.10 20:53:12 | 001,017,304 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.20 20:10:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.13 01:11:56 | 000,394,352 | ---- | M] (PCRx.com, LLC) [Auto | Stopped] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.05.31 10:31:10 | 000,424,088 | ---- | M] (Sage Software) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe -- (SageDeploymentService)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.05 07:04:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.02 15:51:24 | 001,134,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009.11.02 15:51:22 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.03.04 12:04:36 | 000,086,016 | ---- | M] (Sage KHK Software) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sage KHK Shared\REGISTRY.EXE -- (Registry)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.09.04 11:41:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.08.21 23:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.11.07 17:03:24 | 000,036,816 | ---- | M] (IKARUS Security Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\aonInternetSchutz\bin\ntguard_x64.sys -- (NTGUARD)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80772
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80772&lng=de
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inbox.com/homepage.aspx?tbid=80772&lng=de
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_de
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.22
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.740
FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.110.333
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0.0.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.23 21:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.22 07:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.08.08 06:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012.02.18 14:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012.04.21 18:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.06 19:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.08 08:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.06 19:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.08 08:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.18 14:39:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.23 21:30:40 | 000,000,000 | ---D | M]
 
[2010.07.15 09:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Extensions
[2010.04.16 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.28 10:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions
[2012.05.22 07:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.05.22 07:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.21 18:21:08 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\AppGraffiti@AppGraffiti.com
[2012.04.21 18:21:40 | 000,002,291 | ---- | M] () -- C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\2349j4i4.default\searchplugins\dxfOJjLalruojXeGVL
[2012.05.28 10:19:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.11 08:55:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.28 09:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.27 18:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.04 08:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.04 13:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 06:45:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.27 12:17:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.08.08 06:41:09 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2012.02.18 14:39:14 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.6
[2012.04.21 18:21:03 | 000,000,000 | ---D | M] (SiteRanker) -- C:\PROGRAM FILES (X86)\SITERANKER\FIREFOX
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.10 20:53:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 20:53:14 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.01.10 20:53:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.10 20:53:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.01.10 20:53:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [monm] C:\Users\###\AppData\Roaming\monm.exe ()
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ###-pc ([]file in Local intranet)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A04F645-F881-4047-B81A-542E3B3B5C0A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1A6D2A6-909D-45D4-A8DB-5D1625F17434}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.28 11:24:51 | 000,000,000 | ---D | C] -- C:\_logs
[2012.05.28 10:11:44 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Malwarebytes
[2012.05.28 10:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.28 10:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.28 10:11:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.28 10:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.22 10:23:11 | 000,000,000 | R--D | C] -- C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.05.21 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Yxegcsl
[2012.05.19 06:35:02 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\93-120036-
[2012.05.11 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\113827-120034-2222611
[2012.05.09 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\2012-142-2-120028-2221691
[2012.05.06 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.06 09:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012.04.28 19:32:01 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.04.28 18:13:21 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Nokia Suite
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.28 11:33:00 | 001,703,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.28 11:33:00 | 000,731,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.28 11:33:00 | 000,682,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.28 11:33:00 | 000,161,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.28 11:33:00 | 000,132,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.28 11:25:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 11:25:46 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.28 10:11:38 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.23 18:16:14 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 18:16:14 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 17:54:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.23 17:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 13:54:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.22 10:25:29 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012.05.20 12:49:14 | 000,012,386 | ---- | M] () -- C:\Users\###\Documents\AQGUpANDaLOfGeJdXl
[2012.05.19 16:02:53 | 588,551,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.17 10:56:21 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.13 03:38:17 | 000,434,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 08:54:58 | 001,434,712 | ---- | M] () -- C:\Users\###\Documents\ploylTaeGUsXxdt
[2012.05.09 08:39:20 | 000,965,032 | ---- | M] () -- C:\Users\###\Documents\sfxNJgQynOuLAjE
[2012.05.08 21:26:10 | 001,165,423 | ---- | M] () -- C:\Users\###\Documents\GUtlajoJgspoyQ
[2012.05.08 21:22:32 | 001,169,459 | ---- | M] () -- C:\Users\###\Documents\fxdDTnjsVTsEyNJ
[2012.05.08 09:03:31 | 000,370,600 | ---- | M] () -- C:\Users\###\Documents\ujnDXtUqoXsxVgJalVsr
[2012.05.08 08:32:21 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.08 08:28:32 | 000,000,102 | ---- | M] () -- C:\Windows\sageCL.ini
[2012.04.28 19:59:30 | 005,295,897 | ---- | M] () -- C:\Users\###\Documents\GUasAotVDaqLOu
[2012.04.28 19:32:01 | 000,002,253 | ---- | M] () -- C:\Users\###\Desktop\Nokia Software Updater.lnk
 
========== Files Created - No Company Name ==========
 
[2012.05.28 10:11:38 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 10:25:29 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012.04.28 19:32:01 | 000,002,253 | ---- | C] () -- C:\Users\###\Desktop\Nokia Software Updater.lnk
[2011.12.26 12:25:30 | 000,003,584 | ---- | C] () -- C:\Users\###\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 09:06:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.19 13:37:32 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010.04.28 19:50:23 | 000,000,000 | -HSD | M] -- C:\Users\###\AppData\Roaming\.#
[2010.06.19 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Canneverbe Limited
[2012.01.22 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.04.08 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.hyfn.taylorswift
[2010.04.26 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\CoSoSys
[2012.05.22 07:24:15 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\GameConsole
[2011.10.25 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Garmin
[2010.04.16 17:55:47 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\mquadr.at
[2012.02.18 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia
[2011.08.21 07:34:39 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Ovi Suite
[2012.04.28 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Suite
[2010.04.17 22:32:12 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Packard Bell
[2011.12.26 12:39:18 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\PC Suite
[2012.05.22 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TeamViewer
[2011.08.26 07:59:31 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Template
[2010.04.16 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TomTom
[2012.05.28 11:25:05 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Yxegcsl
[2012.02.25 08:48:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 28.05.2012 11:37:31 - Run 1
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Users\###\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 78,53% Memory free
7,99 Gb Paging File | 7,19 Gb Available in Paging File | 90,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 186,14 Gb Free Space | 65,02% Space Free | Partition Type: NTFS
 
Computer Name: ###-PC | User Name: ### | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D5F6C46-7069-4E25-B9D6-9321CE5EA6F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D1325D5-0547-4D43-8AA3-96D505E175E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28BE10C5-BEE4-4C30-B3DF-EEB827D24E31}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2A0F85F2-3233-4048-AA8C-44BB53ADE56B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2B637B57-738E-4E9A-8E40-792367A66E73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3345E67D-B72D-49F1-BECC-58D0FB76F625}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3B05129F-9D58-4788-88EC-9D3BA03FDDBD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3BD7B450-2E39-4A80-89A9-F70CE0F4AC14}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3E8D75F1-E9B0-43FC-9D2F-7A4E29DF6FEC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{43A89923-6247-4792-8451-392D95DBCA7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{467487C1-B0BB-4261-BC81-D454E0AC88B9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{52701A99-0130-4523-8467-7309B682E19F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{536A15A4-E526-4923-A508-269765A80950}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B2B9859-1409-4FB2-9A58-0EB5EE13F39B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{61619FF0-9EFB-499C-963C-E6AF6B911D99}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{61A4E9CE-7CB7-4D82-A1C1-5A786C098DCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6B1F6568-735E-4C1E-B109-81F7248021D3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{77F09F73-35D5-4B4B-AB87-DBADF1DCD8EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F53AFAF-6806-4BDF-B8A6-C3F0C25A4307}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A091429E-DE9E-43BE-B1F2-1D1DCFA87C2C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A2772208-03E1-46AE-BB83-1C0A0172E22C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A5BE8E92-A359-4260-BE50-DBA435A96070}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAB9A4E0-EF01-4248-B1AE-9B2AEDA8E7F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E78E504F-2427-46A0-A89F-728D67EE6773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E900DF47-944A-4B58-A1E2-C0A24E134935}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FBCFF42F-420D-4AB7-B0A6-46C2A7982411}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E52459-B458-49C9-9D8F-E0BFDFE992D6}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{03E75F3D-7E85-4A6A-A8E0-56CFD80EB83A}" = protocol=17 | dir=in | app=c:\program files (x86)\aon\aoncontroller\aoncontroller.exe | 
"{05682755-5B4E-48C7-A8BA-C61B9B215FE0}" = protocol=17 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{0598C104-83F9-4A18-A251-89C3AABD628B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{0AED1C1F-9A3D-44B5-A043-6E340E3F3A82}" = protocol=17 | dir=in | app=c:\program files (x86)\aon\aoninstaller\aoninstaller.exe | 
"{0FF38242-B93B-4465-BB50-D7CB74FE2797}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe | 
"{104A885C-328D-4F02-9475-0697D2536057}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10CA4834-4025-4455-971B-C3448E7B2B63}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{113EC061-BA66-427C-90A4-6FE961F5FD91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{137353AC-4414-4159-B83B-C6BEE249394C}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\mobile installer\aonflex.exe | 
"{1383D3C6-CB0A-4F88-8F16-0AC07F8A5FA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{158E9339-C7AB-43F3-928D-D8A407639740}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{1B2EF349-AF99-4B9A-86A3-B7731BFC6948}" = protocol=6 | dir=in | app=c:\program files (x86)\aon\aoninstaller\aoninstaller.exe | 
"{1C1070D7-A24B-4E92-A3DA-768F7D214276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{249E68EC-DD17-4771-8B2E-1E5B09D9C826}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{259050C1-E59A-487A-BD91-584954D7DD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{28E036EC-5AB6-4BE9-B7C4-541C19BFF4D6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{2C8F21EA-AD2A-4047-9D48-6AABE99A98B3}" = protocol=6 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{2E474F16-90A7-4AF8-9E48-F48DD0FA0159}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{33E966CF-69CB-45FF-8E19-2C46E1C8816A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{36835ABD-4ACE-4F37-B524-C8C71061969E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3BCF3DF4-1F9B-484F-94A2-F17A01FEB137}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{40A68DAD-55FF-400D-95C3-E2C4460CB197}" = protocol=17 | dir=in | app=c:\program files (x86)\a1 telekom austria\breitband-internet-installation\fixnet installer\installer.exe | 
"{43913BCF-4EAE-4F98-8738-99AF47675512}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{44F3DE43-4919-4FE9-89FA-D9417F427D1B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5084DD7F-6BD4-4E86-8A6F-ED04C743470D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5488CEDD-0D37-42B0-8BCD-218D1E6D7F6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{5B198EFA-4655-4A57-8152-C9F9EFD290CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{61358197-E996-43C6-AD79-D5FCCB0523DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{63E505E7-236F-476F-9D4B-7FEE7667BC33}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{67E0B3E3-D9DE-44A6-BB4C-90F02514570E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{6D38665C-44A3-4A3D-BC2A-0F21AA165343}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{6EE910E2-188D-471C-8A86-60A0CF86807E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6F9CF4C2-6DE4-450F-ABAA-57068C944A69}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{72AC0317-C48D-495B-8B04-332692D1FBEE}" = protocol=6 | dir=in | app=c:\program files (x86)\aon\aoncontroller\aoncontroller.exe | 
"{7B6CEA4C-06D1-4547-9F5A-D4B36F990910}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7ED64BFC-ACDA-476A-ACB7-30850AFA1123}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8679674E-D6D6-46DE-B88F-B57331B5D8AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{880D4611-DAA3-4B4C-8C67-774E0823B877}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{890C5DF3-3138-44D6-AEAD-590AEFF45CB8}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{8CFE07E8-10E9-4B47-A529-3032E10BC022}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{8EF03292-548E-49FD-A5D0-F8BCF592EA5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{953510A8-0FE7-490C-BF63-CFDD9B2AA9A5}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{98074FF1-A702-4791-A6AC-3CE8590858AB}" = protocol=6 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{9B5D2756-D191-45B5-8097-937B0EC364D7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9F872FF8-30BB-4762-9E50-6C60E845450D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A6C99CF0-F59B-4D33-A35D-627541F5FF63}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A8673B84-70BF-4778-9E05-4C489B85503C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{A94E871D-2E11-4A49-B161-CE951849BB45}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{AC2FCA28-37BA-4CC3-8615-EEC0EB5890ED}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{B30B67F6-4EA9-4B18-84FA-145093F7E87B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{B3F1F2A6-06D2-4E03-945B-C9287FB6E191}" = protocol=6 | dir=out | app=system | 
"{BD34FD66-99FD-445D-B295-2A92C3F863DA}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{CB15ED33-309C-4C97-BE30-31CF52D2E8C8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{CE17D380-DD20-4ECC-8E0B-8071CAC2A427}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{D0A573C8-DA2D-47AA-96EC-58BBDA000996}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D13D1C13-5F92-45F3-95C7-7697C621416A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC390D7E-CD86-4B74-AA16-4389D37FC82D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC76BFA0-B4D6-4345-AEDD-A8D342846A54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{DD23B7AD-BF4B-49C3-A5C9-C9FD6D4DD0E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{E25BB4E1-3CDA-4851-AF1E-733F36613F58}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{E4DF4AD9-D8F7-4EEC-85E5-8FDC695521F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5804CF7-54C5-4C55-8875-202DA4E5715D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{E6911C4F-BF06-4153-9BCF-BC6E782E9213}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{E99E94E8-A094-4135-9DFD-86005C7AE68E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{EF90D44F-A46F-4DEE-BAAB-C46EA6A8BE56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F6208285-017D-4502-A4B6-4043DE0ED770}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{FA07A3EA-1DCF-4D22-9558-BF7AC0D43139}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{FD4A62F8-B994-4B06-A6CE-93491F36BD35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE2AE3DF-3452-4505-9464-0958B97B1A89}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{2BB32803-F504-4D43-AC8B-5A2A71C0BE00}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"TCP Query User{68F528A5-3E2E-41AD-B3C4-51F06C11975D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{96FB3417-CCA6-4F9D-B10F-A26AB16A4DBE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{64E35E57-0487-4256-A8DD-B5BAAD81617D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{78DC4152-5B29-4766-B026-471CD0671894}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{F0390CD9-37FD-473C-AC74-BE962554AC1C}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{3137CBA1-567B-411C-9B74-131A6D98E9DC}" = Microsoft Windows OneCare Live v2.5.2901.40
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2901.40
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}" = HP OfficeJet J5700
"{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}" = HP Officejet Pro 8500 A910 Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075315E8-E9E1-4DB3-8CBD-0BEBA9E2BAC3}" = ProductContext
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{1431b9be-1399-464c-b38d-3a240aec3a2f}" = Nero 9 Essentials
"{1742DE47-1693-4E7C-8121-8E1D6AED5B25}" = J5700
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2901.40 Idcrl Install
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4767A89A-F6A5-41B1-903C-734483739882}" = Highspeed-Internet-Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{65C93161-6CD1-4D29-A4D0-FD6E7ECACDD5}" = Sage IBan, Sepa, Open Trans
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{70CAF6DA-C2F4-40C4-A0A4-10FB04701669}" = bpd_scan
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FFB69E8-6ECA-4828-ADF9-6E1D705257BD}" = Sage Business Intelligence Integration
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0B72BC-3007-45E9-BBA3-7B7EF8819FA3}" = 5700_Help
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = aonController
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAB28CC-016E-4E72-A278-A43AAECA878D}" = Sage Liveupdate 4.0 Setup
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AD976243-75CB-4A2B-809F-8C9EC4292377}" = Mobiles Internet für unterwegs
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBD4CA5B-DB25-1006-2C44-D3EB3ED082D1}" = Taylor Swift
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D43B1A55-6957-4E93-A674-338F78B4A202}" = BPDSoftware
"{D72C07D4-A2F6-466A-B65D-79E0EB2928DA}" = Sage Classic Line 2010 Workstation
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A1335B-3D84-413B-B92C-DF2D4BAACA0C}" = BPDSoftware_Ini
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"aonController" = aonController
"aonFTP" = aonFTP
"aonInternetschutz.3" = aonInternetSchutz 1.0.209
"aonUpdate" = aonUpdate
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.hyfn.taylorswift" = Taylor Swift
"Google Chrome" = Google Chrome
"Highspeed-Internet-Installation" = Highspeed-Internet-Installation
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobiles Internet für unterwegs" = Mobiles Internet für unterwegs
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Welcome Center" = Welcome Center
"PackardBell Screensaver" = PackardBell ScreenSaver
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"TeamViewer 5" = TeamViewer 5
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinSS" = Windows Live OneCare Restore Tool
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2012 03:45:48 | Computer Name = ###-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.05.2012 04:10:20 | Computer Name = ###-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.05.2012 16:33:49 | Computer Name = ###-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2130    Startzeit:
 01cd36b3b6d88d33    Endzeit: 13    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 20.05.2012 18:31:19 | Computer Name = ###-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.05.2012 18:31:33 | Computer Name = ###-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2012 18:31:33 | Computer Name = ###-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2012 18:31:33 | Computer Name = ###-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2012 18:31:34 | Computer Name = ###-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.05.2012 23:44:27 | Computer Name = ###-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.05.2012 12:37:50 | Computer Name = ###-PC | Source = TomTomHOMEService | ID = 10000
Description = 
 
[ OSession Events ]
Error - 13.05.2010 00:34:20 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 538
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2010 06:15:57 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14792
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 20.05.2010 06:28:16 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 720
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 00:57:23 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 670
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 11.03.2011 01:52:21 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 78957
 seconds with 5040 seconds of active time.  This session ended with a crash.
 
Error - 06.04.2011 01:11:47 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 59
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2011 22:23:31 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61037
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 15.02.2012 04:06:50 | Computer Name = ###-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2436
 seconds with 900 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.05.2012 05:34:28 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:28 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:28 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:28 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:36 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:36 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:34:36 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:36:44 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:36:44 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 28.05.2012 05:36:44 | Computer Name = ###-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
Tjo jetzt weiß ich nur nicht wie ich weiter vorgehen soll und hoffe auf eure Hilfe.
Vielen Dank vorab schonmal.

Alt 30.05.2012, 15:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________

__________________

Alt 30.05.2012, 15:48   #3
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi Cosinus und danke für die Rückmeldung.

Die Funde sind entfernt worden und nach neuerlichem Scan ist nichts mehr aufgetaucht.

Dachte ich poste das ursprüngliche Log, da es vielleicht weiterhilft.

Lg
__________________

Alt 30.05.2012, 15:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.05.2012, 22:00   #5
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5f4ab15152994146be3ffb517b2f6d7e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-30 08:52:37
# local_time=2012-05-30 10:52:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 718619 90034577 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# scanned=189299
# found=4
# cleaned=0
# scan_time=6430
C:\Users\###\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00026b	JS/TrojanDownloader.Pegel.BK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\###\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\2IMRFK4L\Rechnung.zip	probably a variant of Win32/Agent.LMXRIUT trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\###\AppData\Local\Temp\nps649A.tmp	JS/Exploit.Pdfka.OAY trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\###\AppData\Roaming\monm.exe	a variant of Win32/Kryptik.AFKT trojan (unable to clean)	00000000000000000000000000000000	I
         
Das ist die log.txt von ESET.

Lg Daniel


Alt 30.05.2012, 22:42   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von den verschlüsselten Dateien)
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Verschlüsselungstrojaner

Alt 02.06.2012, 09:59   #7
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi Cosinus.

Entschuldigung es hat etwas gedauert. Da ich am Montag zwei Wochen beruflich verreise hatte ich noch einiges zu erledigen :-).

Back to topic:
ad 1) Ja er bootet wieder normal und mir wäre jetzt nichts besonderes aufgefallen (bis auf die verschlüsselten Files).
ad 2) Es scheint nichts zu fehlen.

Lg Daniel

Alt 02.06.2012, 18:48   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2012, 14:36   #9
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi cosinus.

Anbei die Log.txt vom neuen OTL Scan.

Ich bin ab morgen früh zwei Wochen beruflich im Ausland und muss deshalb den Thread kurz pausieren. Ich hoffe das ist OK und wir können in zwei Wochen weitermachen.

Vielen Dank bis jetzt für deine Unterstützung

Lg Daniel

Code:
ATTFilter
OTL logfile created on: 03.06.2012 15:04:36 - Run 2
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Users\###\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,14% Memory free
7,99 Gb Paging File | 6,05 Gb Available in Paging File | 75,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,27 Gb Total Space | 186,95 Gb Free Space | 65,31% Space Free | Partition Type: NTFS
 
Computer Name: ###-PC | User Name: ### | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.28 11:36:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\###\Downloads\OTL.exe
PRC - [2012.04.13 01:11:56 | 000,394,352 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2012.03.21 07:39:06 | 000,320,000 | ---- | M] (Crawler, LLC) -- C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.01.10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.01.04 14:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.01.04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011.11.06 19:07:56 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.05.31 10:31:10 | 000,424,088 | ---- | M] (Sage Software) -- C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe
PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.09 17:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.11.02 15:51:24 | 001,134,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe
PRC - [2009.11.02 15:51:22 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2009.11.02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 03:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.03.04 12:04:36 | 000,086,016 | ---- | M] (Sage KHK Software) -- C:\Program Files (x86)\Common Files\Sage KHK Shared\REGISTRY.EXE
PRC - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.01.10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.01.10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012.01.10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.01.10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012.01.10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012.01.10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.01.10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.01.10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.01.10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.01.10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.01.10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.01.10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.01.10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.01.10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.01.10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.01.10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.01.10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.01.10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.01.10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.01.10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.01.10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012.01.10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012.01.10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012.01.10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.01.05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2009.11.20 16:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.10.08 19:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009.10.07 13:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009.09.23 19:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009.02.03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.20 20:10:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.13 01:11:56 | 000,394,352 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.05.31 10:31:10 | 000,424,088 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe -- (SageDeploymentService)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.05 07:04:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.02 15:51:24 | 001,134,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2009.11.02 15:51:22 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.03.04 12:04:36 | 000,086,016 | ---- | M] (Sage KHK Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sage KHK Shared\REGISTRY.EXE -- (Registry)
SRV - [2009.02.23 11:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.09.04 11:41:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.08.21 23:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2011.11.07 17:03:24 | 000,036,816 | ---- | M] (IKARUS Security Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\aonInternetSchutz\bin\ntguard_x64.sys -- (NTGUARD)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80772
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80772&lng=de
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inbox.com/homepage.aspx?tbid=80772&lng=de
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6}
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_de
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80772&lng=de
IE - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.10.0.9560
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.22
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.740
FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.110.333
FF - prefs.js..extensions.enabledItems: siteranker@siteranker.com:1.0.0.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.23 21:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.22 07:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.08.08 06:41:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012.02.18 14:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files (x86)\SiteRanker\firefox\ [2012.04.21 18:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.06 19:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.08 08:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.06 19:08:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.08 08:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.18 14:39:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.23 21:30:40 | 000,000,000 | ---D | M]
 
[2010.07.15 09:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Extensions
[2010.04.16 23:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.05.30 21:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions
[2012.05.22 07:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.05.22 07:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.04.21 18:21:08 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Users\###\AppData\Roaming\mozilla\Firefox\Profiles\2349j4i4.default\extensions\AppGraffiti@AppGraffiti.com
[2012.04.21 18:21:40 | 000,002,291 | ---- | M] () -- C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\2349j4i4.default\searchplugins\dxfOJjLalruojXeGVL
[2012.05.30 21:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.11 08:55:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.28 09:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.27 18:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.04 08:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.04 13:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.03 06:45:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.27 12:17:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.08.08 06:41:09 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2012.02.18 14:39:14 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES (X86)\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_3.6
[2012.04.21 18:21:03 | 000,000,000 | ---D | M] (SiteRanker) -- C:\PROGRAM FILES (X86)\SITERANKER\FIREFOX
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.01.10 20:53:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.10 20:53:14 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.01.10 20:53:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.10 20:53:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.01.10 20:53:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: [wintn] C:\Users\###\AppData\Roaming\wintn.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000\..Trusted Domains: ###-pc ([]file in Local intranet)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A04F645-F881-4047-B81A-542E3B3B5C0A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1A6D2A6-909D-45D4-A8DB-5D1625F17434}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTGUARD - C:\Program Files (x86)\aonInternetSchutz\bin\ntguard_x64.sys (IKARUS Security Software GmbH)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTGUARD - C:\Program Files (x86)\aonInternetSchutz\bin\ntguard_x64.sys (IKARUS Security Software GmbH)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 14:56:05 | 000,000,000 | R--D | C] -- C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.05.30 21:03:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 11:24:51 | 000,000,000 | ---D | C] -- C:\_logs
[2012.05.28 10:11:44 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Malwarebytes
[2012.05.28 10:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.28 10:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.28 10:11:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.28 10:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.21 22:05:49 | 000,000,000 | ---D | C] -- C:\Users\###\AppData\Roaming\Yxegcsl
[2012.05.19 06:35:02 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\93-120036-
[2012.05.11 14:45:43 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\113827-120034-2222611
[2012.05.09 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\###\Documents\2012-142-2-120028-2221691
[2012.05.06 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.06 09:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 15:04:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 15:04:26 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 14:55:45 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.03 14:55:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.03 14:55:22 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.02 14:54:10 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.02 14:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.02 10:53:03 | 001,703,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.02 10:53:03 | 000,731,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.02 10:53:03 | 000,682,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.02 10:53:03 | 000,161,788 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.02 10:53:03 | 000,132,000 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.28 10:11:38 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 10:25:29 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2012.05.20 12:49:14 | 000,012,386 | ---- | M] () -- C:\Users\###\Documents\AQGUpANDaLOfGeJdXl
[2012.05.19 16:02:53 | 588,551,064 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.17 10:56:21 | 000,002,356 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.13 03:38:17 | 000,434,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.09 08:54:58 | 001,434,712 | ---- | M] () -- C:\Users\###\Documents\ploylTaeGUsXxdt
[2012.05.09 08:39:20 | 000,965,032 | ---- | M] () -- C:\Users\###\Documents\sfxNJgQynOuLAjE
[2012.05.08 21:26:10 | 001,165,423 | ---- | M] () -- C:\Users\###\Documents\GUtlajoJgspoyQ
[2012.05.08 21:22:32 | 001,169,459 | ---- | M] () -- C:\Users\###\Documents\fxdDTnjsVTsEyNJ
[2012.05.08 09:03:31 | 000,370,600 | ---- | M] () -- C:\Users\###\Documents\ujnDXtUqoXsxVgJalVsr
[2012.05.08 08:32:21 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.05.08 08:28:32 | 000,000,102 | ---- | M] () -- C:\Windows\sageCL.ini
 
========== Files Created - No Company Name ==========
 
[2012.05.28 10:11:38 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.22 10:25:29 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
[2011.12.26 12:25:30 | 000,003,584 | ---- | C] () -- C:\Users\###\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.15 09:06:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.19 13:37:32 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010.04.28 19:50:23 | 000,000,000 | -HSD | M] -- C:\Users\###\AppData\Roaming\.#
[2010.06.19 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Canneverbe Limited
[2012.01.22 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.04.08 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.hyfn.taylorswift
[2010.04.26 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\CoSoSys
[2012.05.22 07:24:15 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\GameConsole
[2011.10.25 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Garmin
[2010.04.16 17:55:47 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\mquadr.at
[2012.02.18 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia
[2011.08.21 07:34:39 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Ovi Suite
[2012.04.28 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Suite
[2010.04.17 22:32:12 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Packard Bell
[2011.12.26 12:39:18 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\PC Suite
[2012.05.22 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TeamViewer
[2011.08.26 07:59:31 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Template
[2010.04.16 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TomTom
[2012.05.28 11:25:05 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Yxegcsl
[2012.02.25 08:48:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.28 19:50:23 | 000,000,000 | -HSD | M] -- C:\Users\###\AppData\Roaming\.#
[2012.05.22 07:24:15 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Adobe
[2010.06.19 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Canneverbe Limited
[2012.01.22 18:06:09 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.04.08 19:48:14 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\com.hyfn.taylorswift
[2010.04.26 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\CoSoSys
[2010.06.19 13:05:21 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\CyberLink
[2012.05.22 07:24:15 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\GameConsole
[2011.10.25 12:29:02 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Garmin
[2010.04.16 17:59:39 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Google
[2010.04.17 07:23:28 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\HP
[2012.06.02 10:55:12 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\HpUpdate
[2010.04.16 17:06:38 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Identities
[2010.04.16 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Macromedia
[2012.05.28 10:11:44 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Malwarebytes
[2009.10.30 07:59:17 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Media Center Programs
[2011.07.18 11:36:45 | 000,000,000 | --SD | M] -- C:\Users\###\AppData\Roaming\Microsoft
[2010.07.15 09:06:30 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Mozilla
[2010.04.16 17:55:47 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\mquadr.at
[2010.05.30 09:09:14 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nero
[2012.02.18 14:40:10 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia
[2011.08.21 07:34:39 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Ovi Suite
[2012.04.28 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Nokia Suite
[2010.04.17 22:32:12 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Packard Bell
[2011.12.26 12:39:18 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\PC Suite
[2011.01.15 09:12:30 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Real
[2012.06.03 14:57:45 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Skype
[2012.05.22 07:24:17 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\skypePM
[2010.10.04 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Sun
[2012.05.22 10:06:07 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TeamViewer
[2011.08.26 07:59:31 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Template
[2010.04.16 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\TomTom
[2012.05.28 11:25:05 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Yxegcsl
 
< %APPDATA%\*.exe /s >
[1684.10.31 17:46:03 | 000,195,585 | ---- | M] () -- C:\Users\###\AppData\Roaming\wintn.exe
[2012.01.22 18:08:20 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\###\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.01.02 09:15:09 | 008,111,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\###\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012.06.03 15:06:59 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\###\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         

Alt 03.06.2012, 16:00   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
FF - user.js - File not found
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files (x86)\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-2342880879-1460478954-3863252132-1000..\Run: [wintn] C:\Users\###\AppData\Roaming\wintn.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.05.28 11:25:05 | 000,000,000 | ---D | M] -- C:\Users\###\AppData\Roaming\Yxegcsl
[2010.04.28 19:50:23 | 000,000,000 | -HSD | M] -- C:\Users\###\AppData\Roaming\.#

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2012, 17:29   #11
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi Cosinus.

Zurück vom business trip aus den Staaten. Danke schonmal für die Geduld.

Anbei das log.txt nach dem Durchlauf des Skripts (Skript ist mit dem richtigen User durchgelaufen):
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
C:\Program Files (x86)\SiteRanker\SiteRank.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2342880879-1460478954-3863252132-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2342880879-1460478954-3863252132-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wintn deleted successfully.
C:\Users\###\AppData\Roaming\wintn.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\Users\###\AppData\Roaming\Yxegcsl folder moved successfully.
C:\Users\###\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ###
->Temp folder emptied: 105338726 bytes
->Temporary Internet Files folder emptied: 254274843 bytes
->Java cache emptied: 42213 bytes
->FireFox cache emptied: 102639594 bytes
->Google Chrome cache emptied: 361149401 bytes
->Flash cache emptied: 8217277 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 352577894 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 9388204331 bytes
 
Total Files Cleaned = 10.083,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ###
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.2 log created on 06182012_180911

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000021DFC84CC31729718E not found!

Registry entries deleted on Reboot...
         
Lg
Daniel

Alt 18.06.2012, 21:04   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 16:19   #13
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi Cosinus.

TDSS-Killer ausgeführt und alle Funde mit 'skip' übersprungen.

Anbei das Log:
Code:
ATTFilter
17:14:43.0653 5988	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
17:14:43.0792 5988	============================================================
17:14:43.0793 5988	Current date / time: 2012/06/22 17:14:43.0792
17:14:43.0793 5988	SystemInfo:
17:14:43.0793 5988	
17:14:43.0793 5988	OS Version: 6.1.7601 ServicePack: 1.0
17:14:43.0793 5988	Product type: Workstation
17:14:43.0793 5988	ComputerName: DIATRADE-PC
17:14:43.0793 5988	UserName: diatrade
17:14:43.0793 5988	Windows directory: C:\Windows
17:14:43.0793 5988	System windows directory: C:\Windows
17:14:43.0793 5988	Running under WOW64
17:14:43.0793 5988	Processor architecture: Intel x64
17:14:43.0793 5988	Number of processors: 2
17:14:43.0793 5988	Page size: 0x1000
17:14:43.0793 5988	Boot type: Normal boot
17:14:43.0793 5988	============================================================
17:14:44.0989 5988	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:14:45.0009 5988	============================================================
17:14:45.0009 5988	\Device\Harddisk0\DR0:
17:14:45.0015 5988	MBR partitions:
17:14:45.0015 5988	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
17:14:45.0015 5988	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
17:14:45.0015 5988	============================================================
17:14:45.0067 5988	C: <-> \Device\Harddisk0\DR0\Partition1
17:14:45.0067 5988	============================================================
17:14:45.0067 5988	Initialize success
17:14:45.0067 5988	============================================================
17:16:03.0324 1872	============================================================
17:16:03.0324 1872	Scan started
17:16:03.0324 1872	Mode: Manual; SigCheck; TDLFS; 
17:16:03.0324 1872	============================================================
17:16:05.0982 1872	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:16:06.0128 1872	1394ohci - ok
17:16:06.0803 1872	24x7HelpSvc     (1c3be5dcce15c16631f6c8a328976b26) C:\Program Files (x86)\24x7Help\App24x7Svc.exe
17:16:06.0831 1872	24x7HelpSvc - ok
17:16:06.0929 1872	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:16:06.0952 1872	ACPI - ok
17:16:07.0029 1872	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:16:07.0117 1872	AcpiPmi - ok
17:16:07.0211 1872	AdobeActiveFileMonitor7.0 (6d9fc1e7ea3c548f4d3455f0c3feef8c) c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
17:16:07.0227 1872	AdobeActiveFileMonitor7.0 - ok
17:16:08.0003 1872	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:16:08.0043 1872	AdobeFlashPlayerUpdateSvc - ok
17:16:08.0498 1872	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:16:08.0580 1872	adp94xx - ok
17:16:08.0622 1872	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:16:08.0640 1872	adpahci - ok
17:16:08.0651 1872	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:16:08.0667 1872	adpu320 - ok
17:16:08.0841 1872	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:16:09.0043 1872	AeLookupSvc - ok
17:16:09.0190 1872	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:16:09.0273 1872	AFD - ok
17:16:09.0351 1872	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:16:09.0366 1872	agp440 - ok
17:16:09.0426 1872	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:09.0486 1872	ALG - ok
17:16:09.0574 1872	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:16:09.0587 1872	aliide - ok
17:16:09.0616 1872	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:16:09.0629 1872	amdide - ok
17:16:09.0658 1872	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:16:09.0713 1872	AmdK8 - ok
17:16:09.0719 1872	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:16:09.0757 1872	AmdPPM - ok
17:16:10.0047 1872	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:16:10.0063 1872	amdsata - ok
17:16:10.0127 1872	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:16:10.0145 1872	amdsbs - ok
17:16:10.0188 1872	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:16:10.0203 1872	amdxata - ok
17:16:10.0252 1872	ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:16:10.0514 1872	ApfiltrService - ok
17:16:10.0801 1872	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:16:10.0985 1872	AppID - ok
17:16:11.0038 1872	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:11.0100 1872	AppIDSvc - ok
17:16:11.0191 1872	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:16:11.0255 1872	Appinfo - ok
17:16:11.0307 1872	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:16:11.0322 1872	arc - ok
17:16:11.0330 1872	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:16:11.0345 1872	arcsas - ok
17:16:11.0377 1872	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:11.0432 1872	AsyncMac - ok
17:16:11.0542 1872	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:16:11.0563 1872	atapi - ok
17:16:11.0660 1872	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:11.0735 1872	AudioEndpointBuilder - ok
17:16:11.0743 1872	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:11.0787 1872	AudioSrv - ok
17:16:11.0931 1872	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:16:12.0010 1872	AxInstSV - ok
17:16:12.0708 1872	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:16:12.0773 1872	b06bdrv - ok
17:16:12.0823 1872	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:12.0899 1872	b57nd60a - ok
17:16:13.0230 1872	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:16:13.0370 1872	BCM43XX - ok
17:16:13.0651 1872	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:16:13.0671 1872	BcmSqlStartupSvc - ok
17:16:14.0072 1872	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:14.0128 1872	BDESVC - ok
17:16:14.0210 1872	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:14.0311 1872	Beep - ok
17:16:14.0726 1872	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:16:14.0851 1872	BFE - ok
17:16:15.0325 1872	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:16:15.0435 1872	BITS - ok
17:16:15.0490 1872	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:15.0553 1872	blbdrive - ok
17:16:15.0653 1872	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:16:15.0702 1872	bowser - ok
17:16:15.0723 1872	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:16:15.0774 1872	BrFiltLo - ok
17:16:15.0779 1872	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:16:15.0800 1872	BrFiltUp - ok
17:16:15.0855 1872	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:16:15.0940 1872	Browser - ok
17:16:15.0987 1872	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:16.0068 1872	Brserid - ok
17:16:16.0077 1872	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:16.0123 1872	BrSerWdm - ok
17:16:16.0141 1872	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:16.0184 1872	BrUsbMdm - ok
17:16:16.0206 1872	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:16.0236 1872	BrUsbSer - ok
17:16:16.0263 1872	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:16:16.0312 1872	BTHMODEM - ok
17:16:16.0358 1872	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:16.0411 1872	bthserv - ok
17:16:16.0438 1872	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:16.0476 1872	cdfs - ok
17:16:16.0584 1872	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:16:16.0641 1872	cdrom - ok
17:16:16.0710 1872	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:16.0810 1872	CertPropSvc - ok
17:16:16.0852 1872	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:16:16.0897 1872	circlass - ok
17:16:16.0938 1872	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:16.0955 1872	CLFS - ok
17:16:17.0055 1872	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:17.0072 1872	clr_optimization_v2.0.50727_32 - ok
17:16:17.0197 1872	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:17.0217 1872	clr_optimization_v2.0.50727_64 - ok
17:16:17.0323 1872	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:17.0339 1872	clr_optimization_v4.0.30319_32 - ok
17:16:17.0388 1872	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:17.0402 1872	clr_optimization_v4.0.30319_64 - ok
17:16:17.0443 1872	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:17.0477 1872	CmBatt - ok
17:16:17.0520 1872	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:16:17.0536 1872	cmdide - ok
17:16:17.0601 1872	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:16:17.0647 1872	CNG - ok
17:16:18.0326 1872	CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
17:16:18.0413 1872	CnxtHdAudService - ok
17:16:18.0463 1872	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:18.0482 1872	Compbatt - ok
17:16:18.0527 1872	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:16:18.0568 1872	CompositeBus - ok
17:16:18.0585 1872	COMSysApp - ok
17:16:18.0607 1872	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:16:18.0623 1872	crcdisk - ok
17:16:19.0001 1872	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:16:19.0062 1872	CryptSvc - ok
17:16:19.0496 1872	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:16:19.0581 1872	DcomLaunch - ok
17:16:19.0629 1872	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:16:19.0715 1872	defragsvc - ok
17:16:19.0794 1872	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:16:19.0891 1872	DfsC - ok
17:16:19.0966 1872	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:16:20.0045 1872	Dhcp - ok
17:16:20.0084 1872	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:16:20.0121 1872	discache - ok
17:16:20.0166 1872	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:16:20.0182 1872	Disk - ok
17:16:20.0740 1872	DKbFltr         (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
17:16:20.0755 1872	DKbFltr - ok
17:16:20.0806 1872	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:16:20.0894 1872	Dnscache - ok
17:16:21.0101 1872	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:16:21.0205 1872	dot3svc - ok
17:16:21.0256 1872	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:16:21.0314 1872	Dot4 - ok
17:16:21.0433 1872	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:16:21.0484 1872	Dot4Print - ok
17:16:21.0638 1872	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:16:21.0693 1872	dot4usb - ok
17:16:21.0763 1872	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:16:21.0843 1872	DPS - ok
17:16:21.0909 1872	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:16:21.0938 1872	drmkaud - ok
17:16:23.0027 1872	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:16:23.0056 1872	DXGKrnl - ok
17:16:23.0185 1872	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:16:23.0278 1872	EapHost - ok
17:16:27.0351 1872	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:16:27.0490 1872	ebdrv - ok
17:16:28.0050 1872	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:16:28.0132 1872	EFS - ok
17:16:28.0736 1872	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:16:28.0867 1872	ehRecvr - ok
17:16:28.0890 1872	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:16:28.0916 1872	ehSched - ok
17:16:29.0071 1872	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:16:29.0112 1872	elxstor - ok
17:16:29.0887 1872	ePowerSvc       (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
17:16:29.0942 1872	ePowerSvc - ok
17:16:30.0577 1872	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:16:30.0623 1872	ErrDev - ok
17:16:30.0749 1872	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:16:30.0819 1872	EventSystem - ok
17:16:30.0873 1872	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:16:30.0929 1872	exfat - ok
17:16:31.0070 1872	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:16:31.0204 1872	fastfat - ok
17:16:31.0432 1872	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:16:31.0526 1872	Fax - ok
17:16:31.0565 1872	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:16:31.0588 1872	fdc - ok
17:16:31.0665 1872	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:16:31.0743 1872	fdPHost - ok
17:16:31.0768 1872	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:16:31.0818 1872	FDResPub - ok
17:16:31.0836 1872	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:16:31.0850 1872	FileInfo - ok
17:16:31.0881 1872	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:16:31.0943 1872	Filetrace - ok
17:16:32.0483 1872	FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:16:32.0585 1872	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:16:32.0585 1872	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:16:32.0601 1872	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:32.0632 1872	flpydisk - ok
17:16:32.0889 1872	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:16:32.0938 1872	FltMgr - ok
17:16:33.0262 1872	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:16:33.0345 1872	FontCache - ok
17:16:33.0541 1872	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:16:33.0561 1872	FontCache3.0.0.0 - ok
17:16:33.0672 1872	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:16:33.0690 1872	FsDepends - ok
17:16:33.0741 1872	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:16:33.0776 1872	Fs_Rec - ok
17:16:33.0833 1872	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:16:33.0857 1872	fvevol - ok
17:16:33.0908 1872	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:16:33.0929 1872	gagp30kx - ok
17:16:34.0205 1872	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:16:34.0359 1872	gpsvc - ok
17:16:34.0755 1872	Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
17:16:34.0797 1872	Greg_Service - ok
17:16:34.0899 1872	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:34.0916 1872	gupdate - ok
17:16:34.0956 1872	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:16:34.0966 1872	gupdatem - ok
17:16:35.0003 1872	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:16:35.0021 1872	gusvc - ok
17:16:35.0298 1872	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:16:35.0366 1872	hcw85cir - ok
17:16:35.0471 1872	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:16:35.0505 1872	HdAudAddService - ok
17:16:35.0573 1872	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:16:35.0632 1872	HDAudBus - ok
17:16:35.0718 1872	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:16:35.0752 1872	HidBatt - ok
17:16:35.0760 1872	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:16:35.0798 1872	HidBth - ok
17:16:35.0803 1872	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:16:35.0843 1872	HidIr - ok
17:16:35.0914 1872	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:16:36.0011 1872	hidserv - ok
17:16:36.0090 1872	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:16:36.0112 1872	HidUsb - ok
17:16:36.0158 1872	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:16:36.0222 1872	hkmsvc - ok
17:16:36.0440 1872	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:16:36.0517 1872	HomeGroupListener - ok
17:16:36.0567 1872	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:16:36.0618 1872	HomeGroupProvider - ok
17:16:37.0016 1872	hpqcxs08        (08457d8f8149757c70cea59c71ec5d27) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:16:37.0093 1872	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:16:37.0093 1872	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:16:37.0116 1872	hpqddsvc        (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:16:37.0124 1872	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:16:37.0124 1872	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:16:37.0199 1872	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:16:37.0216 1872	HpSAMD - ok
17:16:37.0533 1872	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:16:37.0651 1872	HTTP - ok
17:16:37.0768 1872	hwdatacard      (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:16:37.0815 1872	hwdatacard - ok
17:16:37.0854 1872	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:16:37.0874 1872	hwpolicy - ok
17:16:37.0967 1872	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:16:37.0981 1872	i8042prt - ok
17:16:38.0398 1872	IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:16:38.0434 1872	IAANTMON - ok
17:16:38.0787 1872	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
17:16:38.0811 1872	iaStor - ok
17:16:38.0902 1872	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:16:38.0935 1872	iaStorV - ok
17:16:39.0477 1872	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:16:39.0539 1872	idsvc - ok
17:16:41.0046 1872	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:16:41.0299 1872	igfx - ok
17:16:41.0615 1872	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:16:41.0644 1872	iirsp - ok
17:16:42.0086 1872	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:16:42.0200 1872	IKEEXT - ok
17:16:42.0235 1872	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:16:42.0247 1872	intelide - ok
17:16:42.0283 1872	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:16:42.0312 1872	intelppm - ok
17:16:42.0360 1872	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:16:42.0408 1872	IPBusEnum - ok
17:16:42.0481 1872	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:42.0548 1872	IpFilterDriver - ok
17:16:42.0687 1872	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:16:42.0794 1872	iphlpsvc - ok
17:16:42.0884 1872	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:16:42.0924 1872	IPMIDRV - ok
17:16:42.0972 1872	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:16:43.0060 1872	IPNAT - ok
17:16:43.0091 1872	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:16:43.0125 1872	IRENUM - ok
17:16:43.0170 1872	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:16:43.0182 1872	isapnp - ok
17:16:43.0239 1872	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:16:43.0257 1872	iScsiPrt - ok
17:16:43.0327 1872	k57nd60a        (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:16:43.0340 1872	k57nd60a - ok
17:16:43.0467 1872	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:16:43.0488 1872	kbdclass - ok
17:16:43.0588 1872	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:16:43.0610 1872	kbdhid - ok
17:16:43.0695 1872	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:43.0717 1872	KeyIso - ok
17:16:43.0805 1872	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:16:43.0829 1872	KSecDD - ok
17:16:43.0916 1872	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:16:43.0941 1872	KSecPkg - ok
17:16:43.0989 1872	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:16:44.0044 1872	ksthunk - ok
17:16:44.0091 1872	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:16:44.0170 1872	KtmRm - ok
17:16:44.0204 1872	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
17:16:44.0236 1872	L1E - ok
17:16:44.0277 1872	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:16:44.0350 1872	LanmanServer - ok
17:16:44.0454 1872	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:16:44.0547 1872	LanmanWorkstation - ok
17:16:44.0598 1872	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:16:44.0646 1872	lltdio - ok
17:16:44.0680 1872	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:16:44.0772 1872	lltdsvc - ok
17:16:44.0799 1872	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:16:44.0836 1872	lmhosts - ok
17:16:44.0902 1872	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:16:44.0920 1872	LSI_FC - ok
17:16:44.0930 1872	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:16:44.0945 1872	LSI_SAS - ok
17:16:44.0952 1872	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:16:44.0967 1872	LSI_SAS2 - ok
17:16:44.0976 1872	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:16:44.0990 1872	LSI_SCSI - ok
17:16:45.0010 1872	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:16:45.0063 1872	luafv - ok
17:16:45.0156 1872	massfilter      (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
17:16:45.0193 1872	massfilter - ok
17:16:45.0251 1872	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:16:45.0317 1872	Mcx2Svc - ok
17:16:45.0340 1872	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:16:45.0353 1872	megasas - ok
17:16:45.0370 1872	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:16:45.0388 1872	MegaSR - ok
17:16:45.0415 1872	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:16:45.0465 1872	MMCSS - ok
17:16:45.0532 1872	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:16:45.0611 1872	Modem - ok
17:16:45.0640 1872	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:16:45.0672 1872	monitor - ok
17:16:45.0747 1872	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:16:45.0768 1872	mouclass - ok
17:16:45.0806 1872	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:16:45.0877 1872	mouhid - ok
17:16:45.0957 1872	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:16:45.0980 1872	mountmgr - ok
17:16:46.0161 1872	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:16:46.0253 1872	mpio - ok
17:16:46.0275 1872	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:16:46.0377 1872	mpsdrv - ok
17:16:46.0998 1872	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:16:47.0101 1872	MpsSvc - ok
17:16:47.0207 1872	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:16:47.0275 1872	MRxDAV - ok
17:16:47.0327 1872	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:47.0381 1872	mrxsmb - ok
17:16:47.0450 1872	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:47.0494 1872	mrxsmb10 - ok
17:16:47.0508 1872	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:47.0545 1872	mrxsmb20 - ok
17:16:47.0614 1872	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:16:47.0634 1872	msahci - ok
17:16:47.0748 1872	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:16:47.0774 1872	msdsm - ok
17:16:47.0828 1872	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:16:47.0874 1872	MSDTC - ok
17:16:47.0947 1872	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:16:47.0998 1872	Msfs - ok
17:16:48.0035 1872	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:16:48.0095 1872	mshidkmdf - ok
17:16:48.0142 1872	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:16:48.0164 1872	msisadrv - ok
17:16:48.0212 1872	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:16:48.0253 1872	MSiSCSI - ok
17:16:48.0256 1872	msiserver - ok
17:16:48.0302 1872	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:16:48.0370 1872	MSKSSRV - ok
17:16:48.0383 1872	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:48.0437 1872	MSPCLOCK - ok
17:16:48.0455 1872	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:16:48.0502 1872	MSPQM - ok
17:16:48.0715 1872	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:16:48.0771 1872	MsRPC - ok
17:16:48.0823 1872	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:16:48.0835 1872	mssmbios - ok
17:16:49.0010 1872	MSSQL$MSSMLBIZ - ok
17:16:49.0102 1872	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:16:49.0120 1872	MSSQLServerADHelper - ok
17:16:49.0174 1872	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:16:49.0350 1872	MSTEE - ok
17:16:49.0376 1872	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:16:49.0402 1872	MTConfig - ok
17:16:49.0441 1872	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:16:49.0454 1872	Mup - ok
17:16:49.0686 1872	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:16:50.0028 1872	napagent - ok
17:16:50.0104 1872	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:16:50.0150 1872	NativeWifiP - ok
17:16:50.0228 1872	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:16:50.0259 1872	NDIS - ok
17:16:50.0288 1872	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:16:50.0342 1872	NdisCap - ok
17:16:50.0365 1872	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:50.0413 1872	NdisTapi - ok
17:16:50.0472 1872	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:50.0530 1872	Ndisuio - ok
17:16:50.0578 1872	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:50.0647 1872	NdisWan - ok
17:16:50.0684 1872	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:16:50.0736 1872	NDProxy - ok
17:16:50.0904 1872	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:16:50.0942 1872	Nero BackItUp Scheduler 4.0 - ok
17:16:51.0006 1872	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:16:51.0025 1872	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:16:51.0025 1872	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:16:51.0050 1872	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:16:51.0101 1872	NetBIOS - ok
17:16:51.0151 1872	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:16:51.0210 1872	NetBT - ok
17:16:51.0281 1872	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:51.0303 1872	Netlogon - ok
17:16:51.0357 1872	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:16:51.0435 1872	Netman - ok
17:16:51.0466 1872	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:16:51.0525 1872	netprofm - ok
17:16:51.0579 1872	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:16:51.0598 1872	NetTcpPortSharing - ok
17:16:52.0230 1872	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:16:52.0458 1872	NETw5s64 - ok
17:16:53.0101 1872	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:16:53.0282 1872	netw5v64 - ok
17:16:53.0423 1872	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:16:53.0440 1872	nfrd960 - ok
17:16:53.0502 1872	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:16:53.0559 1872	NlaSvc - ok
17:16:53.0673 1872	NMSAccess       (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
17:16:53.0688 1872	NMSAccess - ok
17:16:53.0745 1872	nmwcd           (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
17:16:53.0787 1872	nmwcd - ok
17:16:53.0841 1872	nmwcdc          (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
17:16:53.0868 1872	nmwcdc - ok
17:16:53.0939 1872	nmwcdnsucx64    (697ca586209e022d15dd0c838b235d6a) C:\Windows\system32\drivers\nmwcdnsucx64.sys
17:16:53.0983 1872	nmwcdnsucx64 - ok
17:16:54.0004 1872	nmwcdnsux64     (292ddf13f91f2cb2482b57aacd6aeb9b) C:\Windows\system32\drivers\nmwcdnsux64.sys
17:16:54.0039 1872	nmwcdnsux64 - ok
17:16:54.0076 1872	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:16:54.0114 1872	Npfs - ok
17:16:54.0147 1872	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:16:54.0204 1872	nsi - ok
17:16:54.0220 1872	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:16:54.0266 1872	nsiproxy - ok
17:16:54.0370 1872	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:16:54.0423 1872	Ntfs - ok
17:16:54.0487 1872	NTGUARD         (be703961c6ffe6b8fa2e158ca94f41dc) C:\Program Files (x86)\aonInternetSchutz\bin\ntguard_x64.sys
17:16:54.0504 1872	NTGUARD - ok
17:16:54.0552 1872	NTI IScheduleSvc (70e3eb0cef795d348f05e5a9b115f491) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:16:54.0566 1872	NTI IScheduleSvc - ok
17:16:54.0673 1872	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
17:16:54.0691 1872	NTIDrvr - ok
17:16:54.0716 1872	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:16:54.0764 1872	Null - ok
17:16:54.0802 1872	NVHDA           (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
17:16:54.0811 1872	NVHDA - ok
17:16:55.0436 1872	nvlddmkm        (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:16:55.0626 1872	nvlddmkm - ok
17:16:55.0781 1872	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:16:55.0805 1872	nvraid - ok
17:16:55.0831 1872	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:16:55.0846 1872	nvstor - ok
17:16:55.0920 1872	nvsvc           (c1668d58547dd0c4a0fbd6afa20d5890) C:\Windows\system32\nvvsvc.exe
17:16:55.0948 1872	nvsvc - ok
17:16:55.0974 1872	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:16:55.0989 1872	nv_agp - ok
17:16:56.0071 1872	OberonGameConsoleService (3cdd83c8d838c04009b3871274b97d36) C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
17:16:56.0085 1872	OberonGameConsoleService - ok
17:16:56.0187 1872	OcHealthMon     (35f177825e8680bfa0f1432116603fce) C:\Program Files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe
17:16:56.0208 1872	OcHealthMon - ok
17:16:56.0340 1872	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:16:56.0366 1872	odserv - ok
17:16:56.0408 1872	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:16:56.0436 1872	ohci1394 - ok
17:16:56.0489 1872	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:56.0511 1872	ose - ok
17:16:56.0558 1872	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:56.0591 1872	p2pimsvc - ok
17:16:56.0628 1872	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:16:56.0649 1872	p2psvc - ok
17:16:56.0674 1872	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:16:56.0689 1872	Parport - ok
17:16:56.0734 1872	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:16:56.0756 1872	partmgr - ok
17:16:56.0789 1872	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:16:56.0821 1872	PcaSvc - ok
17:16:56.0867 1872	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:16:56.0904 1872	pccsmcfd - ok
17:16:56.0942 1872	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:16:56.0958 1872	pci - ok
17:16:56.0968 1872	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:16:56.0981 1872	pciide - ok
17:16:57.0024 1872	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:16:57.0041 1872	pcmcia - ok
17:16:57.0059 1872	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:16:57.0073 1872	pcw - ok
17:16:57.0109 1872	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:16:57.0185 1872	PEAUTH - ok
17:16:57.0260 1872	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:16:57.0311 1872	PerfHost - ok
17:16:57.0421 1872	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:16:57.0511 1872	pla - ok
17:16:57.0612 1872	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:16:57.0643 1872	PlugPlay - ok
17:16:57.0732 1872	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:16:57.0755 1872	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:16:57.0755 1872	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:16:57.0793 1872	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:16:57.0830 1872	PNRPAutoReg - ok
17:16:57.0869 1872	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:57.0886 1872	PNRPsvc - ok
17:16:57.0936 1872	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:16:57.0989 1872	PolicyAgent - ok
17:16:58.0035 1872	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:16:58.0089 1872	Power - ok
17:16:58.0162 1872	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:16:58.0211 1872	PptpMiniport - ok
17:16:58.0235 1872	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:16:58.0258 1872	Processor - ok
17:16:58.0295 1872	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:16:58.0329 1872	ProfSvc - ok
17:16:58.0357 1872	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:58.0370 1872	ProtectedStorage - ok
17:16:58.0411 1872	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:16:58.0468 1872	Psched - ok
17:16:58.0519 1872	PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
17:16:58.0529 1872	PxHlpa64 - ok
17:16:58.0627 1872	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:16:58.0680 1872	ql2300 - ok
17:16:58.0819 1872	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:16:58.0838 1872	ql40xx - ok
17:16:58.0864 1872	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:16:58.0886 1872	QWAVE - ok
17:16:58.0901 1872	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:16:58.0939 1872	QWAVEdrv - ok
17:16:58.0943 1872	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:16:58.0988 1872	RasAcd - ok
17:16:59.0027 1872	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:16:59.0066 1872	RasAgileVpn - ok
17:16:59.0082 1872	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:16:59.0142 1872	RasAuto - ok
17:16:59.0188 1872	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:59.0241 1872	Rasl2tp - ok
17:16:59.0294 1872	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:16:59.0336 1872	RasMan - ok
17:16:59.0372 1872	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:59.0421 1872	RasPppoe - ok
17:16:59.0440 1872	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:16:59.0489 1872	RasSstp - ok
17:16:59.0542 1872	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:16:59.0595 1872	rdbss - ok
17:16:59.0610 1872	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:16:59.0636 1872	rdpbus - ok
17:16:59.0664 1872	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:59.0702 1872	RDPCDD - ok
17:16:59.0728 1872	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:16:59.0766 1872	RDPENCDD - ok
17:16:59.0780 1872	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:16:59.0816 1872	RDPREFMP - ok
17:16:59.0860 1872	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:16:59.0875 1872	RDPWD - ok
17:16:59.0930 1872	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:16:59.0946 1872	rdyboost - ok
17:17:00.0043 1872	Registry        (3a3685e4c15a790a3e714ba1c2122f4a) C:\Program Files (x86)\Common Files\Sage KHK Shared\REGISTRY.EXE
17:17:00.0047 1872	Registry ( UnsignedFile.Multi.Generic ) - warning
17:17:00.0047 1872	Registry - detected UnsignedFile.Multi.Generic (1)
17:17:00.0073 1872	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:17:00.0125 1872	RemoteAccess - ok
17:17:00.0148 1872	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:17:00.0199 1872	RemoteRegistry - ok
17:17:00.0205 1872	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:17:00.0244 1872	RpcEptMapper - ok
17:17:00.0260 1872	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:17:00.0290 1872	RpcLocator - ok
17:17:00.0349 1872	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:17:00.0391 1872	RpcSs - ok
17:17:00.0428 1872	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:17:00.0472 1872	rspndr - ok
17:17:00.0523 1872	RSUSBSTOR       (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
17:17:00.0536 1872	RSUSBSTOR - ok
17:17:00.0543 1872	RtsUIR - ok
17:17:00.0663 1872	SageDeploymentService (c3b35487cfb25357d313625a691e1200) C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe
17:17:00.0688 1872	SageDeploymentService - ok
17:17:00.0726 1872	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:00.0748 1872	SamSs - ok
17:17:00.0794 1872	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:17:00.0808 1872	sbp2port - ok
17:17:00.0842 1872	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:17:00.0900 1872	SCardSvr - ok
17:17:00.0936 1872	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:17:00.0979 1872	scfilter - ok
17:17:01.0101 1872	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:17:01.0202 1872	Schedule - ok
17:17:01.0240 1872	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:17:01.0277 1872	SCPolicySvc - ok
17:17:01.0321 1872	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:17:01.0361 1872	SDRSVC - ok
17:17:01.0429 1872	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:17:01.0504 1872	secdrv - ok
17:17:01.0543 1872	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:17:01.0593 1872	seclogon - ok
17:17:01.0624 1872	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:17:01.0678 1872	SENS - ok
17:17:01.0695 1872	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:17:01.0723 1872	SensrSvc - ok
17:17:01.0753 1872	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:17:01.0767 1872	Serenum - ok
17:17:01.0797 1872	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:17:01.0825 1872	Serial - ok
17:17:01.0857 1872	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:17:01.0885 1872	sermouse - ok
17:17:02.0026 1872	ServiceLayer    (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:17:02.0054 1872	ServiceLayer - ok
17:17:02.0102 1872	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:17:02.0148 1872	SessionEnv - ok
17:17:02.0190 1872	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:17:02.0219 1872	sffdisk - ok
17:17:02.0238 1872	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:17:02.0266 1872	sffp_mmc - ok
17:17:02.0281 1872	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:17:02.0306 1872	sffp_sd - ok
17:17:02.0335 1872	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:17:02.0364 1872	sfloppy - ok
17:17:02.0403 1872	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:17:02.0454 1872	SharedAccess - ok
17:17:02.0510 1872	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:17:02.0565 1872	ShellHWDetection - ok
17:17:02.0592 1872	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:17:02.0605 1872	SiSRaid2 - ok
17:17:02.0625 1872	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:17:02.0639 1872	SiSRaid4 - ok
17:17:02.0752 1872	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:17:02.0768 1872	SkypeUpdate - ok
17:17:02.0776 1872	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:17:02.0815 1872	Smb - ok
17:17:02.0862 1872	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:17:02.0885 1872	SNMPTRAP - ok
17:17:02.0911 1872	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:17:02.0924 1872	spldr - ok
17:17:03.0009 1872	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:17:03.0071 1872	Spooler - ok
17:17:03.0409 1872	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:17:03.0527 1872	sppsvc - ok
17:17:03.0666 1872	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:17:03.0752 1872	sppuinotify - ok
17:17:03.0866 1872	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:17:03.0888 1872	SQLBrowser - ok
17:17:03.0965 1872	SQLWriter       (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:17:03.0985 1872	SQLWriter - ok
17:17:04.0065 1872	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:17:04.0092 1872	srv - ok
17:17:04.0145 1872	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:17:04.0172 1872	srv2 - ok
17:17:04.0218 1872	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:17:04.0235 1872	SrvHsfHDA - ok
17:17:04.0319 1872	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:17:04.0365 1872	SrvHsfV92 - ok
17:17:04.0511 1872	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:17:04.0550 1872	SrvHsfWinac - ok
17:17:04.0594 1872	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:17:04.0622 1872	srvnet - ok
17:17:04.0665 1872	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:17:04.0717 1872	SSDPSRV - ok
17:17:04.0738 1872	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:17:04.0777 1872	SstpSvc - ok
17:17:04.0808 1872	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
17:17:04.0811 1872	StarOpen ( UnsignedFile.Multi.Generic ) - warning
17:17:04.0811 1872	StarOpen - detected UnsignedFile.Multi.Generic (1)
17:17:04.0840 1872	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:17:04.0853 1872	stexstor - ok
17:17:04.0909 1872	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:17:04.0942 1872	StillCam - ok
17:17:05.0014 1872	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:17:05.0049 1872	stisvc - ok
17:17:05.0090 1872	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:17:05.0103 1872	swenum - ok
17:17:05.0153 1872	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:17:05.0211 1872	swprv - ok
17:17:05.0320 1872	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:17:05.0381 1872	SysMain - ok
17:17:05.0492 1872	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:17:05.0524 1872	TabletInputService - ok
17:17:05.0556 1872	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:17:05.0620 1872	TapiSrv - ok
17:17:05.0657 1872	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:17:05.0706 1872	TBS - ok
17:17:05.0915 1872	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:17:05.0968 1872	Tcpip - ok
17:17:06.0188 1872	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:17:06.0231 1872	TCPIP6 - ok
17:17:06.0382 1872	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:17:06.0450 1872	tcpipreg - ok
17:17:06.0489 1872	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:17:06.0501 1872	TDPIPE - ok
17:17:06.0535 1872	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:17:06.0561 1872	TDTCP - ok
17:17:06.0619 1872	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:17:06.0679 1872	tdx - ok
17:17:06.0747 1872	TeamViewer5     (d91cb8a2d5a0f60e53eb7a0b0bc2e0f0) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
17:17:06.0761 1872	TeamViewer5 - ok
17:17:06.0803 1872	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:17:06.0824 1872	TermDD - ok
17:17:06.0866 1872	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:17:06.0937 1872	TermService - ok
17:17:06.0970 1872	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:17:06.0997 1872	Themes - ok
17:17:07.0026 1872	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:17:07.0065 1872	THREADORDER - ok
17:17:07.0136 1872	TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
17:17:07.0149 1872	TomTomHOMEService - ok
17:17:07.0197 1872	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:17:07.0249 1872	TrkWks - ok
17:17:07.0320 1872	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:17:07.0387 1872	TrustedInstaller - ok
17:17:07.0457 1872	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:17:07.0502 1872	tssecsrv - ok
17:17:07.0554 1872	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:17:07.0583 1872	TsUsbFlt - ok
17:17:07.0650 1872	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:17:07.0713 1872	tunnel - ok
17:17:07.0744 1872	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:17:07.0758 1872	uagp35 - ok
17:17:07.0783 1872	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
17:17:07.0792 1872	UBHelper - ok
17:17:07.0851 1872	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:17:07.0902 1872	udfs - ok
17:17:07.0958 1872	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:17:07.0973 1872	UI0Detect - ok
17:17:08.0022 1872	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:17:08.0035 1872	uliagpkx - ok
17:17:08.0088 1872	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:17:08.0122 1872	umbus - ok
17:17:08.0142 1872	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:17:08.0173 1872	UmPass - ok
17:17:08.0261 1872	Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
17:17:08.0282 1872	Updater Service - ok
17:17:08.0337 1872	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:17:08.0439 1872	upnphost - ok
17:17:08.0511 1872	upperdev        (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:17:08.0554 1872	upperdev - ok
17:17:08.0593 1872	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:17:08.0619 1872	usbccgp - ok
17:17:08.0623 1872	USBCCID - ok
17:17:08.0672 1872	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:17:08.0689 1872	usbcir - ok
17:17:08.0711 1872	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:17:08.0736 1872	usbehci - ok
17:17:08.0780 1872	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:17:08.0809 1872	usbhub - ok
17:17:08.0826 1872	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:17:08.0854 1872	usbohci - ok
17:17:08.0876 1872	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:17:08.0904 1872	usbprint - ok
17:17:08.0935 1872	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:17:08.0951 1872	usbscan - ok
17:17:09.0017 1872	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
17:17:09.0042 1872	usbser - ok
17:17:09.0106 1872	UsbserFilt      (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
17:17:09.0162 1872	UsbserFilt - ok
17:17:09.0188 1872	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:17:09.0218 1872	USBSTOR - ok
17:17:09.0228 1872	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:17:09.0255 1872	usbuhci - ok
17:17:09.0337 1872	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:17:09.0384 1872	usbvideo - ok
17:17:09.0403 1872	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:17:09.0456 1872	UxSms - ok
17:17:09.0491 1872	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:17:09.0504 1872	VaultSvc - ok
17:17:09.0547 1872	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:17:09.0560 1872	vdrvroot - ok
17:17:09.0617 1872	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:17:09.0678 1872	vds - ok
17:17:09.0719 1872	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:17:09.0736 1872	vga - ok
17:17:09.0755 1872	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:17:09.0802 1872	VgaSave - ok
17:17:09.0852 1872	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:17:09.0868 1872	vhdmp - ok
17:17:09.0909 1872	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:17:09.0922 1872	viaide - ok
17:17:09.0971 1872	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:17:09.0984 1872	volmgr - ok
17:17:10.0037 1872	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:17:10.0055 1872	volmgrx - ok
17:17:10.0079 1872	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:17:10.0097 1872	volsnap - ok
17:17:10.0129 1872	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:17:10.0145 1872	vsmraid - ok
17:17:10.0250 1872	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:17:10.0319 1872	VSS - ok
17:17:10.0442 1872	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:17:10.0482 1872	vwifibus - ok
17:17:10.0507 1872	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:17:10.0542 1872	vwififlt - ok
17:17:10.0600 1872	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:17:10.0643 1872	W32Time - ok
17:17:10.0662 1872	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:17:10.0690 1872	WacomPen - ok
17:17:10.0744 1872	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:10.0799 1872	WANARP - ok
17:17:10.0803 1872	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:17:10.0840 1872	Wanarpv6 - ok
17:17:11.0026 1872	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:17:11.0076 1872	WatAdminSvc - ok
17:17:11.0172 1872	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:17:11.0245 1872	wbengine - ok
17:17:11.0405 1872	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:17:11.0437 1872	WbioSrvc - ok
17:17:11.0493 1872	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:17:11.0537 1872	wcncsvc - ok
17:17:11.0557 1872	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:17:11.0571 1872	WcsPlugInService - ok
17:17:11.0599 1872	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:17:11.0611 1872	Wd - ok
17:17:11.0652 1872	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:17:11.0677 1872	Wdf01000 - ok
17:17:11.0693 1872	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:17:11.0726 1872	WdiServiceHost - ok
17:17:11.0729 1872	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:17:11.0750 1872	WdiSystemHost - ok
17:17:11.0794 1872	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:17:11.0824 1872	WebClient - ok
17:17:11.0863 1872	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:17:11.0924 1872	Wecsvc - ok
17:17:11.0945 1872	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:17:11.0984 1872	wercplsupport - ok
17:17:12.0018 1872	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:17:12.0065 1872	WerSvc - ok
17:17:12.0141 1872	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:17:12.0203 1872	WfpLwf - ok
17:17:12.0219 1872	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:17:12.0232 1872	WIMMount - ok
17:17:12.0263 1872	WinDefend - ok
17:17:12.0274 1872	WinHttpAutoProxySvc - ok
17:17:12.0350 1872	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:17:12.0403 1872	Winmgmt - ok
17:17:12.0527 1872	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:17:12.0601 1872	WinRM - ok
17:17:12.0800 1872	winss           (65040b6a858b07a87ed8afca7b7345df) C:\Program Files (x86)\Microsoft Windows OneCare Live\winss.exe
17:17:12.0844 1872	winss - ok
17:17:13.0001 1872	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:17:13.0030 1872	WinUsb - ok
17:17:13.0090 1872	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:17:13.0138 1872	Wlansvc - ok
17:17:13.0192 1872	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:17:13.0219 1872	WmiAcpi - ok
17:17:13.0294 1872	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:17:13.0328 1872	wmiApSrv - ok
17:17:13.0361 1872	WMPNetworkSvc - ok
17:17:13.0387 1872	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:17:13.0406 1872	WPCSvc - ok
17:17:13.0456 1872	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:17:13.0478 1872	WPDBusEnum - ok
17:17:13.0504 1872	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:17:13.0552 1872	ws2ifsl - ok
17:17:13.0569 1872	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:17:13.0603 1872	wscsvc - ok
17:17:13.0660 1872	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:17:13.0698 1872	WSDPrintDevice - ok
17:17:13.0704 1872	WSearch - ok
17:17:13.0843 1872	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:17:13.0945 1872	wuauserv - ok
17:17:14.0073 1872	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:17:14.0139 1872	WudfPf - ok
17:17:14.0186 1872	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:17:14.0224 1872	WUDFRd - ok
17:17:14.0272 1872	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:17:14.0311 1872	wudfsvc - ok
17:17:14.0348 1872	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:17:14.0379 1872	WwanSvc - ok
17:17:14.0401 1872	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:17:14.0838 1872	\Device\Harddisk0\DR0 - ok
17:17:14.0843 1872	Boot (0x1200)   (92db151f95d59c7d7a04bebe9798dc50) \Device\Harddisk0\DR0\Partition0
17:17:14.0845 1872	\Device\Harddisk0\DR0\Partition0 - ok
17:17:14.0882 1872	Boot (0x1200)   (5cf601bae2b86dee4b385173ace02c59) \Device\Harddisk0\DR0\Partition1
17:17:14.0884 1872	\Device\Harddisk0\DR0\Partition1 - ok
17:17:14.0885 1872	============================================================
17:17:14.0885 1872	Scan finished
17:17:14.0885 1872	============================================================
17:17:14.0909 5412	Detected object count: 7
17:17:14.0909 5412	Actual detected object count: 7
17:18:10.0402 5412	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0402 5412	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0403 5412	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0403 5412	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0405 5412	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0406 5412	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0407 5412	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0408 5412	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0410 5412	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0410 5412	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0412 5412	Registry ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0412 5412	Registry ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:18:10.0414 5412	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
17:18:10.0414 5412	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Danke und lg Daniel

Alt 24.06.2012, 15:27   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.06.2012, 19:30   #15
spycob
 
Verschlüsselungstrojaner - Standard

Verschlüsselungstrojaner



Hi Cosinus.

Anbei das Combofix Log:
Code:
ATTFilter
ComboFix 12-06-24.03 - diatrade 24.06.2012  19:42:26.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4091.2512 [GMT 2:00]
ausgeführt von:: c:\users\diatrade\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-24 bis 2012-06-24  ))))))))))))))))))))))))))))))
.
.
2012-06-24 17:54 . 2012-06-24 17:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-24 17:40 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-24 17:40 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-24 17:40 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-24 17:40 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-24 17:39 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-24 17:39 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-24 17:39 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-24 17:39 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-24 17:39 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-22 15:14 . 2012-05-31 04:04	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{19CB39F8-25EE-41CE-9F0D-DE900577AB22}\mpengine.dll
2012-06-18 16:17 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-18 16:17 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-18 16:17 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-18 16:17 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-18 16:17 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-18 16:17 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-18 16:17 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-18 16:17 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-18 16:16 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-18 16:16 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-18 16:16 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-18 16:16 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-18 16:16 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-18 16:16 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-18 16:16 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-18 16:16 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-18 16:16 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-18 16:09 . 2012-06-18 16:09	--------	d-----w-	C:\_OTL
2012-06-03 13:19 . 2012-06-03 13:19	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-30 19:03 . 2012-05-30 19:03	--------	d-----w-	c:\program files (x86)\ESET
2012-05-28 09:24 . 2012-05-28 09:24	--------	d-----w-	C:\_logs
2012-05-28 08:11 . 2012-05-28 08:11	--------	d-----w-	c:\users\diatrade\AppData\Roaming\Malwarebytes
2012-05-28 08:11 . 2012-05-28 08:11	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-28 08:11 . 2012-05-28 08:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-28 08:11 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 18:10 . 2012-04-11 04:59	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-20 18:10 . 2011-10-23 06:18	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 06:44 . 2012-04-11 05:44	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-12 02:08	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-11-09 1519743]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-06 273528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SiteRanker"="c:\program files (x86)\SiteRanker\SiteRankTray.exe" [2012-03-21 320000]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
.
c:\users\diatrade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTGUARD]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 257696]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 NTGUARD;NTGUARD;c:\program files (x86)\aonInternetSchutz\bin\ntguard_x64.sys [2011-11-07 36816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 24x7HelpSvc;24x7HelpService;c:\program files (x86)\24x7Help\App24x7Svc.exe [2012-04-12 394352]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files (x86)\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-11-02 26120]
S2 Registry;Sage Registrierungsdienst;c:\program files (x86)\Common Files\Sage KHK Shared\REGISTRY.EXE [2009-03-04 86016]
S2 SageDeploymentService;Sage Verteilungsdienst;c:\program files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [2011-05-31 424088]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:10]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 21:09]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80772&lng=de
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c07&m=easynote_tj65&r=27360410i0c6l0460z1j5f44m1u775
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\diatrade\AppData\Roaming\Mozilla\Firefox\Profiles\2349j4i4.default\
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: AppGraffiti: AppGraffiti@AppGraffiti.com - %profile%\extensions\AppGraffiti@AppGraffiti.com
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: fe_3.6@nokia.com - c:\program files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
FF - Ext: SiteRanker: siteranker@siteranker.com - c:\program files (x86)\SiteRanker\firefox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-wintn - c:\users\diatrade\AppData\Roaming\wintn.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe
c:\program files (x86)\Microsoft Windows OneCare Live\winss.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-24  20:09:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-24 18:09
.
Vor Suchlauf: 12 Verzeichnis(se), 211.172.573.184 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 219.720.077.312 Bytes frei
.
- - End Of File - - 0FF454587A06E9A17AFE246A47B75993
         
Vielen Dank.

Liebe Grüße
Daniel

Antwort

Themen zu Verschlüsselungstrojaner
7-zip, autorun, bho, bildschirm, cdburnerxp, dateisystem, error, excel, fehler, festplatte, firefox, flash player, format, help, heuristiks/extra, heuristiks/shuriken, home, iexplore.exe, install.exe, intranet, launch, logfile, microsoft office 2003, microsoft office word, mozilla, office 2007, officejet, packard bell, realtek, richtlinie, rundll, scan, searchscopes, security, server, software, starten, svchost.exe, trojaner, udp, usb 2.0, version=1.0, visual studio



Ähnliche Themen: Verschlüsselungstrojaner


  1. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 29.10.2012 (3)
  2. (2x) Verschlüsselungstrojaner
    Mülltonne - 27.10.2012 (1)
  3. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 21.08.2012 (23)
  4. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 15.08.2012 (1)
  5. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 30.07.2012 (1)
  6. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 27.07.2012 (1)
  7. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (1)
  8. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (21)
  9. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (3)
  10. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  11. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  12. Verschlüsselungstrojaner!
    Log-Analyse und Auswertung - 16.06.2012 (3)
  13. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 14.06.2012 (5)
  14. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  15. Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  16. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 24.05.2012 (1)
  17. Verschlüsselungstrojaner
    Log-Analyse und Auswertung - 03.05.2012 (8)

Zum Thema Verschlüsselungstrojaner - Hallo Community. Eine Freundin von mir hat sich auch diesen Trojaner eingefangen. Ich habe mal die gesamte Festplatte auf eine externe Festplatte kopiert um keine Daten zu verlieren/zerstören. Die Dateien - Verschlüsselungstrojaner...
Archiv
Du betrachtest: Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.